Sujet Précédent Sujet Suivant

[Spyware Récalcitrant] Infecté cacu_001.exe

dreamcastman Messages postés 97 Statut Membre -  
dreamcastman Messages postés 97 Statut Membre -
Bonjour,

Je vous écris parce que depuis un moment, j'ai un message d'alerte au demarage de Windiws que le fichier "C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe" /cleanup est introuvable..

Alors je suis allé dans le registre Système et jai vérifié dans le dossier RunONCE que la clé eISS_cleanup de valeur "C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe" /cleanup et de type REG_SZ.

J'ai tout essayé:

-Suppression direct du registre mais quand je le supprime, il revient tout le temps

-Tentative de suppression avec le logiciel HijackThis, Fix Checked mais le probleme c quil me supprime rien du tout, il trevient tout le temps.

-Scan avec Avg,Avast,CCCleaner.... rien trouvé du tout..

-msconfig gestion du démarrage, je decoche tout mais le probleme c quil revient tout le temps.

Si quelq'un avait la solution, un fix... je suis preneur.

Je vous donne ce le rapport que ma fait Hijack This:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:42:39, on 08/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\taskmgr.exe
C:\WINDOWS\regedit.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customsearch/customsearch-en.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.fxsound.com/?vendor=15&subvendor=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: (no name) - {7C261B08-C86A-4988-A369-D03030B3C47F} - (no file)
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [kruayzcql] c:\windows\system32\kruayzcql.exe kruayzcql
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [openvpn-gui] "C:\Program Files\OpenVPN\bin\openvpn-gui.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\RunOnce: [eISS_cleanup] "C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe" /cleanup
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/net/Import/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.fr/?channel=1005
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: ,clkern.dll,wbsys.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
A voir également:

105 réponses

Précédent
Réponse 61 / 105
dreamcastman Messages postés 97 Statut Membre
 
Log de Trojan Remover:

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.5.9, Build 2457. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 12/05/2007 22:13:11
Using Database v6760
Operating System: Windows XP Professional Service Pack 2 (Build 2600)
Using data directory: C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\Administrateur.DREAMCAST\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges

**************************************************
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

******************************
22:13:11: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

******************************
22:13:11: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

******************************
22:13:11: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

******************************
22:13:13: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = ACTIVBOARD
Value Data = C:\Apps\ActivBoard\MMKeybd.exe - this command has been left in place
--------------------
Value Name = avast!
Value Data = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - this command has been left in place
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = msnmsgr
Value Data = C:\Program Files\MSN Messenger\msnmsgr.exe" /background - this command has been left in place
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty

******************************
22:13:14: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll - this ShellExecuteHook has been left in place
----------

******************************
22:13:14: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Registry Run Keys Hidden Entries found
----------

******************************
22:13:15: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

******************************
22:13:15: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
StubPath=C:\WINDOWS\system32\ieudinit.exe - this reference has been left in place
----------
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------

******************************
22:13:18: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this file is globally excluded (file cannot be found)
--------------------
Key=HTTPFilter
ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RemoteRegistry
ServiceDLL=%SystemRoot%\system32\regsvc.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\system32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=UxTuneUp
ServiceDLL=%SystemRoot%\System32\uxtuneup.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\system32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSN
ServiceDLL=C:\WINDOWS\system32\MsPMSNSv.dll - this reference has been left in place
--------------------
Key=Wmi
ServiceDLL=%SystemRoot%\System32\advapi32.dll - this reference has been left in place
--------------------
Key=wscsvc
ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\WINDOWS\system32\wuauserv.dll - this reference has been left in place
--------------------
Key=WudfSvc
ServiceDLL=%SystemRoot%\System32\WUDFSvc.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
--------------------
Key=xmlprov
ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place

