Infecté par un rootkit

mickportugais -  
 mickportugais -
Bonjour à tous ,

Je suis nouveau sur le forum , et j'ai un gros problème. En effet, une personne me nargue se vantant de connaitre tous mes mots de passes , ainsi que toutes les conversations, m'espionne en permanence etc... Il à réussi a les obtenir a l'aide d'un rootkit ,(qui selon moi se situe dans le system32) .Néanmoins aprés l'utilisation de plusieurs anti rootkit aucun n'a réussi a le détecter ; cette même personne est ingénieur réseaux confirmé. Et connais l'ensemble des failles confirmés de mon pc , j'ai vraiment besoin d'aide.
merci aux personnes qui ont pris le temps de me lire et de me répondre.

OS:Vista
Antivirus actif :Bit defender V10 et SPybot
Configuration: Windows Vista
Firefox 3.0.11

15 réponses

  1. mickportugais
     
    cet utilitaire m'a l'air pas mal du tout , il a trouvé trois executable bad a 100% , sauf qu'a chaque fois ou je demande la suppresion il ne se supprime pas et reviennent a chaque fois , meme en mode sans echec en decochant la restauration systeme , ils réaparraisent. Bref je te remercie de ton aide , meme si ma gratitude vaut pas grand chose lol.
    0
  2. Utilisateur anonyme
     
    bonsoir,

    il y a toujours la possibilité de les fixer avec hijackthis
    connais tu les noms des executables?
    fais un log de hijackthis et avec les noms, on les trouve et les tue sur le champ
    0
  3. fabul Messages postés 42164 Date d'inscription   Statut Modérateur Dernière intervention   6 066
     
    Je suis désolé si il n'est pas cappable d'effacer les coupables,as tu utilisé terminate et reboot now pour la suppression?

    normalement,il devrait effacer mème des fichiers difficiles a effacer a moin qu'ils ne soient bons.

    certains hackers au brésil avaient utilisé de ce système de façon trafiquée avec des commandes pour effacer des fichiers qu'une compagnie banquaire utilisait pour sécuriser leur clients.

    article de symantec:https://community.broadcom.com/home#M4559

    si ils ne sont pas effacés,ils ne sont peut ètre pas mauvais ou inutiles et restaurés?je n'en connais pas la raison.

    si tu pouvait poster la partie du log qui spécifie ce qu'il a trouvé.

    ce log est contenu dans tes doccuments rr2log ou quelque chose comme ça.
    0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. Utilisateur anonyme
     
    si ce logiciel les reconnait comme fichier légitime, il ne les effacera pas, il faut le effecer manuellement.
    on tente un truc si tu es d'accord
    puisqu'il ne s'agit pas completement d'un virus et peut être d'un programme pour détourner ta connexion, on l'ance un nettoyage de ton pc, puis verra ce que ça donne.

    1.Télécharges ComboFix à partir de ce lien :

    http://download.bleepingcomputer.com/sUBs/ComboFix.exe
    A lire
    https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
    Et important, enregistre le sur le bureau.

    Avant d'utiliser ComboFix :
    ► Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

    ► Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.

    Une fois fait, sur ton bureau double-clic sur Combofix.exe.

    - Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

    /!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

    - En fin de scan il est possible que ComboFix ait besoin de redémarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

    - Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

    ► Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

    ► Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

    2° Télécharge Malwarebytes' Anti-Malware: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    . sur la page cliques sur Télécharger Malwarebyte's Anti-Malware
    . enregistres le sur le bureau
    . Double cliques sur le fichier téléchargé pour lancer le processus d'installation.
    . Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
    . si le pare-feu demande l'autorisation de se connecter pour malwarebytes, acceptes
    . Une fois la mise à jour terminée,fermes Malwarebytes
    . redemarres en mode sans échec pour savoir comment au cas ou tu ne saurrais pas regarde plus bas
    . une fois en mode sans echec tu double-cliques sur l'icône de malwarebytes
    . une fois ouvert rend-toi dans l'onglet, Recherche
    . Sélectionnes Exécuter un examen complet
    . Cliques sur Rechercher
    . Le scan démarre.
    . A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés.
    . Cliques sur Ok pour poursuivre.
    . Si des malwares ont été détectés, cliques sur Afficher les résultats
    . Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
    . Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse.
    . redemarre le pc
    . une fois redémarré en mode normal double-cliques sur malwarebytes
    . rends toi dans l'onglet rapport/log
    . tu cliques dessus pour l'afficher une fois affiché
    . tu cliques sur edition en haut du boc notes,et puis sur sélectionner tous
    . tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
    . tu cliques droit dans le cadre de la reponse et coller

    Si tu as besoin d'aide regarde ce tutoriel :
    https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

    3.Désactivation/Réactivation de la restauration système

    Il est nécessaire de désactiver puis réactiver la restauration système pour la purger car les points de restauration peuvent être infectés :
    Pour XP : http://www.commentcamarche.net/faq/sujet 5097 virus system volume information
    Pour Vista : http://www.commentcamarche.net/faq/sujet 13214 desactiver reactiver la restauration systeme de vista
    0
  6. mickportugais
     
    voila j'ai lancé combofix , et dans les premieres secondes une fenetre c'est ouvertes informant que la dll suivante etait malicieuse : c:\windows\system32\sockspy.dll
    voici le fichier de log: (merci et bonne lecture :) )

    ComboFix 09-07-14.08 - carvalho 18/07/2009 19:12.1.4 - NTFSx86
    Microsoft® Windows Vista™ Édition Familiale Premium 6.0.6000.0.1252.33.1036.18.3070.1511 [GMT 2:00]
    Running from: c:\users\carvalho\Desktop\ComboFix.exe
    AV: Bitdefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
    FW: Bitdefender Firewall *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
    SP: BitDefender Antispyware *enabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
    SP: Spybot - Search and Destroy *disabled* (Outdated) {ED588FAF-1B8F-43B4-ACA8-8E3C85DADBE9}
    SP: Spyware Doctor *disabled* (Updated) {1C3EDD79-273E-46ac-99F8-EFA9E7CBC301}
    SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
    * Resident AV is active

    .
    The following files were disabled during the run:
    c:\windows\system32\sockspy.dll

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\$recycle.bin\S-1-5-21-1052327313-1294781821-2582782959-500
    c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
    c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
    c:\windows\Installer\2d7eff.msi

    ----- BITS: Possible infected sites -----

    hxxp://au.download.j+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J:Nj+|Cv
    .
    ((((((((((((((((((((((((( Files Created from 2009-06-18 to 2009-07-18 )))))))))))))))))))))))))))))))
    .

