Cheval de troie

Fermé
luis170395 Messages postés 334 Date d'inscription mercredi 17 janvier 2007 Statut Membre Dernière intervention 12 décembre 2008 - 27 avril 2007 à 18:43
luis170395 Messages postés 334 Date d'inscription mercredi 17 janvier 2007 Statut Membre Dernière intervention 12 décembre 2008 - 28 avril 2007 à 15:05
Bonjour rapide,
Avast me signale toute les 30 secondes que je suis infectés par des chevals de troie, puis zone alarm a son tour signale que les fichier en question tente d'accéder à internet. Sur le message d'avast je fais supprimmer mais les messages continuent. J'ai déja eu à faire face à un cheval de troie qui tenter d'accéder à msn mais j'ai su quoi faire, tiens en ce moment, TODO:<file description> tente d'accéder à internet.
Aidez moi je vous en suppli, je ne sais pas quoi faire.

Cordialement affolé Luis.

12 réponses

luis170395 Messages postés 334 Date d'inscription mercredi 17 janvier 2007 Statut Membre Dernière intervention 12 décembre 2008 51
27 avril 2007 à 18:44
PS : j'ai été obligé d'utiliser IE car mozilla ne veux pas démmarer.
0
luis170395 Messages postés 334 Date d'inscription mercredi 17 janvier 2007 Statut Membre Dernière intervention 12 décembre 2008 51
27 avril 2007 à 18:53
up plz
0
luis170395 Messages postés 334 Date d'inscription mercredi 17 janvier 2007 Statut Membre Dernière intervention 12 décembre 2008 51
27 avril 2007 à 19:06
voici le rapport de trojan remover (c'est long, c'est pas grave si vous avez la flemme!) :
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.0.2465. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 27/04/2007 19:02:31
Using Database v6787
Operating System: Windows XP Home Edition Service Pack 2 (Build 2600)
Using data directory: C:\Documents and Settings\HP_Propriétaire\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\HP_Propriétaire\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges


**************************************************
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

**************************************************
19:02:31: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

**************************************************
19:02:31: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

**************************************************
19:02:31: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
19:02:32: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = LXBUCATS
Value Data = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBUtime.dll,_RunDLLEntry@16 - this command has been left in place
--------------------
Value Name = ZoneAlarm Client
Value Data = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe - this command has been left in place
--------------------
Value Name = avast!
Value Data = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - this command has been left in place
--------------------
Value Name = SoundMan
Value Data = SOUNDMAN.EXE - this command has been left in place
--------------------
Value Name = .nvsvc
Value Data = C:\WINDOWS\system\smss.exe /w - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = swg
Value Data = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe - this command has been left in place
--------------------
Value Name = Spyware & Adware Removal
Value Data = C:\Program Files\Spyware & Adware Removal\SAR.exe" NoHint - this command has been left in place [file not found to scan]
--------------------
Value Name = ctfmon.exe
Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
--------------------
Value Name = SpybotSD TeaTimer
Value Data = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this command has been left in place
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

**************************************************
19:02:34: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

**************************************************
19:02:34: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Registry Run Keys Hidden Entries found
----------

**************************************************
19:02:34: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver=C:\WINDOWS\system32\AVASTSS.scr - this command has been left in place
--------------------

**************************************************
19:02:34: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
StubPath=C:\WINDOWS\system32\ieudinit.exe - this reference has been left in place
----------
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------

**************************************************
19:02:36: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this file is globally excluded (file cannot be found)
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this file is globally excluded (file cannot be found)
--------------------
Key=HTTPFilter
ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\system32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\system32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSN
ServiceDLL=C:\WINDOWS\system32\MsPMSNSv.dll - this reference has been left in place
--------------------
Key=wscsvc
ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\WINDOWS\system32\wuauserv.dll - this reference has been left in place
--------------------
Key=WudfSvc
ServiceDLL=%SystemRoot%\System32\WUDFSvc.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
--------------------
Key=xmlprov
ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place

