Sujet Précédent Sujet Suivant

Raport hijackthis aide

Résolu/Fermé
cece2404 Messages postés 159 Date d'inscription mercredi 31 janvier 2007 Statut Membre Dernière intervention 8 décembre 2013 - 13 avril 2007 à 22:10
cece2404 Messages postés 159 Date d'inscription mercredi 31 janvier 2007 Statut Membre Dernière intervention 8 décembre 2013 - 14 avril 2007 à 22:37
bonjour tout le monde,

j'ai télécharger ce logiciel (hijackthis) car des pub (casino, téléphonie...) apparaissent sans saisse.

voici le rapport :


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 21:44:57, on 13/04/2007
Platform: Windows XP (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe
C:\Program Files\Microsoft IntelliType Pro\type32.exe
C:\Program Files\Logitech\Video\LogiTray.exe
C:\Program Files\Winsos\WINSOS.EXE
C:\Program Files\Antipub\antipub.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\WINDOWS\System32\cisvc.exe
C:\WINDOWS\System32\FTRTSVC.exe
C:\Program Files\Ahead\InCD\InCDsrv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\System32\cidaemon.exe
C:\Documents and Settings\m\Mes documents\jean-gerard\EClea2_0\EasyClea.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\m\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fmeteo%2f%3f
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [WA6PV_Check] "C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe"
O4 - HKLM\..\Run: [type32] "C:\Program Files\Microsoft IntelliType Pro\type32.exe"
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [LogitechGalleryRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKCU\..\Run: [WINSOS VERIFY] "C:\Program Files\Winsos\WINSOS.EXE" MINI
O4 - Startup: Anti-Pub.lnk = C:\Program Files\Antipub\antipub.exe
O4 - Startup: avast! Antivirus.lnk = C:\Program Files\Alwil Software\Avast4\ashAvast.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: F-Secure Windows Security Center Legacy Detection Service (Fswsclds) - Unknown owner - C:\Program Files\Securitoo\av_fw\fswsclds.exe (file missing)
O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\System32\imapi.exe
O23 - Service: InCD File System Service (InCDsrv) - AHEAD Software - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\System32\mnmsrvc.exe
O23 - Service: DDE réseau (NetDDE) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: DSDM DDE réseau (NetDDEdsdm) - Unknown owner - C:\WINDOWS\system32\netdde.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Prise en charge des cartes à puces (SCardDrv) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Telnet (TlntSvr) - Unknown owner - C:\WINDOWS\System32\tlntsvr.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\System32\wbem\wmiapsrv.exe

8 réponses

Réponse 1 / 8
cece2404 Messages postés 159 Date d'inscription mercredi 31 janvier 2007 Statut Membre Dernière intervention 8 décembre 2013 7
14 avril 2007 à 15:43
je l'ai fait c'est bon ca ma mis ca :

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.5.9, Build 2462. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 14/04/2007 15:38:57
Using Database v6778
Operating System: Windows XP Professional (Build 2600)
Using data directory: C:\Documents and Settings\m\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\m\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges


**************************************************
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

******************************
15:38:57: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

******************************
15:38:57: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

******************************
15:38:57: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

******************************
15:38:58: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = NvCplDaemon
Value Data = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup - this command has been left in place
--------------------
Value Name = type32
Value Data = C:\Program Files\Microsoft IntelliType Pro\type32.exe - this command has been left in place
--------------------
Value Name = LogitechVideoTray
Value Data = C:\Program Files\Logitech\Video\LogiTray.exe - this command has been left in place
--------------------
Value Name = LogitechGalleryRepair
Value Data = C:\Program Files\Logitech\Video\ISStart.exe - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
Value Name = jkpsbz
Value Data = c:\windows\system32\jkpsbz.exe jkpsbz - this command has been left in place [file not found to scan]
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key attempts to run the following program(s):
Value Name =
The Value Data for this entry appears to be blank
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = unilex01
The Value Data for this entry appears to be blank
--------------------
Value Name = WINSOS VERIFY
Value Data = C:\Program Files\Winsos\WINSOS.EXE" MINI - this command has been left in place
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

******************************
15:39:00: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

******************************
15:39:00: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Registry Run Keys Hidden Entries found
----------

******************************
15:39:00: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver=C:\WINDOWS\System32\SCREEN~1.SCR - this command has been left in place
--------------------

******************************
15:39:00: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\System32\ie4uinit.exe - this reference has been left in place
----------
Key={9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
StubPath=C:\WINDOWS\System32\updcrl.exe - this reference has been left in place
----------