    2009-07-18 17:18 . 2009-07-18 17:18 -------- d-----w- c:\users\carvalho\AppData\Local\temp
    2009-07-18 09:29 . 2009-07-18 09:51 29584 ----a-w- c:\windows\system32\drivers\regguard.sys
    2009-07-18 09:29 . 2009-07-18 09:29 2 --shatr- c:\windows\winstart.bat
    2009-07-18 09:27 . 2009-07-18 09:27 34760 ----a-w- c:\windows\system32\drivers\Partizan.sys
    2009-07-18 09:27 . 2009-07-18 09:27 32480 ----a-w- c:\windows\system32\Partizan.exe
    2009-07-18 09:24 . 2008-12-22 15:04 444128 ----a-w- c:\windows\RunGuard.exe
    2009-07-18 09:24 . 2008-12-22 15:04 20192 ----a-w- c:\windows\WinBait.exe
    2009-07-18 09:24 . 2009-07-18 09:24 -------- d-----w- c:\program files\Greatis
    2009-07-17 17:48 . 2009-03-02 09:24 30136 ----a-w- c:\windows\system32\drivers\rspSanity32.sys
    2009-07-17 17:48 . 2009-07-17 17:48 -------- d-----w- c:\program files\SanityCheck
    2009-07-17 17:29 . 2008-08-25 10:36 81288 ----a-w- c:\windows\system32\drivers\iksyssec.sys
    2009-07-17 17:29 . 2008-08-25 10:36 66952 ----a-w- c:\windows\system32\drivers\iksysflt.sys
    2009-07-17 17:29 . 2008-08-25 10:36 40840 ----a-w- c:\windows\system32\drivers\ikfilesec.sys
    2009-07-17 17:29 . 2008-06-02 14:19 29576 ----a-w- c:\windows\system32\drivers\kcom.sys
    2009-07-17 17:28 . 2009-07-17 17:30 -------- d-----w- c:\program files\Spyware Doctor
    2009-07-17 17:28 . 2009-07-17 17:28 -------- d-----w- c:\users\carvalho\AppData\Roaming\PC Tools
    2009-07-17 15:45 . 2009-07-17 15:45 3775175 ----a-w- c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe
    2009-07-16 07:20 . 2009-07-16 07:20 -------- d-sh--w- c:\windows\system32\%APPDATA%
    2009-07-15 07:55 . 2009-06-15 15:29 156160 ----a-w- c:\windows\system32\t2embed.dll
    2009-07-15 07:55 . 2009-06-15 15:23 24064 ----a-w- c:\windows\system32\lpk.dll
    2009-07-15 07:55 . 2009-06-15 15:22 72704 ----a-w- c:\windows\system32\fontsub.dll
    2009-07-15 07:55 . 2009-06-15 15:21 10240 ----a-w- c:\windows\system32\dciman32.dll
    2009-07-15 07:55 . 2009-06-15 15:20 34304 ----a-w- c:\windows\system32\atmlib.dll
    2009-07-15 07:55 . 2009-06-15 13:03 289792 ----a-w- c:\windows\system32\atmfd.dll
    2009-07-12 20:11 . 2009-07-12 20:15 -------- d-----w- c:\program files\Railroad Tycoon II
    2009-07-12 20:11 . 1998-02-06 20:39 304128 ----a-w- c:\windows\unin040c.exe
    2009-06-29 14:12 . 2009-06-30 02:11 -------- d-----w- C:\53875633e9e5fc2cddcc6dcf
    2009-06-29 09:44 . 2008-06-20 01:17 97800 ----a-w- c:\windows\system32\infocardapi.dll
    2009-06-29 09:44 . 2008-06-20 01:18 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
    2009-06-29 09:44 . 2008-06-20 01:18 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
    2009-06-29 09:44 . 2008-06-20 01:17 622080 ----a-w- c:\windows\system32\icardagt.exe
    2009-06-29 09:44 . 2008-06-20 01:17 11264 ----a-w- c:\windows\system32\icardres.dll
    2009-06-29 09:44 . 2008-06-20 01:18 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
    2009-06-29 09:44 . 2008-06-20 01:18 326160 ----a-w- c:\windows\system32\PresentationHost.exe
    2009-06-29 09:37 . 2008-07-27 18:00 96760 ----a-w- c:\windows\system32\dfshim.dll
    2009-06-29 09:37 . 2008-07-27 18:00 282112 ----a-w- c:\windows\system32\mscoree.dll
    2009-06-29 09:37 . 2008-07-27 18:00 41984 ----a-w- c:\windows\system32\netfxperf.dll
    2009-06-29 09:37 . 2008-07-27 18:00 158720 ----a-w- c:\windows\system32\mscorier.dll
    2009-06-29 09:37 . 2008-07-27 18:00 83968 ----a-w- c:\windows\system32\mscories.dll
    2009-06-29 09:36 . 2009-05-09 05:34 71680 ----a-w- c:\windows\system32\iesetup.dll
    2009-06-29 09:36 . 2009-05-09 05:50 915456 ----a-w- c:\windows\system32\wininet.dll
    2009-06-20 14:53 . 2009-06-20 14:53 -------- d-----w- c:\program files\Xvid
    2009-06-20 14:53 . 2006-11-01 12:54 180224 ----a-w- c:\windows\system32\xvidvfw.dll
    2009-06-20 14:53 . 2006-11-01 12:52 765952 ----a-w- c:\windows\system32\xvidcore.dll
    2009-06-20 14:51 . 2009-06-20 14:51 -------- d-----w- c:\windows\system32\AGEIA
    2009-06-20 14:51 . 2009-06-20 14:51 -------- d-----w- c:\program files\AGEIA Technologies
    2009-06-20 14:50 . 2009-06-20 14:50 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
    2009-06-20 14:47 . 2009-06-20 14:47 -------- d-----w- c:\program files\Spellbound

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2009-07-18 17:15 . 2008-06-14 15:46 81984 ----a-w- c:\windows\system32\bdod.bin
    2009-07-18 09:54 . 2009-02-23 12:17 -------- d-----w- c:\program files\Steam
    2009-07-17 17:29 . 2009-02-18 18:42 -------- d-----w- c:\program files\Sophos
    2009-07-17 15:46 . 2009-02-20 10:08 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2009-07-16 07:21 . 2006-11-02 11:18 -------- d-----w- c:\program files\Windows Mail
    2009-07-16 07:21 . 2007-12-03 08:38 -------- d-----w- c:\programdata\Microsoft Help
    2009-07-13 14:54 . 2008-06-17 14:06 -------- d-----w- c:\program files\a-squared Free
    2009-07-13 11:36 . 2009-02-20 10:08 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2009-07-13 11:36 . 2009-02-20 10:08 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
    2009-07-09 13:43 . 2006-11-02 15:48 699984 ----a-w- c:\windows\system32\perfh00C.dat
    2009-07-09 13:43 . 2006-11-02 15:48 121814 ----a-w- c:\windows\system32\perfc00C.dat
    2009-07-02 21:00 . 2009-02-23 12:17 -------- d-----w- c:\program files\Common Files\Steam
    2009-06-29 10:47 . 2008-06-14 15:20 101784 ----a-w- c:\users\carvalho\AppData\Local\GDIPFONTCACHEV1.DAT
    2009-06-29 09:58 . 2007-12-03 08:40 -------- d-----w- c:\program files\Microsoft Works
    2009-06-21 17:18 . 2008-09-13 16:19 -------- d-----w- c:\users\carvalho\AppData\Roaming\Skype
    2009-06-21 16:22 . 2008-09-14 06:19 -------- d-----w- c:\users\carvalho\AppData\Roaming\skypePM
    2009-06-20 14:47 . 2007-12-03 08:34 -------- d--h--w- c:\program files\InstallShield Installation Information
    2009-06-18 16:08 . 2009-05-15 18:40 -------- d-----w- c:\users\carvalho\AppData\Roaming\Grand Ages Rome
    2009-06-09 19:03 . 2009-06-09 19:02 -------- d-----w- c:\program files\EasyPHP 2.0b1
    2009-05-20 15:28 . 2009-05-20 15:28 -------- d-----w- c:\users\carvalho\AppData\Roaming\DivX
    2009-04-30 12:52 . 2009-06-14 07:13 292352 ----a-w- c:\windows\system32\psisdecd.dll
    2009-04-30 12:44 . 2009-06-14 07:13 1244672 ----a-w- c:\windows\system32\mcmde.dll
    2009-04-30 12:42 . 2009-06-14 07:13 428032 ----a-w- c:\windows\system32\EncDec.dll
    2009-04-23 13:01 . 2009-06-11 19:50 788992 ----a-w- c:\windows\system32\rpcrt4.dll
    2009-04-23 12:56 . 2009-06-11 19:51 696832 ----a-w- c:\windows\system32\localspl.dll
    2009-04-21 12:04 . 2009-06-11 19:59 2028032 ----a-w- c:\windows\system32\win32k.sys
    2009-06-12 20:04 . 2008-08-31 11:35 134648 ----a-w- c:\program files\mozilla firefox\components\brwsrcmp.dll
    2009-02-24 19:34 . 2009-02-24 19:34 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-02-24 19:34 . 2009-02-24 19:34 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2008-06-16 1232896]
    "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
    "SpybotSD TeaTimer"="d:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
    "Steam"="c:\program files\steam\steam.exe" [2009-06-10 1217784]
    "Regrun2"="c:\progra~1\Greatis\REGRUN~1\WatchDog.exe" [2008-12-22 384224]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2007-12-03 1006264]
    "Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-09-07 326176]
    "eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-04-25 457216]
    "PCMMediaSharing"="c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe" [2007-06-21 204908]
    "WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
    "NVRaidService"="c:\windows\system32\nvraidservice.exe" [2007-12-07 196128]
    "Acer Tour Reminder"="c:\acer\AcerTour\Reminder.exe" [2007-08-01 151552]
    "BDMCon"="c:\program files\Softwin\BitDefender10\bdmcon.exe" [2009-01-16 290816]
    "BDAgent"="c:\program files\Softwin\BitDefender10\bdagent.exe" [2007-03-26 69632]
    "NvSvc"="c:\windows\system32\nvsvc.dll" [2007-11-06 86016]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-11-06 8530464]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-11-06 81920]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
    "TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-09-06 185896]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-09-06 413696]
    "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2006-11-02 215552]
    "MSConfig"="c:\windows\system32\msconfig.exe" [2006-11-02 222208]
    "RegRun WinBait"="c:\windows\winbait.exe" [2008-12-22 20192]
    "@RegRunOnSecure"="c:\progra~1\Greatis\REGRUN~1\OnSecure.exe" [2008-12-22 61664]
    "RtHDVCpl"="RtHDVCpl.exe" - c:\windows\RtHDVCpl.exe [2007-10-11 4702208]

    c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
    Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-12-3 535336]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
    "{F552DDE6-2090-4bf4-B924-6141E87789A5}"= "c:\progra~1\Greatis\REGRUN~1\RRShell.dll" [2008-10-20 335943]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
    "aux1"=wdmaud.drv

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
    @="Service"