**************************************************
19:02:41: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=aaudstum
ImagePath=\??\C:\DOCUME~1\HP_PRO~1\LOCALS~1\Temp\aaudstum.sys - this reference has been left in place [file not found to scan]
----------
Key=ACPI
ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=AdfuUd
ImagePath=System32\Drivers\AdfuUd.sys - this reference has been left in place
----------
Key=ADSLAutoconnect
ImagePath="C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe" -z - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=ALCXWDM
ImagePath=system32\drivers\ALCXWDM.SYS - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=AmdK8
ImagePath=system32\DRIVERS\AmdK8.sys - this reference has been left in place
----------
Key=Arp1394
ImagePath=system32\DRIVERS\arp1394.sys - this reference has been left in place
----------
Key=aspnet_state
ImagePath=%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - this reference has been left in place
----------
Key=aswUpdSv
ImagePath="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" - this reference has been left in place
----------
Key=AsyncMac
ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Ati HotKey Poller
ImagePath=%SystemRoot%\system32\Ati2evxx.exe - this reference has been left in place
----------
Key=ati2mtag
ImagePath=system32\DRIVERS\ati2mtag.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=avast! Antivirus
ImagePath="C:\Program Files\Alwil Software\Avast4\ashServ.exe" - this reference has been left in place
----------
Key=avast! Mail Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service - this reference has been left in place
----------
Key=avast! Web Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service - this reference has been left in place
----------
Key=Boonty Games
ImagePath="C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" - this reference has been left in place
----------
Key=Bridge
ImagePath=system32\DRIVERS\bridge.sys - this reference has been left in place
----------
Key=BridgeMP
ImagePath=system32\DRIVERS\bridge.sys - this reference has been left in place
----------
Key=CCDECODE
ImagePath=system32\DRIVERS\CCDECODE.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=CiSvc
ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=clr_optimization_v2.0.50727_32
ImagePath=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=CO_Mon
ImagePath=\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys - this reference has been left in place
----------
Key=Disk
ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=driverhardwarev2
ImagePath=\??\C:\Program Files\HardwareDetection\driverhardwarev2.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=Fdc
ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=Flpydisk
ImagePath=system32\DRIVERS\flpydisk.sys - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place
----------
Key=FontCache3.0.0.0
ImagePath=c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe - this reference has been left in place
----------
Key=Ftdisk
ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=Gpc
ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=gusvc
ImagePath="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
----------
Key=hamachi_oem
ImagePath=system32\DRIVERS\gan_adapter.sys - this reference has been left in place
----------
Key=HidUsb
ImagePath=system32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=HTTP
ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=IDriverT
ImagePath="C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" - this reference has been left in place
----------
Key=idsvc
ImagePath="C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" - this reference has been left in place
----------
Key=Imapi
ImagePath=system32\DRIVERS\imapi.sys - this reference has been left in place
----------
Key=Imapi Helper
ImagePath="C:\Program Files\Alex Feinman\ISO Recorder\ImapiHelper.exe" - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\system32\imapi.exe - this reference has been left in place
----------
Key=IntelIde
ImagePath=system32\DRIVERS\intelide.sys - this reference has been left in place
----------
Key=intelppm
ImagePath=system32\DRIVERS\intelppm.sys - this reference has been left in place [file not found to scan]
----------
Key=Ip6Fw
ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=iPod Service
ImagePath="C:\Program Files\iPod\bin\iPodService.exe" - this reference has been left in place [file not found to scan]
----------
Key=IPSec
ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=Kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=ltmodem5
ImagePath=system32\DRIVERS\ltmdmnt.sys - this reference has been left in place
----------
Key=Lvckap
ImagePath=\??\C:\WINDOWS\system32\drivers\Lvckap.sys - this reference has been left in place
----------
Key=lvmvdrv
ImagePath=\??\C:\WINDOWS\system32\drivers\lvmvdrv.sys - this reference has been left in place
----------
Key=LVPrcMon
ImagePath=\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys - this reference has been left in place
----------
Key=LVPrcSrv
ImagePath=c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe - this reference has been left in place
----------
Key=LVUSBSta
ImagePath=system32\drivers\lvusbsta.sys - this reference has been left in place
----------
Key=lxbu_device
ImagePath=C:\WINDOWS\system32\lxbucoms.exe -service - this reference has been left in place
----------
Key=MDM
ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE" - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place
----------
Key=Mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=system32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=MSTEE
ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
----------
Key=NABTSFEC
ImagePath=system32\DRIVERS\NABTSFEC.sys - this reference has been left in place
----------
Key=NdisIP
ImagePath=system32\DRIVERS\NdisIP.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=system32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NIC1394
ImagePath=system32\DRIVERS\nic1394.sys - this reference has been left in place
----------
Key=NPPTNT2
ImagePath=\??\C:\WINDOWS\system32\npptNT2.sys - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=system32\DRIVERS\nwlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=system32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
----------
Key=NwlnkIpx
ImagePath=system32\DRIVERS\nwlnkipx.sys - this reference has been left in place
----------
Key=NwlnkNb
ImagePath=system32\DRIVERS\nwlnknb.sys - this reference has been left in place
----------
Key=NwlnkSpx
ImagePath=system32\DRIVERS\nwlnkspx.sys - this reference has been left in place
----------
Key=ohci1394
ImagePath=system32\DRIVERS\ohci1394.sys - this reference has been left in place
----------
Key=ose
ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" - this reference has been left in place
----------
Key=Parport
ImagePath=system32\DRIVERS\parport.sys - this reference has been left in place
----------
Key=PCAMPR5
ImagePath=\??\C:\WINDOWS\system32\PCAMPR5.SYS - this reference has been left in place [file not found to scan]
----------
Key=PCANDIS5
ImagePath=\??\C:\WINDOWS\system32\PCANDIS5.SYS - this reference has been left in place
----------
Key=PCI
ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=PCIIde
ImagePath=system32\DRIVERS\pciide.sys - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=Processor
ImagePath=system32\DRIVERS\processr.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=Ps2
ImagePath=system32\DRIVERS\PS2.sys - this reference has been left in place
----------
Key=PSched
ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
----------
Key=QCMerced
ImagePath=system32\DRIVERS\LVCM.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=system32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=system32\DRIVERS\raspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=system32\DRIVERS\redbook.sys - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\system32\rsvp.exe - this reference has been left in place
----------
Key=RTL8023xp
ImagePath=system32\DRIVERS\Rtlnicxp.sys - this reference has been left in place
----------
Key=rtl8139
ImagePath=system32\DRIVERS\RTL8139.SYS - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=Secdrv
ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=SerialKeys
ImagePath=C:\WINDOWS\system32\skeys.exe - this reference has been left in place
----------
Key=sfdrv01
ImagePath=System32\drivers\sfdrv01.sys - this reference has been left in place
----------
Key=sfhlp02
ImagePath=System32\drivers\sfhlp02.sys - this reference has been left in place
----------
Key=sfvfs02
ImagePath=System32\drivers\sfvfs02.sys - this reference has been left in place
----------
Key=SLIP
ImagePath=system32\DRIVERS\SLIP.sys - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=sr
ImagePath=system32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=srescan
ImagePath=system32\ZoneLabs\srescan.sys - this reference has been left in place
----------
Key=Srv
ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=streamip
ImagePath=system32\DRIVERS\StreamIP.sys - this reference has been left in place
----------
Key=swenum
ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{383FA16D-AF8F-4C60-B213-2B9363664871} - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=Tcpip
ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=Update
ImagePath=system32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbaudio
ImagePath=system32\drivers\usbaudio.sys - this reference has been left in place
----------
Key=usbccgp
ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbehci
ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbohci
ImagePath=system32\DRIVERS\usbohci.sys - this reference has been left in place
----------
Key=usbprint
ImagePath=system32\DRIVERS\usbprint.sys - this reference has been left in place
----------
Key=usbscan
ImagePath=system32\DRIVERS\usbscan.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usbuhci
ImagePath=system32\DRIVERS\usbuhci.sys - this reference has been left in place
----------
Key=USB_RNDIS
ImagePath=system32\DRIVERS\usb8023.sys - this reference has been left in place
----------
Key=usnjsvc
ImagePath="C:\Program Files\MSN Messenger\usnsvc.exe" - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=ViaIde
ImagePath=system32\DRIVERS\viaide.sys - this reference has been left in place
----------
Key=vsdatant
ImagePath=System32\vsdatant.sys - this reference has been left in place
----------
Key=vsmon
ImagePath=C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service - this file is globally excluded
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=Wanarp
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place
----------
Key=WMPNetworkSvc
ImagePath=C:\Program Files\Windows Media Player\WMPNetwk.exe - this reference has been left in place
----------
Key=WSTCODEC
ImagePath=system32\DRIVERS\WSTCODEC.SYS - this reference has been left in place
----------
Key=WudfPf
ImagePath=system32\DRIVERS\WudfPf.sys - this reference has been left in place
----------
Key=WudfRd
ImagePath=system32\DRIVERS\wudfrd.sys - this reference has been left in place
----------