******************************
15:39:03: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=%SystemRoot%\System32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\System32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RemoteRegistry
ServiceDLL=%SystemRoot%\system32\regsvc.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\System32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
--------------------
Key=uploadmgr
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\System32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSN
ServiceDLL=C:\WINDOWS\System32\MsPMSNSv.dll - this reference has been left in place
--------------------
Key=Wmi
ServiceDLL=%SystemRoot%\System32\advapi32.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\WINDOWS\System32\wuauserv.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place

******************************
15:39:13: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=ACPI
ImagePath=System32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=aspnet_state
ImagePath=%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe - this reference has been left in place
----------
Key=aswUpdSv
ImagePath="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" - this reference has been left in place
----------
Key=AsyncMac
ImagePath=System32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=System32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=System32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=System32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=avast! Antivirus
ImagePath="C:\Program Files\Alwil Software\Avast4\ashServ.exe" - this reference has been left in place
----------
Key=avast! Mail Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service - this reference has been left in place
----------
Key=avast! Web Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service - this reference has been left in place
----------
Key=basic2
ImagePath=System32\DRIVERS\HSF_BSC2.sys - this reference has been left in place
----------
Key=Boonty Games
ImagePath="C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" - this reference has been left in place
----------
Key=CCDECODE
ImagePath=System32\DRIVERS\CCDECODE.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=System32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=cisvc
ImagePath=C:\WINDOWS\System32\cisvc.exe - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=cmuda
ImagePath=system32\drivers\cmuda.sys - this file has been excluded from scanning
----------
Key=cmuda2
ImagePath=system32\drivers\cmuda2.sys - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=DcCam
ImagePath=System32\DRIVERS\DcCam.sys - this reference has been left in place
----------
Key=DcFpoint
ImagePath=System32\DRIVERS\DcFpoint.sys - this reference has been left in place
----------
Key=DCFS2K
ImagePath=system32\drivers\dcfs2k.sys - this reference has been left in place
----------
Key=DcLps
ImagePath=System32\DRIVERS\DcLps.sys - this reference has been left in place
----------
Key=DcPTP
ImagePath=System32\DRIVERS\DcPTP.sys - this reference has been left in place
----------
Key=Disk
ImagePath=System32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=DumaNT
ImagePath=System32\DRIVERS\dumant.sys - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=Exportit
ImagePath=System32\DRIVERS\exportit.sys - this reference has been left in place
----------
Key=Fallback
ImagePath=System32\DRIVERS\HSF_FALL.sys - this reference has been left in place
----------
Key=Fdc
ImagePath=System32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=FETNDIS
ImagePath=System32\DRIVERS\fetnd5.sys - this reference has been left in place
----------
Key=FETNDISB
ImagePath=System32\DRIVERS\fetnd5b.sys - this reference has been left in place
----------
Key=Fsks
ImagePath=System32\DRIVERS\HSF_FSKS.sys - this reference has been left in place
----------
Key=Fswsclds
ImagePath=C:\Program Files\Securitoo\av_fw\fswsclds.exe - this file has been excluded from scanning
----------
Key=Ftdisk
ImagePath=System32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=FTRTSVC
ImagePath=C:\WINDOWS\System32\FTRTSVC.exe - this reference has been left in place
----------
Key=gameenum
ImagePath=System32\DRIVERS\gameenum.sys - this reference has been left in place
----------
Key=GMSIPCI
ImagePath=\??\D:\INSTALL\GMSIPCI.SYS - this file has been excluded from scanning
----------
Key=Gpc
ImagePath=System32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=gusvc
ImagePath="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
----------
Key=HidUsb
ImagePath=System32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=hsf_msft
ImagePath=System32\DRIVERS\HSF_MSFT.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=System32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\System32\imapi.exe - this reference has been left in place
----------
Key=InCDPass
ImagePath=System32\DRIVERS\InCDPass.sys - this reference has been left in place
----------
Key=InCDsrv
ImagePath=C:\Program Files\Ahead\InCD\InCDsrv.exe - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=System32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=System32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=System32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=IPSec
ImagePath=System32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=System32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=System32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=K56
ImagePath=System32\DRIVERS\HSF_K56K.sys - this reference has been left in place
----------
Key=Kbdclass
ImagePath=System32\Drivers\Kbdclass.sys - this reference has been left in place
----------
Key=kbdhid
ImagePath=System32\DRIVERS\kbdhid.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=KodakCCS
ImagePath=%SystemRoot%\system32\drivers\KodakCCS.exe - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\System32\mnmsrvc.exe - this reference has been left in place
----------
Key=Mouclass
ImagePath=System32\Drivers\Mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=System32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=System32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=System32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\System32\msdtc.exe - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\System32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=MSTEE
ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
----------
Key=NABTSFEC