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
    "DisableMonitoring"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
    "DisableMonitoring"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
    "{DB9E81CD-E999-4D30-9431-905A8CDF3057}"= c:\program files\Acer Arcade Live\Acer DVDivine\Acer DVDivine.exe:Acer DVDivine
    "{FDE3C5A9-20A2-4666-80CD-094CBF37C993}"= c:\program files\Acer Arcade Live\Acer HomeMedia\Acer HomeMedia.exe:Acer HomeMedia
    "{2ED47240-F206-4606-8CDA-2F141807082E}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Acer HomeMedia Connect.exe:Acer HomeMedia Connect
    "{2C6EED45-7B25-44B1-8A9A-972EFE108A9F}"= c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.EXE:Acer HomeMedia Connect Service
    "{BA7F183C-0260-4659-8C57-3CF842FF30AA}"= c:\program files\Acer Arcade Live\Acer SlideShow DVD\Acer SlideShow DVD.exe:Acer SlideShow DVD
    "{C2191F0A-02E1-4345-985F-D7EB0C11AAF1}"= c:\program files\Acer Arcade Live\Acer VideoMagician\Acer VideoMagician.exe:Acer VideoMagician
    "{F61E8216-CE21-44D7-A083-8FD9EF88C629}"= c:\program files\Acer Arcade Live\Acer DV Magician\Acer DV Magician.exe:Acer DV Magician
    "{10B94AEA-31AD-4C63-85BE-BB4CF9766ED4}"= c:\program files\Acer Arcade Live\Acer Arcade Live Main Page\Acer Arcade Live.exe:Acer Arcade Live
    "{CE42DC5A-6B71-45AF-B868-CCC57AD146B9}"= UDP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
    "{D3B25E92-00A6-46C8-A790-B5AC3C95011F}"= TCP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Civilization4.exe:Sid Meier's Civilization 4
    "{500BC1D1-35DA-49C0-B213-C1926B2F8975}"= UDP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
    "{33E4512B-0101-4AE6-A346-0144B113EFC7}"= TCP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword.exe:Sid Meier's Civilization 4 Beyond the Sword
    "{E10BAE57-780C-49BA-B65A-4616BBD7CACF}"= UDP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
    "{896891A7-3DC3-4195-AAA5-F1AE4EB165FB}"= TCP:d:\program files\Firaxis Games\Sid Meier's Civilization 4\Beyond the Sword\Civ4BeyondSword_PitBoss.exe:Sid Meier's Civilization 4 Beyond the Sword Pitboss
    "{2393A560-E05C-44C4-BBD8-B005481ED5BB}"= UDP:d:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
    "{075B50CA-6793-4820-B513-89FE64BAD6AF}"= TCP:d:\program files\Microsoft Games\Age of Empires III\age3x.exe:Age of Empires III - The WarChiefs
    "{3A9F82A3-E5E7-44FC-934A-6F7D9AAB6283}"= UDP:d:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
    "{3A3C1CB5-3FFD-47FC-AA90-C75A77BFA81E}"= TCP:d:\program files\Microsoft Games\Age of Empires III\age3y.exe:Age of Empires III - The Asian Dynasties
    "{00F71A71-12B8-40AA-95A2-17C8F91B3969}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
    "{80463537-769A-4D6E-B64E-735268576C04}"= UDP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
    "{AAFADC4B-757A-485B-BF57-7D84088E7D00}"= TCP:c:\program files\Electronic Arts\La Bataille pour la Terre du Milieu II\game.dat:La Bataille pour la Terre du Milieu ™ II
    "{6F71051E-65C9-427E-9714-2A9BD1CA9558}"= c:\program files\Skype\Phone\Skype.exe:Skype
    "TCP Query User{6B6BEE6C-8CD6-48EA-8B28-569FC9968892}e:\\program files\\call of duty\\coduomp.exe"= UDP:e:\program files\call of duty\coduomp.exe:CoDUOMP
    "UDP Query User{C467FC26-87CC-4BE1-9BCD-ED5B6ABB383C}e:\\program files\\call of duty\\coduomp.exe"= TCP:e:\program files\call of duty\coduomp.exe:CoDUOMP
    "{7B023CBE-53A0-4813-A8A4-F0E81E3A4ADA}"= UDP:d:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
    "{F875232C-E72E-40A7-8CFB-25AE6514E321}"= TCP:d:\program files\Sports Interactive\Football Manager 2009\fm.exe:Football Manager 2009
    "{73DB6AE4-F611-4F41-AE47-53546B222900}"= UDP:990:LocalSubnet:LocalSubnet|IF={14C28287-987D-4FDD-B262-38B26423ED50}|%SystemRoot%\system32\svchost.exe|Svc=rapimgr:@%systemroot%\WindowsMobile\wmdSync.exe,-4001
    "{9E5BDF6A-D21D-421A-8F49-39FB7CD34B27}"= TCP:6004|c:\program files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
    "{A3172CC2-E7C1-4E78-A1C6-CE039A80E01C}"= UDP:c:\program files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:LSDA, L'Avènement du Roi-sorcier™
    "{F5A14797-1A04-4CFD-A8E8-DFEF0655D4A0}"= TCP:c:\program files\Electronic Arts\L'Avènement du Roi-sorcier\game.dat:LSDA, L'Avènement du Roi-sorcier™
    "TCP Query User{0919228B-28E1-4416-B30B-D250353266C7}c:\\program files\\ubisoft\\heroes of might and magic v - tribes of the east\\bin\\h5_game.exe"= UDP:c:\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe:Heroes of Might and Magic V
    "UDP Query User{C92F70D6-8CE5-40AE-AC23-AAA7E0BEBFA6}c:\\program files\\ubisoft\\heroes of might and magic v - tribes of the east\\bin\\h5_game.exe"= TCP:c:\program files\ubisoft\heroes of might and magic v - tribes of the east\bin\h5_game.exe:Heroes of Might and Magic V
    "TCP Query User{E4024830-207F-4F28-B882-AD2F4B1389F2}c:\\program files\\easyphp 2.0b1\\mysql\\bin\\mysqld.exe"= UDP:c:\program files\easyphp 2.0b1\mysql\bin\mysqld.exe:mysqld
    "UDP Query User{10F23D92-E984-4426-9821-6FB237AA5614}c:\\program files\\easyphp 2.0b1\\mysql\\bin\\mysqld.exe"= TCP:c:\program files\easyphp 2.0b1\mysql\bin\mysqld.exe:mysqld
    "{032C073A-01E3-4EB7-A4E7-AE2B448A790E}"= UDP:c:\program files\Steam\steamapps\common\empire total war\Empire.exe:Empire: Total War
    "{2E39C408-80B0-49E6-9A55-EA4589814C77}"= TCP:c:\program files\Steam\steamapps\common\empire total war\Empire.exe:Empire: Total War
    "{4F71D3C7-DA05-4A79-B068-92CBF44374ED}"= UDP:c:\program files\Steam\steamapps\common\left 4 dead\srcds.exe:Left 4 Dead Dedicated Server
    "{9FC21E83-51C4-4914-A017-780ED17EFB70}"= TCP:c:\program files\Steam\steamapps\common\left 4 dead\srcds.exe:Left 4 Dead Dedicated Server

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
    "DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

    R2 Acer HomeMedia Connect Service;Acer HomeMedia Connect Service;c:\program files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe [03/12/2007 11:00 269448]
    R2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [16/06/2008 22:07 810320]
    S0 Partizan;Partizan;c:\windows\System32\drivers\Partizan.sys [18/07/2009 11:27 34760]
    S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [16/04/2009 23:16 33176]
    S3 RegGuard;RegGuard;c:\windows\System32\drivers\regguard.sys [18/07/2009 11:29 29584]
    S3 rspSanity;rspSanity;c:\windows\System32\drivers\rspSanity32.sys [17/07/2009 19:48 30136]
    S3 rt70x86;RT2500 USB Wireless LAN Driver;c:\windows\System32\drivers\netr70.sys [15/06/2008 12:23 245248]
    S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [17/07/2009 19:28 356920]
    S3 WSVD;WSVD;c:\windows\System32\drivers\WSVD.sys [26/02/2009 14:18 80744]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
    WindowsMobile REG_MULTI_SZ wcescomm rapimgr
    LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

    [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
    "c:\windows\System32\rundll32.exe" "c:\windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
    .
    - - - - ORPHANS REMOVED - - - -

    HKLM-Run-Acer Tour - (no file)
    HKLM-Run-eRecoveryService - (no file)

    .
    ------- Supplementary Scan -------
    .
    uSearchMigratedDefaultURL = hxxp://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
    mStart Page = hxxp://fr.fr.acer.yahoo.com
    IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
    TCP: {029773B8-1390-4664-A8F9-199F5833E602} = 212.30.96.108,213.203.124.146
    TCP: {67B5A412-8B12-4D65-98E9-560BDC88673F} = 212.30.96.108,213.203.124.146
    FF - ProfilePath - c:\users\carvalho\AppData\Roaming\Mozilla\Firefox\Profiles\4nybf1ef.default\
    FF - component: c:\program files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED}\components\NPComponent.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2009-07-18 19:18
    Windows 6.0.6000 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1052327313-1294781821-2582782959-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
    "??"=hex:9e,e3,85,58,ac,7f,13,2c,53,45,ab,21,af,4f,5e,e0,50,bb,e2,b6,33,e1,31,
    9e,ba,6c,ef,fd,2d,71,7a,19,1e,45,22,9b,7f,52,0a,32,75,4b,78,99,9e,09,e2,0e,\
    "??"=hex:69,6f,5c,46,6a,89,f9,ee,2d,48,e0,10,87,42,1e,12