******************************
22:13:32: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=a2AntiMalware
ImagePath=C:\Program Files\a-squared Anti-Malware\a2service.exe - this reference has been left in place
----------
Key=a347bus
ImagePath=system32\DRIVERS\a347bus.sys - this reference has been left in place
----------
Key=a347scsi
ImagePath=System32\Drivers\a347scsi.sys - this reference has been left in place
----------
Key=ACPI
ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=Arp1394
ImagePath=system32\DRIVERS\arp1394.sys - this reference has been left in place
----------
Key=aspnet_state
ImagePath=%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - this reference has been left in place
----------
Key=aswUpdSv
ImagePath="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" - this reference has been left in place
----------
Key=AsyncMac
ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
C:\WINDOWS\system32\DRIVERS\atapi.sys appears to be in-use/locked - scanning skipped.
Key=atapi
ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=avast! Antivirus
ImagePath="C:\Program Files\Alwil Software\Avast4\ashServ.exe" - this reference has been left in place
----------
Key=avast! Mail Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service - this reference has been left in place
----------
Key=avast! Web Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service - this reference has been left in place
----------
Key=AVG Anti-Spyware Driver
ImagePath=\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys - this reference has been left in place
----------
Key=AVG Anti-Spyware Guard
ImagePath=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - this reference has been left in place
----------
Key=AvgAsCln
ImagePath=System32\DRIVERS\AvgAsCln.sys - this reference has been left in place
----------
Key=Bridge
ImagePath=system32\DRIVERS\bridge.sys - this reference has been left in place
----------
Key=BridgeMP
ImagePath=system32\DRIVERS\bridge.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=CiSvc
ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=clr_optimization_v2.0.50727_32
ImagePath=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=Disk
ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=Diskeeper
ImagePath="C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe" - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=driverhardwarev2
ImagePath=\??\C:\Program Files\HardwareDetection\driverhardwarev2.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
C:\WINDOWS\System32\Drivers\dtscsi.sys appears to be in-use/locked - scanning skipped.
Key=dtscsi
ImagePath=\SystemRoot\System32\Drivers\dtscsi.sys - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=Fdc
ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place
----------
Key=Ftdisk
ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=giveio
ImagePath=system32\giveio.sys - this reference has been left in place
----------
Key=Gpc
ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=HidUsb
ImagePath=system32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=HTTP
ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=IDriverT
ImagePath="C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" - this reference has been left in place
----------
Key=Imapi
ImagePath=system32\DRIVERS\imapi.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\system32\imapi.exe - this reference has been left in place
----------
Key=intelppm
ImagePath=system32\DRIVERS\intelppm.sys - this reference has been left in place
----------
Key=Ip6Fw
ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=IPSec
ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=ithsgt
ImagePath=system32\DRIVERS\ithsgt.sys - this reference has been left in place
----------
Key=Kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=libusb0
ImagePath=system32\DRIVERS\libusb0.sys - this reference has been left in place
----------
Key=lilsgt
ImagePath=system32\DRIVERS\lilsgt.sys - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place
----------
Key=Mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place
----------
Key=msikbd2k
ImagePath=System32\DRIVERS\msikbd2k.sys - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=system32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=nhksrv
ImagePath=C:\Apps\ActivBoard\nhksrv.exe - this reference has been left in place
----------
Key=NIC1394
ImagePath=system32\DRIVERS\nic1394.sys - this reference has been left in place
----------
Key=nm
ImagePath=system32\DRIVERS\NMnt.sys - this reference has been left in place
----------
Key=NPF
ImagePath=system32\drivers\npf.sys - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=nv
ImagePath=system32\DRIVERS\nv4_mini.sys - this reference has been left in place
----------
Key=NVSvc
ImagePath=%SystemRoot%\system32\nvsvc32.exe - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=system32\DRIVERS\nwlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=system32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
----------
Key=odserv
ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE" - this reference has been left in place
----------
Key=ohci1394
ImagePath=system32\DRIVERS\ohci1394.sys - this reference has been left in place
----------
Key=OpenVPNService
ImagePath=C:\Program Files\OpenVPN\bin\openvpnserv.exe - this reference has been left in place
----------
Key=ose
ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" - this reference has been left in place
----------
Key=PACSPTISVR
ImagePath="C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe" - this reference has been left in place
----------
Key=Parport
ImagePath=system32\DRIVERS\parport.sys - this reference has been left in place
----------
Key=PCI
ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=pfc
ImagePath=system32\drivers\pfc.sys - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=system32\DRIVERS\PxHelp20.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=system32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=system32\DRIVERS\raspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=rdpdr
ImagePath=system32\DRIVERS\rdpdr.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=system32\DRIVERS\redbook.sys - this reference has been left in place
----------
Key=rpcapd
ImagePath="%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\system32\rsvp.exe - this reference has been left in place
----------
Key=rtl8139
ImagePath=system32\DRIVERS\RTL8139.SYS - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=scrcap
ImagePath=system32\DRIVERS\scrcap.sys - this reference has been left in place
----------
Key=Secdrv
ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=serenum
ImagePath=system32\DRIVERS\serenum.sys - this reference has been left in place
----------
Key=Serial
ImagePath=system32\DRIVERS\serial.sys - this reference has been left in place
----------
Key=sfdrv01
ImagePath=System32\drivers\sfdrv01.sys - this reference has been left in place
----------
Key=sfhlp02
ImagePath=System32\drivers\sfhlp02.sys - this reference has been left in place
----------
Key=sfvfs02
ImagePath=System32\drivers\sfvfs02.sys - this reference has been left in place
----------
Key=sisagp
ImagePath=system32\DRIVERS\sisagp.sys - this reference has been left in place
----------
Key=SiSide
ImagePath=system32\DRIVERS\siside.sys - this reference has been left in place
----------
Key=speedfan
ImagePath=system32\speedfan.sys - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=sptd
ImagePath=System32\Drivers\sptd.sys - this file is globally excluded
----------
Key=SPTISRV
ImagePath="C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe" - this reference has been left in place
----------
Key=sr
ImagePath=system32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=Srv
ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=ssm_bus
ImagePath=system32\DRIVERS\ssm_bus.sys - this reference has been left in place
----------
Key=ssm_mdfl
ImagePath=system32\DRIVERS\ssm_mdfl.sys - this reference has been left in place
----------
Key=ssm_mdm
ImagePath=system32\DRIVERS\ssm_mdm.sys - this reference has been left in place
----------
Key=ss_bus
ImagePath=system32\DRIVERS\ss_bus.sys - this reference has been left in place
----------
Key=ss_mdfl
ImagePath=system32\DRIVERS\ss_mdfl.sys - this reference has been left in place
----------
Key=ss_mdm
ImagePath=system32\DRIVERS\ss_mdm.sys - this reference has been left in place
----------
Key=STAC97NA
ImagePath=system32\drivers\stac97na.sys - this reference has been left in place
----------
Key=STAC97NH
ImagePath=system32\drivers\stac97nh.sys - this reference has been left in place
----------
Key=swenum
ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{1E3B57ED-6813-4E52-BB50-1C87CDB8F21B} - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=tap0801
ImagePath=system32\DRIVERS\tap0801.sys - this reference has been left in place
----------
Key=Tcpip
ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=Tetris
ImagePath=System32\Drivers\Tetris.sys - this reference has been left in place
----------
Key=TlntSvr
ImagePath=C:\WINDOWS\system32\tlntsvr.exe - this reference has been left in place
----------
Key=Update
ImagePath=system32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbccgp
ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbehci
ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbohci
ImagePath=system32\DRIVERS\usbohci.sys - this reference has been left in place
----------
Key=usbscan
ImagePath=system32\DRIVERS\usbscan.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usnjsvc
ImagePath="C:\Program Files\MSN Messenger\usnsvc.exe" - this reference has been left in place
----------
Key=Vcs
ImagePath=\??\C:\WINDOWS\system32\Drivers\Vcs.sys - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=VMnetAdapter
ImagePath=system32\DRIVERS\vmnetadapter.sys - this reference has been left in place
----------
Key=vsdatant
ImagePath=\??\C:\WINDOWS\system32\vsdatant.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=Wanarp
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=WebDriveFSD
ImagePath=\??\C:\Program Files\NetDrive\rffsd.sys - this reference has been left in place
----------
Key=WebDriveService
ImagePath=C:\Program Files\NetDrive\wdService.exe - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place
----------
Key=WMPNetworkSvc
ImagePath=C:\Program Files\Windows Media Player\WMPNetwk.exe - this reference has been left in place
----------
Key=WS2IFSL
ImagePath=\SystemRoot\System32\drivers\ws2ifsl.sys - this reference has been left in place
----------
Key=WudfPf
ImagePath=system32\DRIVERS\WudfPf.sys - this reference has been left in place
----------
Key=WudfRd
ImagePath=system32\DRIVERS\wudfrd.sys - this reference has been left in place
----------
Key=XBCD
ImagePath=System32\Drivers\xbcd.sys - this reference has been left in place
----------