ImagePath=System32\DRIVERS\NABTSFEC.sys - this reference has been left in place
----------
Key=NdisIP
ImagePath=System32\DRIVERS\NdisIP.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=System32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=System32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=System32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=System32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=System32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
----------
Key=nm
ImagePath=System32\DRIVERS\NMnt.sys - this reference has been left in place
----------
Key=NTACCESS
ImagePath=\??\D:\NTACCESS.sys - this file has been excluded from scanning
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
----------
Key=nv
ImagePath=System32\DRIVERS\nv4_mini.sys - this reference has been left in place
----------
Key=NVSvc
ImagePath=%SystemRoot%\System32\nvsvc32.exe - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=System32\DRIVERS\nwlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=System32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
----------
Key=Parport
ImagePath=System32\DRIVERS\parport.sys - this reference has been left in place
----------
Key=PCAMPR5
ImagePath=\??\C:\WINDOWS\System32\PCAMPR5.SYS - this file has been excluded from scanning
----------
Key=PCANDIS5
ImagePath=\??\C:\WINDOWS\System32\PCANDIS5.SYS - this reference has been left in place
----------
Key=PCI
ImagePath=System32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=pepifilter
ImagePath=System32\DRIVERS\lv302af.sys - this reference has been left in place
----------
Key=PID_08A0
ImagePath=System32\DRIVERS\LV302AV.SYS - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=System32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=Processor
ImagePath=System32\DRIVERS\processr.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=System32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=System32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=System32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=System32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=System32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=System32\DRIVERS\raspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=System32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=rdpdr
ImagePath=System32\DRIVERS\rdpdr.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=System32\DRIVERS\redbook.sys - this reference has been left in place
----------
Key=Rksample
ImagePath=System32\DRIVERS\HSF_SAMP.sys - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\System32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\System32\rsvp.exe - this reference has been left in place
----------
Key=rtl8139
ImagePath=System32\DRIVERS\RTL8139.SYS - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardDrv
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=Secdrv
ImagePath=System32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=serenum
ImagePath=System32\DRIVERS\serenum.sys - this reference has been left in place
----------
Key=Serial
ImagePath=System32\DRIVERS\serial.sys - this reference has been left in place
----------
Key=SerialKeys
ImagePath=C:\WINDOWS\system32\skeys.exe - this reference has been left in place
----------
Key=SetupNTGLM7X
ImagePath=\??\D:\NTGLM7X.sys - this file has been excluded from scanning
----------
Key=sfdrv01
ImagePath=System32\drivers\sfdrv01.sys - this reference has been left in place
----------
Key=sfhlp02
ImagePath=System32\drivers\sfhlp02.sys - this reference has been left in place
----------
Key=sfsync02
ImagePath=System32\drivers\sfsync02.sys - this reference has been left in place
----------
Key=sfvfs02
ImagePath=System32\drivers\sfvfs02.sys - this reference has been left in place
----------
Key=SLIP
ImagePath=System32\DRIVERS\SLIP.sys - this reference has been left in place
----------
Key=SoftFax
ImagePath=System32\DRIVERS\HSF_FAXX.sys - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=sr
ImagePath=System32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=Srv
ImagePath=System32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=SSHDRV84
ImagePath=\??\C:\WINDOWS\System32\drivers\SSHDRV84.sys - this reference has been left in place
----------
Key=streamip
ImagePath=System32\DRIVERS\StreamIP.sys - this reference has been left in place
----------
Key=swenum
ImagePath=System32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\System32\dllhost.exe /Processid:{20747FE9-A886-46AA-A925-1B2C68727C04} - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=Tcpip
ImagePath=System32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=System32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=TlntSvr
ImagePath=C:\WINDOWS\System32\tlntsvr.exe - this reference has been left in place
----------
Key=Tones
ImagePath=System32\DRIVERS\HSF_TONE.sys - this reference has been left in place
----------
Key=UMWdf
ImagePath=C:\WINDOWS\System32\wdfmgr.exe - this reference has been left in place
----------
Key=Update
ImagePath=System32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbaudio
ImagePath=system32\drivers\usbaudio.sys - this reference has been left in place
----------
Key=usbccgp
ImagePath=System32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=System32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbprint
ImagePath=System32\DRIVERS\usbprint.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=System32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usbuhci
ImagePath=System32\DRIVERS\usbuhci.sys - this reference has been left in place
----------
Key=USB_RNDIS
ImagePath=System32\DRIVERS\usb8023.sys - this reference has been left in place
----------
Key=usnjsvc
ImagePath=C:\Program Files\MSN Messenger\usnsvc.exe - this reference has been left in place
----------
Key=V124
ImagePath=System32\DRIVERS\HSF_V124.sys - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=viaagp1
ImagePath=System32\DRIVERS\viaagp1.sys - this reference has been left in place
----------
Key=ViaIde
ImagePath=System32\DRIVERS\viaidexp.sys - this reference has been left in place
----------
Key=viamraid
ImagePath=System32\DRIVERS\viamraid.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=Wanarp
ImagePath=System32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\System32\wbem\wmiapsrv.exe - this reference has been left in place
----------
Key=WSTCODEC
ImagePath=System32\DRIVERS\WSTCODEC.SYS - this reference has been left in place
----------