**************************************************
19:03:26: Scanning -----VXD ENTRIES-----
Checking VMM32 VxD files being loaded

**************************************************
19:03:26: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=AtiExtEvent
DLLName=Ati2evxx.dll - this reference has been left in place
----------
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=WgaLogon
DLLName=WgaLogon.dll - this reference has been left in place
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------

**************************************************
19:03:27: Scanning ----- CONTEXTMENUHANDLERS -----
Key = avast
CLSID = {472083B0-C522-11CF-8763-00608CC02F24}
C:\Program Files\Alwil Software\Avast4\ashShell.dll - this ContextMenuHandler has been left in place
----------
Key = BriefcaseMenu
CLSID = {85BBD920-42A0-1069-A2E4-08002B30309D}
syncui.dll - this ContextMenuHandler has been left in place
----------
Key = Fichiers hors connexion
CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
%SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
----------
Key = NppShellExt
CLSID = {1CE8B2C9-EAEF-43fc-8218-F092E4F94A47}
File = [CLSID does not appear to reference a file]
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = ZLAVShExt
CLSID = {D9872D13-7651-4471-9EEE-F0A00218BEBB}
C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------

**************************************************
19:03:28: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
----------

**************************************************
19:03:28: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL - this Browser Helper Object has been left in place
----------
Key = {53707962-6F74-2D53-2644-206D7942484F}
C:\PROGRA~1\SPYBOT~1\SDHelper.dll - this Browser Helper Object has been left in place
----------
Key = {9030D464-4C02-4ABF-8ECC-5164760863C6}
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - this Browser Helper Object has been left in place
----------
Key = {AA58ED58-01DD-4d91-8333-CF10577473F7}
c:\program files\google\googletoolbar2.dll - this Browser Helper Object has been left in place
----------

**************************************************
19:03:28: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
C:\WINDOWS\system32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place
----------
Key = WPDShServiceObj
C:\WINDOWS\system32\WPDShServiceObj.dll - this ShellServiceObject has been left in place
----------