******************************
22:15:14: Scanning -----VXD ENTRIES-----
Checking VMM32 VxD files being loaded

******************************
22:15:14: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=WBSrv
DLLName=C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - this reference has been left in place
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------

******************************
22:15:17: Scanning ----- CONTEXTMENUHANDLERS -----
Key = 7-Zip
CLSID = {23170F69-40C1-278A-1000-000100020000}
C:\Program Files\7-Zip\7-zip.dll - this ContextMenuHandler has been left in place
----------
Key = avast
CLSID = {472083B0-C522-11CF-8763-00608CC02F24}
C:\Program Files\Alwil Software\Avast4\ashShell.dll - this ContextMenuHandler has been left in place
----------
Key = AVG Anti-Spyware
CLSID = {8934FCEF-F5B8-468f-951F-78A921CD3920}
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll - this ContextMenuHandler has been left in place
----------
Key = Fichiers hors connexion
CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
%SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
----------
Key = FTP Expert
CLSID = {1EBC3533-B289-409F-9924-B84B3F0717D2}
C:\PROGRA~1\VISICO~1\FTPEXP~1\ftpcntxt.dll - this ContextMenuHandler has been left in place
----------
Key = MatroskaContextMenu
CLSID = {789111D8-68A3-46a3-9663-145A3FF4C9C9}
C:\Program Files\MatroskaProp\MatroskaProp.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = TuneUp Shredder Shell Extension
CLSID = {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll - this ContextMenuHandler has been left in place
----------
Key = VIDEOTRANS
CLSID = {548773BA-874E-4C02-9DC7-B7A096772C7D}
C:\Program Files\MP3 Player Utilities 3.57\AMVTools\SrcCount.dll - this ContextMenuHandler has been left in place
----------
Key = WinRAR
CLSID = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Program Files\WinRAR\rarext.dll - this ContextMenuHandler has been left in place
----------
Key = WinUHA
CLSID = {095177B8-8097-4D32-9081-A8949C47020E}
C:\PROGRA~1\WinUHA\SHELLW~1.DLL - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll - this ContextMenuHandler has been left in place
----------

******************************
22:15:24: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {781395AF-A127-469f-A06F-59B482AF4F3F}
C:\Program Files\MatroskaProp\MatroskaProp.dll - this Folder\ColumnHandler has been left in place
----------
Key = {7D4D6379-F301-4311-BEBA-E26EB0561882}
C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll - this Folder\ColumnHandler has been left in place
----------
Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
----------
Key = {FED7043D-346A-414D-ACD7-550D052499A7}
C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll - this Folder\ColumnHandler has been left in place
----------

******************************
22:15:27: Scanning ----- BROWSER HELPER OBJECTS -----
No Browser Helper Objects found to scan

******************************
22:15:27: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
C:\WINDOWS\system32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place
----------
Key = WPDShServiceObj
C:\WINDOWS\system32\WPDShServiceObj.dll - this ShellServiceObject has been left in place
----------

******************************
22:15:28: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment = Pré-chargeur Browseui
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------
Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment = Démon de cache des catégories de composant
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------

******************************
22:15:29: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

******************************
22:15:29: Scanning ----- APPINIT_DLLS -----
[AppInitDLLs entry = ,clkern.dll,wbsys.dll]
The following AppInit_DLLs are loaded at boot-time:
clkern.dll - this file has been left in place
----------
wbsys.dll - this file has been left in place
----------

******************************
22:15:30: Scanning ------ USER STARTUP GROUPS ------
Checking Startup Group for All Users
[C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp]
No Startup files for All Users were located to check

******************************
22:15:30: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
desktop.ini - this file is expected and has been left in place
--------------------