******************************
15:40:06: Scanning -----VXD ENTRIES-----
Checking VMM32 VxD files being loaded

******************************
15:40:06: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=WgaLogon
DLLName=WgaLogon.dll - this reference has been left in place
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------

******************************
15:40:07: Scanning ----- CONTEXTMENUHANDLERS -----
Key = avast
CLSID = {472083B0-C522-11CF-8763-00608CC02F24}
C:\Program Files\Alwil Software\Avast4\ashShell.dll - this ContextMenuHandler has been left in place
----------
Key = axcrypt.File
CLSID = {C1C11DE3-3DD7-40E8-82D7-59E98C190ECA}
C:\Program Files\Axon Data\AxCrypt\1.6.3\AxCrypt.dll - this ContextMenuHandler has been left in place
----------
Key = BriefcaseMenu
CLSID = {85BBD920-42A0-1069-A2E4-08002B30309D}
syncui.dll - this ContextMenuHandler has been left in place
----------
Key = Offline Files
CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
%SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------

******************************
15:40:10: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
"C:\Program Files\OpenOffice.org 2.1\program\shlxthdl.dll" - this Folder\ColumnHandler has been left in place
----------
Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
----------

******************************
15:40:12: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {AA58ED58-01DD-4d91-8333-CF10577473F7}
c:\program files\google\googletoolbar2.dll - this Browser Helper Object has been left in place
----------

******************************
15:40:13: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
%SystemRoot%\System32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
C:\WINDOWS\System32\stobject.dll - this ShellServiceObject has been left in place
----------

******************************
15:40:14: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
No SharedTaskScheduler entries found to scan

******************************
15:40:14: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

******************************
15:40:14: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

******************************
15:40:14: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
desktop.ini - this file is expected and has been left in place
--------------------
Lancement rapide d'Adobe Reader.lnk - this links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe and has been left in place
--------------------

******************************
No User Startup Groups were located to check

******************************
15:40:14: Scanning ----- SCHEDULED TASKS -----

******************************
15:40:14: ----- EXTRA CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------

******************************
15:40:14: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\AxInst.exe - this file has been left in place
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
C:\WINDOWS\Downloaded Program Files\erma.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\PURen-us.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\PURfr-fr.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\PURfr-xx.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\swflash.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\UDC6V_0001_D19M0709NetInstaller.exe - this file has been left in place

******************************
15:40:16: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\Program Files\Microsoft IntelliType Pro\type32.exe
--------------------
C:\Program Files\Logitech\Video\LogiTray.exe
--------------------
C:\Program Files\Winsos\WINSOS.EXE
--------------------
C:\Program Files\Antipub\antipub.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
--------------------
C:\Program Files\MSN Messenger\msnmsgr.exe
--------------------
C:\WINDOWS\System32\cisvc.exe
--------------------
C:\WINDOWS\System32\FTRTSVC.exe
--------------------
C:\Program Files\Ahead\InCD\InCDsrv.exe
--------------------
C:\WINDOWS\System32\nvsvc32.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\System32\wdfmgr.exe
--------------------
C:\Program Files\MSN Messenger\usnsvc.exe
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE
--------------------
C:\WINDOWS\System32\cidaemon.exe
--------------------
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
--------------------
C:\Documents and Settings\m\Application Data\Simply Super Software\Trojan Remover\rhr2.exe
FileSize: 1 782 336
[This is a Trojan Remover component]
--------------------