**************************************************
19:03:29: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment = Pré-chargeur Browseui
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------
Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment = Démon de cache des catégories de composant
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------

**************************************************
19:03:29: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
19:03:29: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

**************************************************
19:03:29: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
desktop.ini - this file is expected and has been left in place
--------------------
HP Digital Imaging Monitor.lnk - this links to C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe and has been left in place
--------------------
Lancement rapide d'Adobe Reader.lnk - this links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe and has been left in place
--------------------

**************************************************
No User Startup Groups were located to check

**************************************************
19:03:29: Scanning ----- SCHEDULED TASKS -----

**************************************************
19:03:29: ----- EXTRA CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------

**************************************************
19:03:29: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\avsniff.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\avsniff.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\AXXPEE.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\CabSA.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\catalog.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
C:\WINDOWS\Downloaded Program Files\dwusplay.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\dwusplay.exe - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ecbootil.vxd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ecmldr32.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\erma.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\GAME_UNO1.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\GAME_UNO1.INF - this file has been left in place
C:\WINDOWS\Downloaded Program Files\IaLdr32.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\isusweb.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\messengerstatsclient.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MsnPUpld.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MsnPUpld.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\navapi.vxd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\navapi32.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\naveng32.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\navex32a.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\OGAControl.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\opuc.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\PURen-us.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\purfr-fr.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\rufsi.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\scrauth.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\swflash.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\symaveng.cat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\symaveng.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tcdefs.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tcscan7.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tcscan8.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tcscan9.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tinf.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tinfidx.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tinfl.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tscan1.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tscan1hd.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\v.grd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\v.sig - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan1.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan2.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan3.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan4.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan5.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan6.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan7.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan8.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan9.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscant.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\vscanmsx.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\zdone.dat - this file has been left in place

**************************************************
19:03:40: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
--------------------
C:\WINDOWS\SOUNDMAN.EXE
--------------------
C:\WINDOWS\system32\ctfmon.exe
--------------------
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
--------------------
C:\Program Files\ADSL Autoconnect\ADSL Autoconnect.exe
--------------------
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
--------------------
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE
--------------------
C:\Documents and Settings\HP_Propriétaire\Application Data\Simply Super Software\Trojan Remover\enr20.exe
FileSize: 1 782 336
[This is a Trojan Remover component]
--------------------

**************************************************
19:03:48: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

**************************************************
19:03:48: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.orange.fr/portail
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl

**************************************************

NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES


Scan completed at: 27/04/2007 19:03:48
************************************************************
0
luis170395 Messages postés 334 Date d'inscription mercredi 17 janvier 2007 Statut Membre Dernière intervention 12 décembre 2008 51
27 avril 2007 à 19:15
up up up
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
scan avec A SQUARED efficace contre les cheveaux de troie:
https://www.01net.com/telecharger/


puis les antiespions suivant: ad aware, spybot:

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html
https://www.01net.com/404/

puis lance CCLEANER pour effacer les fichiers temporaires...

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html


enfin fait un scan enligne avec KASPERKY ou PANDA par exemple:

http://pandasoftware.fr
0
quand tu lance les programme suaf le scan en ligne il faut les mettre a jour et de preference le faire en mode sans echec

tiens nous au courant pour voir si ca a marché ou pas
0
luis170395 Messages postés 334 Date d'inscription mercredi 17 janvier 2007 Statut Membre Dernière intervention 12 décembre 2008 51
28 avril 2007 à 10:29
rapport a-squared-free :
Version - a-squared Free 2.1

Réglages Scan:

Objets: Mémoire, Traces, Cookies, C:\WINDOWS\, C:\Program Files
Scan archives: Marche
Heuristiques: Marche
Scan ADS: Marche

Début du scan: 28/04/2007 10:00:29

C:\Documents and Settings\Luis\Cookies\luis@2o7[2].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Cookies\luis@weborama[2].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:13 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:14 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:15 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:352 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:353 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:354 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:355 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:357 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:358 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:361 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:362 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:367 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:368 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:369 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:372 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:373 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:384 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:399 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:404 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:405 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:406 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:410 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:411 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:412 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:413 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:414 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:427 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:428 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:433 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:450 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:451 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:452 Détecter: Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:453 Détecter: Trace.TrackingCookie

Scanné

Fichiers: 48813
Traces: 111397
Cookies: 556
Processus: 31

Trouver

Fichiers: 0
Traces: 0
Cookies: 35
Processus: 0
Clés de Registre: 0

Fin du Scan: 28/04/2007 10:26:44
Temps du Scan: 00:26:15

C:\Documents and Settings\Luis\Cookies\luis@2o7[2].txt Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Cookies\luis@weborama[2].txt Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:13 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:14 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:15 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:352 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:353 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:354 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:355 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:357 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:358 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:361 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:362 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:367 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:368 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:369 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:372 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:373 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:384 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:399 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:404 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:405 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:406 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:410 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:411 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:412 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:413 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:414 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:427 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:428 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:433 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:450 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:451 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:452 Supprimé Trace.TrackingCookie
C:\Documents and Settings\Luis\Application Data\Mozilla\Firefox\Profiles\ca315kh0.default\cookies.txt:453 Supprimé Trace.TrackingCookie