    [HKEY_USERS\S-1-5-21-1052327313-1294781821-2582782959-1000\Software\SecuROM\License information*]
    @Allowed: (Read) (RestrictedCode)
    "datasecu"=hex:fb,1c,84,92,90,16,cc,69,d5,df,be,76,72,22,29,7e,17,71,31,b0,a9,
    70,08,32,0a,9d,6c,cf,c1,35,75,6a,58,3e,a3,b8,07,eb,f3,00,b1,ed,9d,70,52,04,\
    "rkeysecu"=hex:fa,45,e0,cb,42,e5,d3,b3,85,6b,99,a2,3e,f3,27,c3
    .
    Completion time: 2009-07-18 19:21
    ComboFix-quarantined-files.txt 2009-07-18 17:21

    Pre-Run: 106 378 649 600 octets libres
    Post-Run: 106 365 796 352 octets libres

    257 --- E O F --- 2009-07-17 06:55
    0
  7. Utilisateur anonyme
     
    Edit,
    je supçonne que ça soit juste un trojan :

    hxxp://au.download.j+|Cv+@J:NGD_DQ{zGD_DQ{zGD_DQ{zGD_DQ{z+@J­:Nj+|Cv


    il n'est pas arrivé par internet.
    ça été introduit par je ne sais quel moyen dans ton pc, un mail peut être, va savoir

    suis le poste n° 5
    0
  8. mickportugais
     
    Merci d'avoir répondu mais j'ai déja fait cela, et le probleme reste identique.Cependant j'arrive meme plus a me conecter sur Internet a travers mon pc de mon domicile, et ce matin en me réveillant pour me nargué il a changer mon fond d'ecran, (histoire de marqué sa presence).
    De plus, je pense avoir trouvé un keyloger catchme.sys, que je pense a voir effacé mais j'en suis pas sur.
    0
    1. fabul Messages postés 42164 Date d'inscription   Statut Modérateur Dernière intervention   6 066
       
      0
      1. mickportugais > fabul Messages postés 42164 Date d'inscription   Statut Modérateur Dernière intervention  
         
        Salut Fabul
        c est ce que j ai utilise (REGRun) pour supprimer le fichier catchme.sys . Au debut, après suppression il revenait après démarrage, depuis cela le fait plus. Qu'en penses tu? Comment etre sur qu'il ne soit plus là?? (j'ai deja fait une recherche avec les fichiers cachés cela le retrouve plus).
        0
      2. fabul Messages postés 42164 Date d'inscription   Statut Modérateur Dernière intervention   6 066 > mickportugais
         
        Mème en regardant les fichiers cachés et protégés du système d'exploitation,certains rootkits ne sont pas visibles.si regrun ne le détecte plus,il ne doit plus exister,en théorie,

        continue ton investigation.

        as tu fait une analyse avec malwarebytes?
        0
  9. Utilisateur anonyme
     
    tu n'as fait que combofix, pas le reste, continue et poste moi les rapports au fur et a mesure
    merci
    0
    1. mickportugais
       
      Re,
      Et bien j'ai fait combofix et le nettoyage que tu m avais demande de faire
      le probleme est toujours présent!! Que veux tu que je fasse en plus?
      0
  10. Utilisateur anonyme
     
    ça serai bien que tu me postes les rapports ici, je varrais les problèmes et te proposerais des solutions.
    0
    1. mickportugais
       