******************************
15:40:27: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

******************************
15:40:27: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\System32
No malicious entries were found in the AUTOEXEC.NT file

******************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?redirfallthru=http%3a%2f%2fwww.msn.fr%2fmeteo%2f%3f
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\SYSTEM32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl

******************************

NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES


Scan completed at: 14/04/2007 15:40:27
************************************************************


***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
13/04/2007 23:11:29: Trojan Remover has been restarted
13/04/2007 23:11:29: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.5.9, Build 2462. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 13/04/2007 23:02:36
Using Database v6778
Operating System: Windows XP Professional (Build 2600)
Using data directory: C:\Documents and Settings\m\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\m\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges


**************************************************
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

******************************
23:02:37: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

******************************
23:02:37: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

******************************
23:02:37: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

******************************
23:02:41: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = NvCplDaemon
Value Data = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup - this command has been left in place
--------------------
Value Name = WA6PV_Check
C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe - running process located and terminated
Value Data = C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe - appears to contain SECURITYRISK.WINFIXER
Value Data = C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe - this command has been removed
C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe has been renamed to: C:\Program Files\Fichiers communs\DriveCleaner Free\udcwap.exe.ren
Value Name = type32
Value Data = C:\Program Files\Microsoft IntelliType Pro\type32.exe - this command has been left in place
--------------------
Value Name = LogitechVideoTray
Value Data = C:\Program Files\Logitech\Video\LogiTray.exe - this command has been left in place
--------------------
Value Name = LogitechGalleryRepair
Value Data = C:\Program Files\Logitech\Video\ISStart.exe - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key attempts to run the following program(s):
Value Name =
The Value Data for this entry appears to be blank
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = unilex01
The Value Data for this entry appears to be blank
--------------------
Value Name = WINSOS VERIFY
Value Data = C:\Program Files\Winsos\WINSOS.EXE" MINI - this command has been left in place
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

******************************
23:03:03: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

******************************
23:03:03: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
Hidden Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ValueName: jkpsbz
Value: c:\windows\system32\jkpsbz.exe jkpsbz
jkpsbz - this registry value has been removed [file not found to scan]
c:\windows\system32\jkpsbz.exe - process is either not running or could not be terminated
c:\windows\system32\jkpsbz.exe has been renamed to: c:\windows\system32\jkpsbz.exe.ren
This file will also be marked for renaming during PC restart, in case it is re-created
NVS2.INF, associated with Adware.NaviPromo, found in C:\WINDOWS\System32\
C:\WINDOWS\System32\NVS2.INF has been renamed to: C:\WINDOWS\System32\NVS2.INF.ren
PACK.EPK, associated with Adware.NaviPromo, found in C:\WINDOWS\
C:\WINDOWS\PACK.EPK has been renamed to: C:\WINDOWS\PACK.EPK.ren
C:\WINDOWS\System32\jkpsbz.dat has been renamed to: C:\WINDOWS\System32\jkpsbz.dat.ren
This file will also be marked for renaming during PC restart, in case it is re-created
C:\WINDOWS\System32\jkpsbz_nav.dat has been renamed to: C:\WINDOWS\System32\jkpsbz_nav.dat.ren
This file will also be marked for renaming during PC restart, in case it is re-created
C:\WINDOWS\System32\jkpsbz_navps.dat has been renamed to: C:\WINDOWS\System32\jkpsbz_navps.dat.ren
This file will also be marked for renaming during PC restart, in case it is re-created
----------

******************************
23:03:12: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver=C:\WINDOWS\System32\SCREEN~1.SCR - this command has been left in place
--------------------

******************************
23:03:12: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\System32\ie4uinit.exe - this reference has been left in place
----------
Key={9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
StubPath=C:\WINDOWS\System32\updcrl.exe - this reference has been left in place
----------

******************************
23:03:16: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=%SystemRoot%\System32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\System32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RemoteRegistry
ServiceDLL=%SystemRoot%\system32\regsvc.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\System32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
--------------------
Key=uploadmgr
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\System32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSN
ServiceDLL=C:\WINDOWS\System32\MsPMSNSv.dll - this reference has been left in place
--------------------
Key=Wmi
ServiceDLL=%SystemRoot%\System32\advapi32.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\WINDOWS\System32\wuauserv.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place