Supprimé

Fichiers: 0
Traces: 0
Cookies: 35
0
luis170395 Messages postés 334 Date d'inscription mercredi 17 janvier 2007 Statut Membre Dernière intervention 12 décembre 2008 51
28 avril 2007 à 10:51
spybot n'a détecter qu'un cookie traceur
0
luis170395 Messages postés 334 Date d'inscription mercredi 17 janvier 2007 Statut Membre Dernière intervention 12 décembre 2008 51
28 avril 2007 à 11:13
rapport ad aware :
Ad-Aware SE Build 1.06r1
Fichier journal créé le :samedi 28 avril 2007 10:51:20
Created with Ad-Aware SE Personal, free for private use.
Utilisation du fichier de définitions :SE1R167 23.04.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Références détectées lors de l’analyse :
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
MRU List(Index TAC :0):16 Nombre total de références
Tracking Cookie(Index TAC :3):14 Nombre total de références
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Définir : Rechercher les entrées à risque négligeable
Définir : Mode sécurisé (tjrs demander confirm.)
Définir : Analyser les processus actifs
Définir : Scan registry
Définir : Analyser en profondeur le registre
Définir : Analyser mes favoris IE pour rech. URL interdites
Définir : Analyser mon fichier Hosts

Extended Ad-Aware SE Settings
===========================
Définir : Décharger les modules et les processus reconnus pendant l’analyse
Définir : Anal. reg. pr tous utili. et non pr utili. actuel uniqmnt
Définir : Toujours essayer de décharger les modules avant la suppression
Définir : Lors de la suppression, décharger l’Explorateur et IE si nécessaire
Définir : Perm. Win. supp. fich. en cours au proch. démar.
Définir : Supprimer les objets en quarantaine après la restauration
Définir : Inclure les paramètres de base d'Ad-Aware dans le fichier journal
Définir : Inclure les paramètres de base d'Ad-Aware dans le fichier journal
Définir : Inclure un récapitulatif des références dans le fichier journal
Définir : Inclure les détails des données ADS dans le fichier journal
Définir : Émettre un son à la fin de l’analyse en cas de détection d'objets critiques


28/04/2007 10:51:20 - L’analyse a démarré. (Analyse complète du système)

MRU List Objet reconnu !
Emplacement : : C:\Documents and Settings\Luis\Application Data\microsoft\office\recent
Description : list of recently opened documents using microsoft office


MRU List Objet reconnu !
Emplacement : : C:\Documents and Settings\Luis\recent
Description : list of recently opened documents


MRU List Objet reconnu !
Emplacement : : S-1-5-21-792680728-2042039511-3378621247-1011\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Objet reconnu !
Emplacement : : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct3d


MRU List Objet reconnu !
Emplacement : : S-1-5-21-792680728-2042039511-3378621247-1011\software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Objet reconnu !
Emplacement : : software\microsoft\direct3d\mostrecentapplication
Description : most recent application to use microsoft direct X


MRU List Objet reconnu !
Emplacement : : software\microsoft\directdraw\mostrecentapplication
Description : most recent application to use microsoft directdraw


MRU List Objet reconnu !
Emplacement : : S-1-5-21-792680728-2042039511-3378621247-1011\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Objet reconnu !
Emplacement : : S-1-5-21-792680728-2042039511-3378621247-1011\software\microsoft\directinput\mostrecentapplication
Description : most recent application to use microsoft directinput


MRU List Objet reconnu !
Emplacement : : S-1-5-21-792680728-2042039511-3378621247-1011\software\microsoft\internet explorer\typedurls
Description : list of recently entered addresses in microsoft internet explorer


MRU List Objet reconnu !
Emplacement : : S-1-5-21-792680728-2042039511-3378621247-1011\software\microsoft\mediaplayer\player\recentfilelist
Description : list of recently used files in microsoft windows media player


MRU List Objet reconnu !
Emplacement : : S-1-5-21-792680728-2042039511-3378621247-1011\software\microsoft\windows\currentversion\explorer\comdlg32\lastvisitedmru
Description : list of recent programs opened


MRU List Objet reconnu !
Emplacement : : S-1-5-21-792680728-2042039511-3378621247-1011\software\microsoft\windows\currentversion\explorer\comdlg32\opensavemru
Description : list of recently saved files, stored according to file extension


MRU List Objet reconnu !
Emplacement : : S-1-5-21-792680728-2042039511-3378621247-1011\software\microsoft\windows\currentversion\explorer\recentdocs
Description : list of recent documents opened


MRU List Objet reconnu !
Emplacement : : S-1-5-21-792680728-2042039511-3378621247-1011\software\microsoft\windows\currentversion\explorer\runmru
Description : mru list for items opened in start | run