      Suite : RR2LOG

      Anti Spyware... Start check 19.07.2009 at:12:44:23
      Prohibited:3 Suspicious:25 Warnings:1
      Prohibited:Auto Services
      ProtexisLicensing=D:\WINDOWS\system32\PSIService.exe
      Internal Name: ProtexisLicensing. Status: service running. Actual File: D:\WINDOWS\system32\PSIService.exe * Protexis Licensing Service nTitles PSIService PSIService 2.0.0.1
      ******************************
      Prohibited:Running Processes
      PSIService.exe=D:\WINDOWS\SYSTEM32\PSISERVICE.EXE
      nTitles PSIService PSIService 2.0.0.1
      ******************************
      Prohibited:Running Processes
      ccc.exe=D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE
      Catalyst Control Centre: Host application ATI Technologies Inc. Catalyst Control Centre 2.0.0.0
      ******************************
      Suspicious:Toolbars
      {381FFDE8-2394-4f90-B10D-FC6124A40F8C}=D:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
      BitDefender IE Toolbar Bitdefender BitDefender IE Toolbar 11.0.0.16
      ******************************
      Suspicious:Auto Services
      57xx SteelVine Manager=D:\Program Files\ASUS\Drive Xpert\SteelVine.exe
      Internal Name: 57xx SteelVine Manager. Status: service running. Actual File: D:\Program Files\ASUS\Drive Xpert\SteelVine.exe * SteelVine Volume Management Service
      ******************************
      Suspicious:Auto Services
      ASKUpgrade=D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
      Internal Name: ASKUpgrade. Status: service stopped. Actual File: D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe * ASK ToolBar Upgrade Engine
      ******************************
      Suspicious:Auto Services
      FreeAgentGoNext Service="D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe"
      Internal Name: FreeAgentGoNext Service. Status: service running. Actual File: "D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe" * Seagate Service Sync Windows Services Seagate Technology LLC Sync 4, 7, 0, 1
      ******************************
      Suspicious:Auto Services
      JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
      Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
      ******************************
      Suspicious:Auto Services
      LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
      Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
      ******************************
      Suspicious:Auto Services
      VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
      Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
      ******************************
      Suspicious:Auto Services
      XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
      Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
      ******************************
      Suspicious:Registry Run
      AOLSAV=D:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
      Agent TechCity Solutions France TechCity Solutions France Agent 1.0.0.1766
      ******************************
      Suspicious:Registry Run
      Ai Nap="D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
      ******************************
      Suspicious:Registry Run
      QFan Help="D:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
      1.0.0.0
      ******************************
      Suspicious:Registry Run
      Cpu Level Up help=D:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
      1.0.0.0
      ******************************
      Suspicious:Registry Run
      Launch Direct Link="D:\Program Files\ASUS\AI Direct Link\AsShare.exe"
      1.0.0.0
      ******************************
      Suspicious:Registry Run
      Launch As Cmd Runner="D:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg
      ******************************
      Suspicious:Registry Run
      Ask and Record FLV Service="D:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
      FLV Service for Ask and Record Toolbar Applian Technologies, Inc. Applian Technologies, Inc. FLVSrvc 1, 1, 0, 0
      ******************************
      Suspicious:Registry Run
      Corel File Shell Monitor=D:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
      ******************************
      Suspicious:Registry Run
      Six Engine="D:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
      1.0.0.0
      ******************************
      Suspicious:Registry Run
      BDAgent="D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
      BitDefender Agent BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
      ******************************
      Suspicious:Running Processes
      SteelVine.exe=D:\PROGRAM FILES\ASUS\DRIVE XPERT\STEELVINE.EXE
      ******************************
      Suspicious:Running Processes
      WLService.exe=D:\PROGRAM FILES\WIRELESS 802.11G MONITOR\WLSERVICE.EXE
      ******************************
      Suspicious:Running Processes
      WLanCfgG.exe=D:\PROGRAM FILES\WIRELESS 802.11G MONITOR\WLANCFGG.EXE
      ******************************
      Suspicious:Running Processes
      AiNap.exe=D:\PROGRAM FILES\ASUS\AI SUITE\AINAP\AINAP.EXE
      ******************************
      Suspicious:Running Processes
      CorelIOMonitor.exe=D:\PROGRAM FILES\COREL\COREL MEDIAONE\CORELIOMONITOR.EXE
      ******************************
      Suspicious:Running Processes
      waol.exe=D:\PROGRAM FILES\AOL 9.0 VR\WAOL.EXE
      ******************************
      Suspicious:Running Processes
      shellmon.exe=D:\PROGRAM FILES\AOL 9.0 VR\SHELLMON.EXE
      ******************************
      Warnings:Drivers
      mc25.tmp=D:\WINDOWS\TEMP\MC25.TMP
      ******************************
      -------------------------------------------------------
      Anti Spyware... Start check 19.07.2009 at:12:44:34
      Prohibited:3 Suspicious:25 Warnings:1
      Prohibited:Auto Services
      ProtexisLicensing=D:\WINDOWS\system32\PSIService.exe
      Internal Name: ProtexisLicensing. Status: service running. Actual File: D:\WINDOWS\system32\PSIService.exe * Protexis Licensing Service nTitles PSIService PSIService 2.0.0.1
      ******************************
      Prohibited:Running Processes
      PSIService.exe=D:\WINDOWS\SYSTEM32\PSISERVICE.EXE
      nTitles PSIService PSIService 2.0.0.1
      ******************************
      Prohibited:Running Processes
      ccc.exe=D:\PROGRAM FILES\ATI TECHNOLOGIES\ATI.ACE\CORE-STATIC\CCC.EXE
      Catalyst Control Centre: Host application ATI Technologies Inc. Catalyst Control Centre 2.0.0.0
      ******************************
      Suspicious:Toolbars
      {381FFDE8-2394-4f90-B10D-FC6124A40F8C}=D:\Program Files\BitDefender\BitDefender 2008\IEToolbar.dll
      BitDefender IE Toolbar Bitdefender BitDefender IE Toolbar 11.0.0.16
      ******************************
      Suspicious:Auto Services
      57xx SteelVine Manager=D:\Program Files\ASUS\Drive Xpert\SteelVine.exe
      Internal Name: 57xx SteelVine Manager. Status: service running. Actual File: D:\Program Files\ASUS\Drive Xpert\SteelVine.exe * SteelVine Volume Management Service
      ******************************
      Suspicious:Auto Services
      ASKUpgrade=D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe
      Internal Name: ASKUpgrade. Status: service stopped. Actual File: D:\Program Files\AskBarDis\bar\bin\ASKUpgrade.exe * ASK ToolBar Upgrade Engine
      ******************************
      Suspicious:Auto Services
      FreeAgentGoNext Service="D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe"
      Internal Name: FreeAgentGoNext Service. Status: service running. Actual File: "D:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe" * Seagate Service Sync Windows Services Seagate Technology LLC Sync 4, 7, 0, 1
      ******************************
      Suspicious:Auto Services
      JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
      Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
      ******************************
      Suspicious:Auto Services
      LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
      Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
      ******************************
      Suspicious:Auto Services
      VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
      Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
      ******************************
      Suspicious:Auto Services
      XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
      Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
      ******************************
      Suspicious:Registry Run
      AOLSAV=D:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
      Agent TechCity Solutions France TechCity Solutions France Agent 1.0.0.1766
      ******************************
      Suspicious:Registry Run
      Ai Nap="D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
      ******************************
      Suspicious:Registry Run
      QFan Help="D:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
      1.0.0.0
      ******************************
      Suspicious:Registry Run
      Cpu Level Up help=D:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
      1.0.0.0
      ******************************
      Suspicious:Registry Run
      Launch Direct Link="D:\Program Files\ASUS\AI Direct Link\AsShare.exe"
      1.0.0.0
      ******************************
      Suspicious:Registry Run
      Launch As Cmd Runner="D:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg
      ******************************
      Suspicious:Registry Run
      Ask and Record FLV Service="D:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
      FLV Service for Ask and Record Toolbar Applian Technologies, Inc. Applian Technologies, Inc. FLVSrvc 1, 1, 0, 0
      ******************************
      Suspicious:Registry Run
      Corel File Shell Monitor=D:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
      ******************************
      Suspicious:Registry Run
      Six Engine="D:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
      1.0.0.0
      ******************************
      Suspicious:Registry Run
      BDAgent="D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
      BitDefender Agent BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
      ******************************
      Suspicious:Running Processes
      SteelVine.exe=D:\PROGRAM FILES\ASUS\DRIVE XPERT\STEELVINE.EXE
      ******************************
      Suspicious:Running Processes
      WLService.exe=D:\PROGRAM FILES\WIRELESS 802.11G MONITOR\WLSERVICE.EXE
      ******************************
      Suspicious:Running Processes
      WLanCfgG.exe=D:\PROGRAM FILES\WIRELESS 802.11G MONITOR\WLANCFGG.EXE
      ******************************
      Suspicious:Running Processes
      AiNap.exe=D:\PROGRAM FILES\ASUS\AI SUITE\AINAP\AINAP.EXE
      ******************************
      Suspicious:Running Processes
      CorelIOMonitor.exe=D:\PROGRAM FILES\COREL\COREL MEDIAONE\CORELIOMONITOR.EXE
      ******************************
      Suspicious:Running Processes
      waol.exe=D:\PROGRAM FILES\AOL 9.0 VR\WAOL.EXE
      ******************************
      Suspicious:Running Processes
      shellmon.exe=D:\PROGRAM FILES\AOL 9.0 VR\SHELLMON.EXE
      ******************************
      Warnings:Drivers
      mc25.tmp=D:\WINDOWS\TEMP\MC25.TMP
      ******************************
      -------------------------------------------------------
      Terminate:D:\PROGRAM FILES\WIRELESS 802.11G. Unknown error
      Safe Deleting:D:\PROGRAM FILES\WIRELESS 802.11G. You must restart your computer to fully delete this file.
      Terminate:D:\PROGRAM FILES\WIRELESS 802.11G. Unknown error
      Safe Deleting:D:\PROGRAM FILES\WIRELESS 802.11G. You must restart your computer to fully delete this file.
      Terminate:D:\WINDOWS\TEMP\MC25.TMP. Unknown error
      Safe Deleting:D:\WINDOWS\TEMP\MC25.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Auto Services. R54G Wireless Service=D:\Program Files\Wireless 802.11g Monitor\WLService.exe
      Safe Deleting:D:\PROGRAM FILES\WIRELESS 802.11G. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc25.tmp=D:\WINDOWS\TEMP\MC25.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC25.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc25.tmp=D:\WINDOWS\TEMP\MC25.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC25.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items In memory->Running Services. R54G Wireless Service=D:\Program Files\Wireless 802.11g Monitor\WLService.exe
      Safe Deleting:D:\PROGRAM FILES\WIRELESS 802.11G. You must restart your computer to fully delete this file.
      Anti Spyware... Start check 19.07.2009 at:12:57:31
      Prohibited:3 Suspicious:6 Warnings:0
      Prohibited:Services detected by Partizan
      catchme=\??\D:\DOCUME~1\pedroo\LOCALS~1\Temp\catchme.sys
      Driver Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
      ******************************
      Prohibited:Services detected by Partizan
      mchInjDrv=\??\D:\WINDOWS\TEMP\mc25.tmp
      File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
      ******************************
      Prohibited:Services detected by Partizan
      R54G Wireless Service=D:\Program Files\Wireless 802.11g Monitor\WLService.exe
      File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
      ******************************
      Suspicious:Auto Services
      JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
      Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
      ******************************
      Suspicious:Auto Services
      LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
      Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
      ******************************
      Suspicious:Auto Services
      VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
      Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
      ******************************
      Suspicious:Auto Services
      XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
      Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
      ******************************
      Suspicious:Services detected by Partizan
      Profos=\??\D:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys
      Driver Profos Start Type: loaded manually on demand
      ******************************
      Suspicious:Services detected by Partizan
      Trufos=\??\D:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys
      Driver Trufos Start Type: loaded manually on demand
      ******************************
      -------------------------------------------------------
      Anti Spyware... Start check 19.07.2009 at:13:00:26
      Prohibited:1 Suspicious:6 Warnings:0
      Prohibited:Services detected by Partizan
      catchme=\??\D:\DOCUME~1\pedroo\LOCALS~1\Temp\catchme.sys
      Driver Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
      ******************************
      Suspicious:Auto Services
      JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
      Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
      ******************************
      Suspicious:Auto Services
      LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
      Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
      ******************************
      Suspicious:Auto Services
      VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
      Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
      ******************************
      Suspicious:Auto Services
      XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
      Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
      ******************************
      Suspicious:Services detected by Partizan
      Profos=\??\D:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys
      Driver Profos Start Type: loaded manually on demand
      ******************************
      Suspicious:Services detected by Partizan
      Trufos=\??\D:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys
      Driver Trufos Start Type: loaded manually on demand
      ******************************
      -------------------------------------------------------
      Terminate:D:\DOCUME~1\PEDROO\LOCALS~1\TEMP\CATCHME.SYS. Unknown error
      Safe Deleting:D:\DOCUME~1\PEDROO\LOCALS~1\TEMP\CATCHME.SYS. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Services detected by Partizan. catchme=\??\D:\DOCUME~1\pedroo\LOCALS~1\Temp\catchme.sys
      The service has been marked for deletion->Partizan:catchme
      Anti Spyware... Start check 19.07.2009 at:13:04:35
      Prohibited:0 Suspicious:4 Warnings:0
      Suspicious:Auto Services
      JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
      Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
      ******************************
      Suspicious:Auto Services
      LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
      Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
      ******************************
      Suspicious:Auto Services
      VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
      Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
      ******************************
      Suspicious:Auto Services
      XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
      Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
      ******************************
      -------------------------------------------------------
      Anti Spyware... Start check 19.07.2009 at:13:05:38
      Prohibited:0 Suspicious:4 Warnings:0
      Suspicious:Auto Services
      JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
      Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
      ******************************
      Suspicious:Auto Services
      LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
      Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