******************************
23:03:26: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=ACPI
ImagePath=System32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=aspnet_state
ImagePath=%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe - this reference has been left in place
----------
Key=aswUpdSv
ImagePath="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" - this reference has been left in place
----------
Key=AsyncMac
ImagePath=System32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=System32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=System32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=System32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=avast! Antivirus
ImagePath="C:\Program Files\Alwil Software\Avast4\ashServ.exe" - this reference has been left in place
----------
Key=avast! Mail Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service - this reference has been left in place
----------
Key=avast! Web Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service - this reference has been left in place
----------
Key=basic2
ImagePath=System32\DRIVERS\HSF_BSC2.sys - this reference has been left in place
----------
Key=Boonty Games
ImagePath="C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" - this reference has been left in place
----------
Key=CCDECODE
ImagePath=System32\DRIVERS\CCDECODE.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=System32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=cisvc
ImagePath=C:\WINDOWS\System32\cisvc.exe - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=cmuda
ImagePath=system32\drivers\cmuda.sys - this reference has been left in place [file not found to scan]
----------
Key=cmuda2
ImagePath=system32\drivers\cmuda2.sys - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=DcCam
ImagePath=System32\DRIVERS\DcCam.sys - this reference has been left in place
----------
Key=DcFpoint
ImagePath=System32\DRIVERS\DcFpoint.sys - this reference has been left in place
----------
Key=DCFS2K
ImagePath=system32\drivers\dcfs2k.sys - this reference has been left in place
----------
Key=DcLps
ImagePath=System32\DRIVERS\DcLps.sys - this reference has been left in place
----------
Key=DcPTP
ImagePath=System32\DRIVERS\DcPTP.sys - this reference has been left in place
----------
Key=Disk
ImagePath=System32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sy
1
Réponse 2 / 8
cece2404 Messages postés 159 Date d'inscription mercredi 31 janvier 2007 Statut Membre Dernière intervention 8 décembre 2013 7
14 avril 2007 à 21:25
bonsoir. Est- ce que je peux désinstaller trojan remover maintenant vu que c'est bon. Je l'ai utilisé plusieurs fois mais j'ai vu qu'il y a 30 jours d'eesai

merci
1
Réponse 3 / 8
^^Marie^^ Messages postés 113901 Date d'inscription mardi 6 septembre 2005 Statut Membre Dernière intervention 28 août 2020 3 275
14 avril 2007 à 22:07
Bonsoir,

Juste en passant
Tu as combien d'anti-virus ??

1
Réponse 4 / 8
cece2404 Messages postés 159 Date d'inscription mercredi 31 janvier 2007 Statut Membre Dernière intervention 8 décembre 2013 7
14 avril 2007 à 22:11
j'ai 1 seul anti virus AVAST
1

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 8
cece2404 Messages postés 159 Date d'inscription mercredi 31 janvier 2007 Statut Membre Dernière intervention 8 décembre 2013 7
14 avril 2007 à 22:37
ok merci beaucoup pour ton aide
1
Réponse 6 / 8
florian.guston
13 avril 2007 à 22:44
hello apparement tu as aussi une version gratuite de drivecleaner dans ton pc; c'est un malware...si tu ne recois que des spams et que tu n'as pas d'autres probs genre pc qui rame ou sablier pendant 5min tu peux tenter de le virer avec trojan remover, en mode sans échec; tapoter f8 dès le démarrage de ton os, tu le trouveras en free sur le web; bonne chance ;)
0
Réponse 7 / 8
florian.guston
14 avril 2007 à 19:40
bonsoir normalement c oki, le rapport étant très long il faudra néanmoins que tu le fasses réanalyser par un autre car 2 avis valent tjs mieux; le trojan remover est efficace généralement et je te conseille un Ccleaner pour bien nettoyer ton pc après chaque surf, voila en espérant que le prob est résolu a plus ;)
0
Réponse 8 / 8
florian.guston
14 avril 2007 à 22:33
bonsoir, tant que ton pc est ok tu n'en a plus besoin, pas la peine de scanner ts les jours :) quand le délai d'essai sera expiré il ne sera plus a jour et sera bon pour la corbeille... a +
0

Discussions similaires

Analyse des logs hijackthis
philnoug -
nayas13 -

35 réponses
Hijackthis pour Android mobile
Sartuplady -
le druide -

3 réponses
à l'aide raport de stage
chicha -
Utilisateur anonyme -

1 réponse
raport de stage
sisiH -
teckel28 -

1 réponse
Demande d'aide pour un Log Hijackthis
Lord_Astriel -
Utilisateur anonyme -

32 réponses