MRU List Objet reconnu !
Emplacement : : S-1-5-21-792680728-2042039511-3378621247-1011\software\microsoft\windows media\wmsdk\general
Description : windows media sdk


Affichage des processus en cours d'exécution
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 488
ThreadCreationTime : 28/04/2007 07:39:01
BasePriority : Normal


#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 540
ThreadCreationTime : 28/04/2007 07:39:04
BasePriority : Normal


#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 568
ThreadCreationTime : 28/04/2007 07:39:06
BasePriority : High


#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 612
ThreadCreationTime : 28/04/2007 07:39:06
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 624
ThreadCreationTime : 28/04/2007 07:39:06
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 772
ThreadCreationTime : 28/04/2007 07:39:06
BasePriority : Normal
FileVersion : 6.14.10.4119
ProductVersion : 6.14.10.4119
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 784
ThreadCreationTime : 28/04/2007 07:39:06
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 856
ThreadCreationTime : 28/04/2007 07:39:06
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 932
ThreadCreationTime : 28/04/2007 07:39:06
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 984
ThreadCreationTime : 28/04/2007 07:39:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1092
ThreadCreationTime : 28/04/2007 07:39:07
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:12 [aswupdsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1240
ThreadCreationTime : 28/04/2007 07:39:08
BasePriority : Normal
FileVersion : 4, 7, 985, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : avast! Antivirus updating service
InternalName : aswUpdSv.exe
LegalCopyright : Copyright (c) 2007 ALWIL Software
OriginalFilename : aswUpdSv.exe

#:13 [ashserv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 1288
ThreadCreationTime : 28/04/2007 07:39:08
BasePriority : High
FileVersion : 4, 7, 985, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : avast! antivirus service
InternalName : aswServ
LegalCopyright : Copyright (c) 2007 ALWIL Software
OriginalFilename : aswServ.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1500
ThreadCreationTime : 28/04/2007 07:39:11
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [lvprcsrv.exe]
FilePath : c:\program files\fichiers communs\logitech\lvmvfm\
ProcessID : 1576
ThreadCreationTime : 28/04/2007 07:39:11
BasePriority : Normal
FileVersion : 9.5.0.1098
ProductVersion : 9.5.0.1098
ProductName : Logitech QuickCam
CompanyName : Logitech Inc.
FileDescription : Logitech LVPrcSrv Module.
InternalName : LVPrcSrv.exe
LegalCopyright : (c) 1996-2006 Logitech. All rights reserved.
OriginalFilename : LVPrcSrv.exe

#:16 [ati2evxx.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1732
ThreadCreationTime : 28/04/2007 07:39:17
BasePriority : Normal
FileVersion : 6.14.10.4119
ProductVersion : 6.14.10.4119
ProductName : ATI External Event Utility for WindowsNT and Windows9X
CompanyName : ATI Technologies Inc.
FileDescription : ATI External Event Utility EXE Module
InternalName : ATI2EVXX.EXE
LegalCopyright : Copyright © 1999-2004 ATI Technologies Inc.
OriginalFilename : ATI2EVXX.EXE

#:17 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 1840
ThreadCreationTime : 28/04/2007 07:39:17
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE

#:18 [mdm.exe]
FilePath : C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\
ProcessID : 2032
ThreadCreationTime : 28/04/2007 07:39:18
BasePriority : Normal
FileVersion : 7.00.9466
ProductVersion : 7.00.9466
ProductName : Microsoft® Visual Studio .NET
CompanyName : Microsoft Corporation
FileDescription : Machine Debug Manager
InternalName : mdm.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : mdm.exe

#:19 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 212
ThreadCreationTime : 28/04/2007 07:39:18
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:20 [vsmon.exe]
FilePath : C:\WINDOWS\system32\ZoneLabs\
ProcessID : 360
ThreadCreationTime : 28/04/2007 07:39:18
BasePriority : Normal
FileVersion : 7.0.337.000
ProductVersion : 7.0.337.000
ProductName : TrueVector Service
CompanyName : Zone Labs, LLC
FileDescription : TrueVector Service
InternalName : vsmon
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : vsmon.exe

#:21 [zlclient.exe]
FilePath : C:\Program Files\Zone Labs\ZoneAlarm\
ProcessID : 1744
ThreadCreationTime : 28/04/2007 07:39:22
BasePriority : Normal
FileVersion : 7.0.337.000
ProductVersion : 7.0.337.000
ProductName : ZoneAlarm Client
CompanyName : Zone Labs, LLC
FileDescription : ZoneAlarm Client
InternalName : zlclient
LegalCopyright : Copyright © 1998-2006, Zone Labs, LLC
OriginalFilename : zlclient.exe