      ******************************
      Suspicious:Auto Services
      VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
      Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
      ******************************
      Suspicious:Auto Services
      XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
      Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
      ******************************
      -------------------------------------------------------
      Start check 19.07.2009 at:13:06:56
      Anti Spyware... Start check 19.07.2009 at:13:09:05
      Prohibited:0 Suspicious:4 Warnings:1
      Suspicious:Auto Services
      JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
      Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
      ******************************
      Suspicious:Auto Services
      LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
      Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
      ******************************
      Suspicious:Auto Services
      VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
      Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
      ******************************
      Suspicious:Auto Services
      XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
      Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
      ******************************
      Warnings:Drivers
      mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      ******************************
      -------------------------------------------------------
      Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Anti Spyware... Start check 19.07.2009 at:13:12:03
      Prohibited:1 Suspicious:4 Warnings:0
      Prohibited:Drivers
      mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      ******************************
      Suspicious:Auto Services
      JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
      Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
      ******************************
      Suspicious:Auto Services
      LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
      Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
      ******************************
      Suspicious:Auto Services
      VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
      Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
      ******************************
      Suspicious:Auto Services
      XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
      Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
      ******************************
      -------------------------------------------------------
      Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Anti Spyware... Start check 19.07.2009 at:13:13:23
      Prohibited:1 Suspicious:4 Warnings:0
      Prohibited:Drivers
      mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      ******************************
      Suspicious:Auto Services
      JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
      Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
      ******************************
      Suspicious:Auto Services
      LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
      Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
      ******************************
      Suspicious:Auto Services
      VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
      Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
      ******************************
      Suspicious:Auto Services
      XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
      Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
      ******************************
      -------------------------------------------------------
      Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Anti Spyware... Start check 19.07.2009 at:13:14:44
      Prohibited:1 Suspicious:4 Warnings:0
      Prohibited:Drivers
      mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      ******************************
      Suspicious:Auto Services
      JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
      Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
      ******************************
      Suspicious:Auto Services
      LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
      Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
      ******************************
      Suspicious:Auto Services
      VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
      Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
      ******************************
      Suspicious:Auto Services
      XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
      Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
      ******************************
      -------------------------------------------------------
      Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      End check at:13:19:17
      -------------------------------------------------------
      Anti Spyware... Start check 19.07.2009 at:13:23:01
      Prohibited:1 Suspicious:4 Warnings:0
      Prohibited:Services detected by Partizan
      mchInjDrv=\??\D:\WINDOWS\TEMP\mc220.tmp
      File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
      ******************************
      Suspicious:Auto Services
      JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
      Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
      ******************************
      Suspicious:Auto Services
      LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
      Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
      ******************************
      Suspicious:Auto Services
      VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
      Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
      ******************************
      Suspicious:Auto Services
      XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
      Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
      ******************************
      -------------------------------------------------------
      Anti Spyware... Start check 19.07.2009 at:13:32:10
      Prohibited:0 Suspicious:4 Warnings:0
      Suspicious:Auto Services
      JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
      Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
      ******************************
      Suspicious:Auto Services
      LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
      Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
      ******************************
      Suspicious:Auto Services
      VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
      Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
      ******************************
      Suspicious:Auto Services
      XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
      Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
      ******************************
      -------------------------------------------------------
      Start check 19.07.2009 at:13:38:42
      Anti Spyware... Start check 19.07.2009 at:13:39:47
      Prohibited:1 Suspicious:4 Warnings:0
      Prohibited:Drivers
      mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      ******************************
      Suspicious:Auto Services
      JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
      Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
      ******************************
      Suspicious:Auto Services
      LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
      Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
      ******************************
      Suspicious:Auto Services
      VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
      Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
      ******************************
      Suspicious:Auto Services
      XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
      Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
      ******************************
      -------------------------------------------------------
      Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      End check at:13:41:04
      -------------------------------------------------------
      Start check 19.07.2009 at:14:23:18
      Anti Spyware... Start check 19.07.2009 at:14:24:19
      Prohibited:1 Suspicious:4 Warnings:0
      Prohibited:Drivers
      mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      ******************************
      Suspicious:Auto Services
      JavaQuickStarterService="D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
      Internal Name: JavaQuickStarterService. Status: service running. Actual File: "D:\Program Files\Java\jre6\bin\jqs.exe" -service -config "D:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf" * Prefetches JRE files for faster startup of Java applets and applications Java(TM) Quick Starter Service Sun Microsystems, Inc. Java(TM) Platform SE 6 U13 6.0.130.3
      ******************************
      Suspicious:Auto Services
      LIVESRV="D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service
      Internal Name: LIVESRV. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Update Service BitDefender SRL BitDefender 11 11, 0, 2, 17
      ******************************
      Suspicious:Auto Services
      VSSERV="D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service
      Internal Name: VSSERV. Status: service running. Actual File: "D:\Program Files\BitDefender\BitDefender 2008\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service BitDefender S.R.L. BitDefender 11 11, 0, 0, 17
      ******************************
      Suspicious:Auto Services
      XCOMM="D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service
      Internal Name: XCOMM. Status: service running. Actual File: "D:\Program Files\Fichiers communs\BitDefender\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server BitDefender BitDefender Communicator Server 1, 8, 16, 0
      ******************************
      -------------------------------------------------------
      Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      It is good for me!:D:\PROGRAM FILES\JAVA\JRE6\BIN\JQS.EXE
      It is good for me!:D:\PROGRAM FILES\FICHIERS COMMUNS\BITDEFENDER\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
      It is good for me!:D:\PROGRAM FILES\BITDEFENDER\BITDEFENDER 2008\VSSERV.EXE
      It is good for me!:D:\PROGRAM FILES\FICHIERS COMMUNS\BITDEFENDER\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
      Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      End check at:14:24:53
      -------------------------------------------------------
      Start check 19.07.2009 at:14:24:59
      End check at:14:25:05
      -------------------------------------------------------
      Start check 19.07.2009 at:14:49:50
      End check at:14:49:56
      -------------------------------------------------------
      Anti Spyware... Start check 19.07.2009 at:14:50:45
      Prohibited:1 Suspicious:0 Warnings:0
      Prohibited:Drivers
      mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      ******************************
      -------------------------------------------------------
      Terminate:D:\WINDOWS\TEMP\MC220.TMP. Unknown error
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC220.TMP. You must restart your computer to fully delete this file.
      Anti Spyware... Start check 19.07.2009 at:14:51:23
      Prohibited:1 Suspicious:0 Warnings:0
      Prohibited:Drivers
      mc220.tmp=D:\WINDOWS\TEMP\MC220.TMP
      ******************************
      -------------------------------------------------------
      Anti Spyware... Start check 19.07.2009 at:14:54:52
      Prohibited:1 Suspicious:0 Warnings:0
      Prohibited:Services detected by Partizan
      mchInjDrv=\??\D:\WINDOWS\TEMP\mc220.tmp
      File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
      ******************************
      -------------------------------------------------------
      Start check 19.07.2009 at:17:12:55
      End check at:17:13:01
      -------------------------------------------------------
      Anti Spyware... Start check 19.07.2009 at:17:13:38
      Prohibited:0 Suspicious:0 Warnings:1
      Warnings:Drivers
      mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
      ******************************
      -------------------------------------------------------
      Terminate:D:\WINDOWS\TEMP\MC21E.TMP. Unknown error
      Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
      Anti Spyware... Start check 19.07.2009 at:17:14:50
      Prohibited:1 Suspicious:0 Warnings:0
      Prohibited:Drivers
      mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
      ******************************
      -------------------------------------------------------
      Anti Spyware... Start check 19.07.2009 at:17:16:13
      Prohibited:1 Suspicious:0 Warnings:0
      Prohibited:Drivers
      mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
      ******************************
      -------------------------------------------------------
      Anti Spyware... Start check 19.07.2009 at:17:19:04
      Prohibited:1 Suspicious:0 Warnings:0
      Prohibited:Services detected by Partizan
      mchInjDrv=\??\D:\WINDOWS\TEMP\mc21E.tmp
      File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
      ******************************
      -------------------------------------------------------
      Terminate:D:\WINDOWS\TEMP\MC21E.TMP. Unknown error
      Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Services detected by Partizan. mchInjDrv=\??\D:\WINDOWS\TEMP\mc21E.tmp
      The service has been marked for deletion->Partizan:mchInjDrv
      Start check 19.07.2009 at:17:33:41
      The changes found in HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      -------------------------------------------------------
      "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
      D:\PROGRA~1\TECHCI~1\AOLSAV\AOLAgent.exe
      D:\Program Files\Fichiers communs\AOL\ACS\AOLDial.exe
      "D:\Program Files\QuickTime\qttask.exe" -atboottime
      "D:\Program Files\ASUS\Ai Suite\AiNap\AiNap.exe"
      "D:\Program Files\ASUS\Ai Suite\QFan3\QFanHelp.exe"
      D:\Program Files\ASUS\Ai Suite\CpuLevelUpHelp.exe
      "D:\Program Files\ASUS\AI Direct Link\AsShare.exe"
      "D:\Program Files\ASUS\AI Direct Link\AsCmd.exe" -reg
      "D:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
      "D:\Program Files\Ask & Record Toolbar\FLVSrvc.exe" /run
      "D:\Program Files\Java\jre6\bin\jusched.exe"
      D:\Program Files\Corel\Corel MediaOne\CorelIOMonitor.exe
      RTHDCPL.EXE
      "D:\Program Files\ASUS\Six Engine\SixEngine.exe" -r
      "D:\Program Files\BitDefender\BitDefender 2008\bdagent.exe"
      - D:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
      D:\WINDOWS\winbait.exe
      D:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
      -------------------------------------------------------
      The changes found in HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      -------------------------------------------------------
      D:\WINDOWS\system32\ctfmon.exe
      "D:\Program Files\Spyware Doctor\swdoctor.exe" /Q
      - "D:\Program Files\AOL 9.0 VR\AOL.EXE" -b
      D:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
      "D:\Program Files\Greatis\RegRunSuite\lsoon.exe" -1 30 "D:\Program Files\Greatis\RegRunSuite\rescue.exe" /a "c:\backreg\rstore.ini"
      -------------------------------------------------------
      End check at:17:36:05
      -------------------------------------------------------
      Anti Spyware... Start check 19.07.2009 at:17:36:58
      Prohibited:1 Suspicious:0 Warnings:0
      Prohibited:Drivers
      mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
      ******************************
      -------------------------------------------------------
      Terminate:D:\WINDOWS\TEMP\MC21E.TMP. Unknown error
      Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
      Delete Marked Items Kernel Auto Boot->Drivers. mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
      Safe Deleting:D:\WINDOWS\TEMP\MC21E.TMP. You must restart your computer to fully delete this file.
      Anti Spyware... Start check 19.07.2009 at:17:38:04
      Prohibited:1 Suspicious:0 Warnings:0
      Prohibited:Drivers
      mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
      ******************************
      -------------------------------------------------------
      Start check 19.07.2009 at:17:40:14
      End check at:17:40:19
      -------------------------------------------------------
      Anti Spyware... Start check 19.07.2009 at:17:40:56
      Prohibited:1 Suspicious:0 Warnings:0
      Prohibited:Drivers
      mc21E.tmp=D:\WINDOWS\TEMP\MC21E.TMP
      ******************************
      -------------------------------------------------------
      Could not start service
      Anti Spyware... Start check 19.07.2009 at:17:45:30
      Prohibited:1 Suspicious:0 Warnings:0
      Prohibited:Services detected by Partizan
      mchInjDrv=\??\D:\WINDOWS\TEMP\mc21E.tmp
      File is deleted or hidden by rootkit or could not be located. Service registry key doesn't exist or hidden.
      ******************************
      -------------------------------------------------------
      Could not start service
      Start check 19.07.2009 at:17:57:45
      End check at:17:57:53
      -------------------------------------------------------
      Start check 19.07.2009 at:18:00:25
      End check at:18:00:30
      -------------------------------------------------------
      Start check 19.07.2009 at:20:27:42
      End check at:20:28:02
      -------------------------------------------------------
      0
  11. mickportugais
     