#:22 [ashdisp.exe]
FilePath : C:\PROGRA~1\ALWILS~1\Avast4\
ProcessID : 1780
ThreadCreationTime : 28/04/2007 07:39:22
BasePriority : Normal
FileVersion : 4, 7, 985, 0
ProductVersion : 4, 7, 0, 0
ProductName : avast! Antivirus
CompanyName : ALWIL Software
FileDescription : avast! service GUI component
InternalName : aswDisp
LegalCopyright : Copyright (c) 2007 ALWIL Software
OriginalFilename : aswDisp.exe

#:23 [soundman.exe]
FilePath : C:\WINDOWS\
ProcessID : 1784
ThreadCreationTime : 28/04/2007 07:39:23
BasePriority : Normal
FileVersion : 5, 1, 0, 58
ProductVersion : 5, 1, 0, 58
ProductName : Realtek Sound Manager
CompanyName : Realtek Semiconductor Corp.
FileDescription : Realtek Sound Manager
InternalName : ALSMTray
LegalCopyright : Copyright (c) 2001-2004 Realtek Semiconductor Corp.
OriginalFilename : ALSMTray.exe
Comments : Realtek AC97 Audio Sound Manager

#:24 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 308
ThreadCreationTime : 28/04/2007 07:39:23
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:25 [adsl autoconnect.exe]
FilePath : C:\Program Files\ADSL Autoconnect\
ProcessID : 440
ThreadCreationTime : 28/04/2007 07:39:26
BasePriority : Normal
FileVersion : 2, 0, 6, 7
ProductVersion : 2, 0, 6, 7
ProductName : ADSLAutoconnect
FileDescription : ADSLAutoconnect
InternalName : Autoconnect
LegalCopyright : Copyright (c) 2001-2006
OriginalFilename : ADSLAutoconnect.exe

#:26 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 516
ThreadCreationTime : 28/04/2007 07:39:27
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:27 [hpqtra08.exe]
FilePath : C:\Program Files\HP\Digital Imaging\bin\
ProcessID : 928
ThreadCreationTime : 28/04/2007 07:39:30
BasePriority : Normal
FileVersion : 53.0.13.000
ProductVersion : 053.000.013.000
ProductName : hp digital imaging - hp all-in-one series
CompanyName : Hewlett-Packard Co.
FileDescription : HP Digital Imaging Monitor
InternalName : HPQTRA00
LegalCopyright : Copyright (C) Hewlett-Packard Co. 1995-2004
OriginalFilename : HPQTRA00.EXE
Comments : HP Digital Imaging Monitor

#:28 [ashmaisv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 2620
ThreadCreationTime : 28/04/2007 07:39:48
BasePriority : Normal


#:29 [ashwebsv.exe]
FilePath : C:\Program Files\Alwil Software\Avast4\
ProcessID : 2724
ThreadCreationTime : 28/04/2007 07:39:51
BasePriority : Normal


#:30 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3880
ThreadCreationTime : 28/04/2007 07:40:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:31 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2412
ThreadCreationTime : 28/04/2007 07:49:53
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:32 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 3744
ThreadCreationTime : 28/04/2007 07:50:44
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:33 [firefox.exe]
FilePath : C:\Program Files\Mozilla Firefox\
ProcessID : 7680
ThreadCreationTime : 28/04/2007 08:27:34
BasePriority : Normal


#:34 [ad-aware.exe]
FilePath : C:\Program Files\Lavasoft\Ad-Aware SE Personal\
ProcessID : 7176
ThreadCreationTime : 28/04/2007 08:38:20
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

Résultat de l’analyse de la mémoire :
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Nouv. obj. critiques : 0
Objets détectés jusqu'à présent : 16


Analyse du registre démarrée
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Résultat de l’analyse du registre :
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Nouv. obj. critiques : 0
Objets détectés jusqu'à présent : 16


Analyse approfondie du registre démarrée
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Résultat de l’analyse approfondie du registre :
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Nouv. obj. critiques : 0
Objets détectés jusqu'à présent : 16


Analyse des cookies de suivi lancée
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»


Tracking Cookie Objet reconnu !
Type : IECache Entry
Données : luis@weborama[2].txt
Notation TAC : 3
Catégorie : Data Miner
Commentaire : Hits:15
Valeur : Cookie:luis@weborama.fr/
Expires : 14/04/2012 18:12:46
LastSync : Hits:15
UseCount : 0
Hits : 15

Tracking Cookie Objet reconnu !
Type : IECache Entry
Données : luis@www.smartadserver[1].txt
Notation TAC : 3
Catégorie : Data Miner
Commentaire : Hits:3
Valeur : Cookie:luis@www.smartadserver.com/
Expires : 15/04/2027 18:24:38
LastSync : Hits:3
UseCount : 0
Hits : 3

Tracking Cookie Objet reconnu !
Type : IECache Entry
Données : luis@2o7[2].txt
Notation TAC : 3
Catégorie : Data Miner
Commentaire : Hits:8
Valeur : Cookie:luis@2o7.net/
Expires : 25/04/2012 20:48:38
LastSync : Hits:8
UseCount : 0
Hits : 8

Résultat de l’analyse des cookies de suivi :
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Nouv. obj. critiques : 3
Objets détectés jusqu'à présent : 19



Analyse et examen approfondis des fichiers (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Objet reconnu !
Type : IECache Entry
Données : hp_propriétaire@247realmedia[1].txt
Notation TAC : 3
Catégorie : Data Miner
Commentaire :
Valeur : C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@247realmedia[1].txt

Tracking Cookie Objet reconnu !
Type : IECache Entry
Données : hp_propriétaire@adtech[2].txt
Notation TAC : 3
Catégorie : Data Miner
Commentaire :
Valeur : C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@adtech[2].txt

Tracking Cookie Objet reconnu !
Type : IECache Entry
Données : hp_propriétaire@fl01.ct2.comclick[1].txt
Notation TAC : 3
Catégorie : Data Miner
Commentaire :
Valeur : C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@fl01.ct2.comclick[1].txt

Tracking Cookie Objet reconnu !
Type : IECache Entry
Données : hp_propriétaire@weborama[2].txt
Notation TAC : 3
Catégorie : Data Miner
Commentaire :
Valeur : C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@weborama[2].txt

Tracking Cookie Objet reconnu !
Type : IECache Entry
Données : hp_propriétaire@www.smartadserver[1].txt
Notation TAC : 3
Catégorie : Data Miner
Commentaire :
Valeur : C:\Documents and Settings\HP_Propriétaire\Cookies\hp_propriétaire@www.smartadserver[1].txt

Tracking Cookie Objet reconnu !
Type : IECache Entry
Données : marina_et_anna@2o7[2].txt
Notation TAC : 3
Catégorie : Data Miner
Commentaire :
Valeur : C:\Documents and Settings\Marina et Anna\Cookies\marina_et_anna@2o7[2].txt

Tracking Cookie Objet reconnu !
Type : IECache Entry
Données : marina_et_anna@atdmt[2].txt
Notation TAC : 3
Catégorie : Data Miner
Commentaire :
Valeur : C:\Documents and Settings\Marina et Anna\Cookies\marina_et_anna@atdmt[2].txt

Tracking Cookie Objet reconnu !
Type : IECache Entry
Données : marina_et_anna@msnportal.112.2o7[1].txt
Notation TAC : 3
Catégorie : Data Miner
Commentaire :
Valeur : C:\Documents and Settings\Marina et Anna\Cookies\marina_et_anna@msnportal.112.2o7[1].txt

Tracking Cookie Objet reconnu !
Type : IECache Entry
Données : marina_et_anna@statse.webtrendslive[2].txt
Notation TAC : 3
Catégorie : Data Miner
Commentaire :
Valeur : C:\Documents and Settings\Marina et Anna\Cookies\marina_et_anna@statse.webtrendslive[2].txt

Tracking Cookie Objet reconnu !
Type : IECache Entry
Données : marina_et_anna@weborama[2].txt
Notation TAC : 3
Catégorie : Data Miner
Commentaire :
Valeur : C:\Documents and Settings\Marina et Anna\Cookies\marina_et_anna@weborama[2].txt

Tracking Cookie Objet reconnu !
Type : IECache Entry
Données : marina_et_anna@www.smartadserver[1].txt
Notation TAC : 3
Catégorie : Data Miner
Commentaire :
Valeur : C:\Documents and Settings\Marina et Anna\Cookies\marina_et_anna@www.smartadserver[1].txt

Résultat de l’analyse du disque pour C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Nouv. obj. critiques : 0
Objets détectés jusqu'à présent : 30


Analyse et examen approfondis des fichiers (D:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Résultat de l’analyse du disque pour D:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Nouv. obj. critiques : 0
Objets détectés jusqu'à présent : 30


Analyse du fichier Hosts…...
Emplacement du fichier Hosts :"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Résultat d’analyse du fichier Hosts :
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
71 entrées analysées.
Nouv. obj. critiques :0
Objets détectés jusqu'à présent : 30




Analyses conditionnelles en cours...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Résultat d’analyse conditionnelle :
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Nouv. obj. critiques : 0
Objets détectés jusqu'à présent : 30

11:10:49 Analyse terminée

Récap. de cette anal.
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Durée tot. analyse :00:19:28.422
Objets analysés :226364
Objets identifiés :14
Objets ignorés :0
Nouv. obj. critiques :14
0
luis170395 Messages postés 334 Date d'inscription mercredi 17 janvier 2007 Statut Membre Dernière intervention 12 décembre 2008 51
28 avril 2007 à 11:27
le scan en ligne ne fonctionne pas, avast me signale que le control activeX est un virus !!
0
luis170395 Messages postés 334 Date d'inscription mercredi 17 janvier 2007 Statut Membre Dernière intervention 12 décembre 2008 51
28 avril 2007 à 11:47
voila g tout fait sauf le scan en ligne
0
luis170395 Messages postés 334 Date d'inscription mercredi 17 janvier 2007 Statut Membre Dernière intervention 12 décembre 2008 51
28 avril 2007 à 15:05
aucune amélioration.
HELP plz
0