    Re,

    Voila les autres rapports

    1) HIJACK

    Logfile of Trend Micro HijackThis v2.0.2
    Scan saved at 20:26:42, on 19/07/2009
    Platform: Windows Vista (WinNT 6.00.1904)
    MSIE: Internet Explorer v8.00 (8.00.6001.18702)
    Boot mode: Normal

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\system32\taskeng.exe
    C:\Windows\Explorer.EXE
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\Windows\RtHDVCpl.exe
    C:\Acer\Empowering Technology\SysMonitor.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
    C:\Windows\System32\nvraidservice.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Windows\WindowsMobile\wmdSync.exe
    C:\Windows\System32\rundll32.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    C:\Program Files\Steam\Steam.exe
    C:\Program Files\Greatis\RegRunSuite\WatchDog.exe
    C:\Windows\system32\wbem\unsecapp.exe
    C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
    C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Windows\system32\SearchFilterHost.exe
    K:\HiJackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://fr.fr.acer.yahoo.com
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
    O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [PCMMediaSharing] C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
    O4 - HKLM\..\Run: [NVRaidService] C:\Windows\system32\nvraidservice.exe
    O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdSync.exe
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
    O4 - HKLM\..\Run: [RegRun WinBait] C:\Windows\winbait.exe
    O4 - HKLM\..\Run: [@RegRunOnSecure] C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
    O4 - HKCU\..\Run: [SpybotSD TeaTimer] D:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
    O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
    O4 - HKCU\..\Run: [Regrun2] C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe
    O4 - Global Startup: Empowering Technology Launcher.lnk = ?
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\Spybot - Search & Destroy\SDHelper.dll
    O13 - Gopher Prefix:
    O17 - HKLM\System\CCS\Services\Tcpip\..\{029773B8-1390-4664-A8F9-199F5833E602}: NameServer = 212.30.96.108,213.203.124.146
    O17 - HKLM\System\CCS\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: NameServer = 212.30.96.108,213.203.124.146
    O17 - HKLM\System\CS1\Services\Tcpip\..\{029773B8-1390-4664-A8F9-199F5833E602}: NameServer = 212.30.96.108,213.203.124.146
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
    O23 - Service: Acer HomeMedia Connect Service - CyberLink - C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe
    O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
    O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
    O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
    O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
    O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
    O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
    0
  12. mickportugais
     
    desole je me suis trompe pour le RR2LOG c est pas le bon, je te renvoie
    Excuse moi
    0
  13. mickportugais
     
    Voila RGG2

    Anti Spyware... Start check 18.07.2009 at:11:30:16
    Prohibited:1 Suspicious:14 Warnings:0
    Prohibited:Running Processes
    SysMonitor.exe=C:\ACER\EMPOWERING TECHNOLOGY\SYSMONITOR.EXE
    1.0.1.0
    ******************************
    Suspicious:Main File Extensions
    .html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
    ******************************
    Suspicious:Auto Services
    a2free="C:\Program Files\a-squared Free\a2service.exe"
    Internal Name: a2free. Status: service running. Actual File: "C:\Program Files\a-squared Free\a2service.exe" * Scans the PC for unwanted software and provides protection from malicious code a-squared Service Emsi Software GmbH a-squared 4.5.0.0
    ******************************
    Suspicious:Auto Services
    Acer HomeMedia Connect Service="C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe"
    Internal Name: Acer HomeMedia Connect Service. Status: service running. Actual File: "C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\CLMSServer.exe" * Acer HomeMedia Connect Service. CLMSServer CyberLink CyberLink CLMSServer 1.5.4204
    ******************************
    Suspicious:Auto Services
    bdss="C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
    Internal Name: bdss. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service * Analyse contre les virus et autres menaces
    ******************************
    Suspicious:Auto Services
    CLTNetCnService="c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
    Internal Name: CLTNetCnService. Status: service stopped. Actual File: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon * Symantec Lic NetConnect Service
    ******************************
    Suspicious:Auto Services
    eDataSecurity Service="C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe"
    Internal Name: eDataSecurity Service. Status: service running. Actual File: "C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe" * eDSService.exe eDataSecurity Service HiTRSUT eDataSecurity Management 2, 5, 2, 32
    ******************************
    Suspicious:Auto Services
    eRecoveryService=C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
    Internal Name: eRecoveryService. Status: service running. Actual File: C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe * Acer eRecovery Management eRecoveryService Acer Inc. eRecoveryService 2.5.4.4
    ******************************
    Suspicious:Auto Services
    LIVESRV="C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
    Internal Name: LIVESRV. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 19
    ******************************
    Suspicious:Auto Services
    SBSDWSCService=C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    Internal Name: SBSDWSCService. Status: service running. Actual File: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe * Spybot-S&D Security Center integration Safer Networking Ltd. Spybot - Search & Destroy 1, 5, 2, 0
    ******************************
    Suspicious:Auto Services
    Schedule=C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    Internal Name: SBSDWSCService. Status: service running. Actual File: C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe * Spybot-S&D Security Center integration Safer Networking Ltd. Spybot - Search & Destroy 1, 5, 2, 0
    ******************************
    Suspicious:Auto Services
    VSSERV="C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
    Internal Name: VSSERV. Status: service running. Actual File: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 157
    ******************************
    Suspicious:Auto Services
    XCOMM="C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
    Internal Name: XCOMM. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server SOFTWIN S.R.L Softwin BitDefender Communicator Server 1, 8, 11, 0
    ******************************
    Suspicious:Registry Run
    PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    ******************************
    Suspicious:Registry Run
    BDAgent="C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    BDAgent Application SOFTWIN S.R.L. Bitdefender 10 10, 2, 0, 16
    ******************************
    -------------------------------------------------------
    Terminate:-OSINT. Unknown error
    Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
    Terminate:-URL. Unknown error
    Safe Deleting:-URL. You must restart your computer to fully delete this file.
    Terminate:-REQUESTPENDING. Unknown error
    Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
    Start check 18.07.2009 at:11:38:05
    End check at:11:38:10
    -------------------------------------------------------
    Anti Spyware... Start check 18.07.2009 at:11:42:46
    Prohibited:1 Suspicious:6 Warnings:0
    Prohibited:Main File Extensions
    .html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
    ******************************
    Suspicious:Auto Services
    bdss="C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
    Internal Name: bdss. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service * Analyse contre les virus et autres menaces
    ******************************
    Suspicious:Auto Services
    CLTNetCnService="c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
    Internal Name: CLTNetCnService. Status: service stopped. Actual File: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon * Symantec Lic NetConnect Service
    ******************************
    Suspicious:Auto Services
    LIVESRV="C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
    Internal Name: LIVESRV. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 19
    ******************************
    Suspicious:Auto Services
    VSSERV="C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
    Internal Name: VSSERV. Status: service running. Actual File: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 157
    ******************************
    Suspicious:Auto Services
    XCOMM="C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
    Internal Name: XCOMM. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server SOFTWIN S.R.L Softwin BitDefender Communicator Server 1, 8, 11, 0
    ******************************
    Suspicious:Registry Run
    PCMMediaSharing=C:\Program Files\Acer Arcade Live\Acer HomeMedia Connect\Kernel\DMS\PCMMediaSharing.exe
    ******************************
    -------------------------------------------------------
    Terminate:-OSINT. Unknown error
    Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
    Terminate:-URL. Unknown error
    Safe Deleting:-URL. You must restart your computer to fully delete this file.
    Terminate:-REQUESTPENDING. Unknown error
    Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
    Anti Spyware... Start check 18.07.2009 at:11:48:08
    Prohibited:1 Suspicious:5 Warnings:0
    Prohibited:Main File Extensions
    .html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
    ******************************
    Suspicious:Auto Services
    bdss="C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
    Internal Name: bdss. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service * Analyse contre les virus et autres menaces
    ******************************
    Suspicious:Auto Services
    CLTNetCnService="c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
    Internal Name: CLTNetCnService. Status: service stopped. Actual File: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon * Symantec Lic NetConnect Service
    ******************************
    Suspicious:Auto Services
    LIVESRV="C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
    Internal Name: LIVESRV. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 19
    ******************************
    Suspicious:Auto Services
    VSSERV="C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
    Internal Name: VSSERV. Status: service running. Actual File: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 157
    ******************************
    Suspicious:Auto Services
    XCOMM="C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
    Internal Name: XCOMM. Status: service running. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server SOFTWIN S.R.L Softwin BitDefender Communicator Server 1, 8, 11, 0
    ******************************
    -------------------------------------------------------
    Terminate:-OSINT. Unknown error
    Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
    Terminate:-URL. Unknown error
    Safe Deleting:-URL. You must restart your computer to fully delete this file.
    Terminate:-REQUESTPENDING. Unknown error
    Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
    Could not start service
    Anti Spyware... Start check 18.07.2009 at:11:52:16
    Prohibited:1 Suspicious:5 Warnings:0
    Prohibited:Main File Extensions
    .html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
    ******************************
    Suspicious:Auto Services
    bdss="C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service
    Internal Name: bdss. Status: service stopped. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service * Analyse contre les virus et autres menaces
    ******************************
    Suspicious:Auto Services
    CLTNetCnService="c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
    Internal Name: CLTNetCnService. Status: service stopped. Actual File: "c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon * Symantec Lic NetConnect Service
    ******************************
    Suspicious:Auto Services
    LIVESRV="C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service
    Internal Name: LIVESRV. Status: service stopped. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service * Télécharger les mises à jour BitDefender et les nouvelles signatures de codes malveillants via Internet BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 19
    ******************************
    Suspicious:Auto Services
    VSSERV="C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
    Internal Name: VSSERV. Status: service stopped. Actual File: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service * Analyse contre les virus et autres menaces BitDefender Security Service SOFTWIN S.R.L. BitDefender 10 10, 2, 1, 157
    ******************************
    Suspicious:Auto Services
    XCOMM="C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service
    Internal Name: XCOMM. Status: service stopped. Actual File: "C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service * Assure la communication efficace entre les composants BitDefender BitDefender Communicator Server SOFTWIN S.R.L Softwin BitDefender Communicator Server 1, 8, 11, 0
    ******************************
    -------------------------------------------------------
    Terminate:-OSINT. Unknown error
    Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
    Terminate:-URL. Unknown error
    Safe Deleting:-URL. You must restart your computer to fully delete this file.
    Terminate:-REQUESTPENDING. Unknown error
    Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
    It is good for me!:C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE
    It is good for me!:C:\PROGRAM FILES\COMMON FILES\SYMANTEC SHARED\CCSVCHST.EXE
    It is good for me!:C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE
    It is good for me!:C:\PROGRAM FILES\SOFTWIN\BITDEFENDER10\VSSERV.EXE
    It is good for me!:C:\PROGRAM FILES\COMMON FILES\SOFTWIN\BITDEFENDER COMMUNICATOR\XCOMMSVR.EXE
    Start check 18.07.2009 at:12:04:23
    End check at:19:04:41
    -------------------------------------------------------
    Start check 19.07.2009 at:09:31:44
    Anti Spyware... Start check 19.07.2009 at:09:35:08
    Prohibited:2 Suspicious:0 Warnings:0
    Prohibited:Main File Extensions
    .html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
    ******************************
    Prohibited:Services detected by Partizan
    catchme=\??\C:\Users\carvalho\AppData\Local\Temp\catchme.sys
    Driver Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
    ******************************
    -------------------------------------------------------
    Terminate:-OSINT. Unknown error
    Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
    Terminate:-URL. Unknown error
    Safe Deleting:-URL. You must restart your computer to fully delete this file.
    Terminate:-REQUESTPENDING. Unknown error
    Terminate:C:\USERS\CARVALHO\APPDATA\LOCAL\TEMP\CATCHME.SYS. Unknown error
    Safe Deleting:C:\USERS\CARVALHO\APPDATA\LOCAL\TEMP\CATCHME.SYS. You must restart your computer to fully delete this file.
    Delete Marked Items Kernel Auto Boot->Services detected by Partizan. catchme=\??\C:\Users\carvalho\AppData\Local\Temp\catchme.sys
    The service has been marked for deletion->Partizan:catchme
    Anti Spyware... Start check 19.07.2009 at:09:38:15
    Prohibited:1 Suspicious:0 Warnings:0
    Prohibited:Main File Extensions
    .html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
    ******************************
    -------------------------------------------------------
    Terminate:-OSINT. Unknown error
    Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
    Terminate:-URL. Unknown error
    Safe Deleting:-URL. You must restart your computer to fully delete this file.
    Terminate:-REQUESTPENDING. Unknown error
    Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
    Anti Spyware... Start check 19.07.2009 at:09:41:51
    Prohibited:1 Suspicious:0 Warnings:0
    Prohibited:Main File Extensions
    .html="C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1"
    ******************************
    -------------------------------------------------------
    Terminate:%1. Unknown error
    Safe Deleting:%1. You must restart your computer to fully delete this file.
    Terminate:-OSINT. Unknown error
    Safe Deleting:-OSINT. You must restart your computer to fully delete this file.
    Terminate:-URL. Unknown error
    Safe Deleting:-URL. You must restart your computer to fully delete this file.
    Terminate:-REQUESTPENDING. Unknown error
    Safe Deleting:-REQUESTPENDING. You must restart your computer to fully delete this file.
    Could not start service
    Could not start service
    Start check 19.07.2009 at:10:02:09
    End check at:10:02:17
    -------------------------------------------------------
    Could not start service
    Start check 19.07.2009 at:10:03:07
    End check at:10:03:09

    -------------------------------------------------------
    0
  14. fabul Messages postés 42164 Date d'inscription   Statut Modérateur Dernière intervention   6 066
     
    Si tu veux,démarre regrun,dans l'onglet security,clic sur check for rootkit/check me now,

    si il y a quelque chose a supprimer,utilise terminate et reboot now

    ensuite,supprime le log rr2log,va dans l'onglet Startup/Start control,et ferme les fenètres jusqu'a ce qu'apparaisse la fenètre "regrun user assistant" clic sur scan for viruses,coche la case "use deep level scanning once" et clic sur reboot pour redémarrer,si tu voit quelque chose qui te tracasse,poste la chose en question,

    NOTE:Quand l'évaluation de 30 jour tirera a sa fin ou lors que tu décidera de le désinstaller,utilise dans cette mème fenètre "regrun user assistant" l'onglet "Uninstall Partizan".ensuite,désinstalle regrun.

    et fais un scan malwarebytes.

    ps:ton log hijackthis paraissait assez normal a part ceci.
    tu a utilisé msconfig avant?
    O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto

    et cela.

    O17 - HKLM\System\CCS\Services\Tcpip\..\{029773B8-1390-4664-A8F9-199F5833E602}: NameServer = 212.30.96.108,213.203.124.146
    O17 - HKLM\System\CCS\Services\Tcpip\..\{67B5A412-8B12-4D65-98E9-560BDC88673F}: NameServer = 212.30.96.108,213.203.124.146
    O17 - HKLM\System\CS1\Services\Tcpip\..\{029773B8-1390-4664-A8F9-199F5833E602}: NameServer = 212.30.96.108,213.203.124.146

    je crois que tu pourrait fixer ces lignes avec hijackthis.

    si quelqu'un d'autre a un avis,
    0
  15. mickportugais
     
    Malwarebyte's n'a rien trouvé , oui j'ai utilisé msconfig pour voir si il y avait des services bizarres qui se lancais au demarrage .j'ai fais check for rootkit , et il n'a rien trouvé ...Bref ca m'a l'air compliqué cette affaire
    0