******************************
No User Startup Groups were located to check

******************************
22:15:31: Scanning ----- SCHEDULED TASKS -----

******************************
22:15:31: ----- EXTRA CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------

******************************
22:15:32: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place

******************************
22:15:32: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe
--------------------
C:\Apps\ActivBoard\nhksrv.exe
--------------------
C:\Program Files\a-squared Anti-Malware\a2service.exe
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\Apps\ActivBoard\MMKeybd.exe
--------------------
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
--------------------
C:\Program Files\MSN Messenger\msnmsgr.exe
--------------------
C:\Apps\ActivBoard\TrayMon.exe
--------------------
C:\Apps\ActivBoard\OSD.exe
--------------------
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
--------------------
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\Program Files\MSN Messenger\usnsvc.exe
--------------------
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWare.exe
--------------------
C:\Program Files\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWareControl.exe
--------------------
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\Scan_v2.exe
--------------------
C:\WINDOWS\explorer.exe
--------------------
C:\Program Files\Notepad++\notepad++.exe
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
--------------------
C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Simply Super Software\Trojan Remover\kif2E.exe
FileSize: 1 790 528
[This is a Trojan Remover component]
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE
--------------------

******************************
22:15:52: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

******************************
22:15:52: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

******************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://fr.yahoo.com/?p=us
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.fr/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

******************************

NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES


Scan completed at: 12/05/2007 22:15:52
************************************************************

***** INDIVIDUAL FILE SCAN *****
Trojan Remover Ver 6.5.9, Build 2457. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 10/05/2007 22:04:37
Using Database v6760
Operating System: Windows XP Professional Service Pack 2 (Build 2600)
Using data directory: C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\Administrateur.DREAMCAST\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges

**************************************************
Carrying out individual file scan on C:\WINDOWS\system32\wscntfy.exe
This file appears to be OK
C:\WINDOWS\system32\wscntfy.exe - running process located and terminated
C:\WINDOWS\system32\wscntfy.exe has been deleted
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.5.9, Build 2457. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 06/05/2007 11:32:10
Using Database v6760
Operating System: Windows XP Professional Service Pack 2 (Build 2600)
Using data directory: C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\Administrateur.DREAMCAST\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges

**************************************************
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

******************************
11:32:10: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

******************************
11:32:10: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

******************************
11:32:10: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

******************************
11:32:12: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = ACTIVBOARD
Value Data = C:\Apps\ActivBoard\MMKeybd.exe - this command has been left in place
--------------------
Value Name = DAEMON Tools
Value Data = C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 - this command has been left in place
--------------------
Value Name = openvpn-gui
Value Data = C:\Program Files\OpenVPN\bin\openvpn-gui.exe - this command has been left in place
--------------------
Value Name = NvCplDaemon
Value Data = "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup - this command has been left in place
--------------------
Value Name = avast!
Value Data = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - this command has been left in place
--------------------
Value Name = QuickTime Task
Value Data = C:\Program Files\QuickTime\qttask.exe" -atboottime - this command has been left in place
--------------------
Value Name = gcasServ
Value Data = C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe - this command has been left in place [file not found to scan]
--------------------
Value Name = kruayzcql
Value Data = c:\windows\system32\kruayzcql.exe kruayzcql - this command has been left in place [file not found to scan]
--------------------
Value Name = kruayzcql
Value Data = c:\windows\system32\kruayzcql.exe kruayzcql - this command has been left in place [file not found to scan]
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key attempts to run the following program(s):
Value Name = eISS_cleanup
Value Data = C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe" /cleanup - this command has been left in place [file not found to scan]
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = SuperCopier2.exe
Value Data = C:\Program Files\SuperCopier2\SuperCopier2.exe - this command has been left in place
--------------------
Value Name = TuneUp MemOptimizer
Value Data = C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart - this command has been left in place
--------------------
Value Name = ctfmon.exe
Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
--------------------
Value Name = AWMON
Value Data = C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe - this command has been left in place
--------------------
Value Name = msnmsgr
Value Data = C:\Program Files\MSN Messenger\msnmsgr.exe" /background - this command has been left in place
--------------------
Value Name = FreeCall
Value Data = C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized - this command has been left in place [file not found to scan]
--------------------
Value Name = eMuleAutoStart
Value Data = C:\Program Files\eMule\emule.exe -AutoStart - this command has been left in place
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty

******************************
11:32:19: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

******************************
11:32:19: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
Hidden Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run
ValueName: fnwodulo
Value: c:\windows\system32\fnwodulo.exe fnwodulo
fnwodulo - this registry value has been removed [file not found to scan]
c:\windows\system32\fnwodulo.exe - process is either not running or could not be terminated
c:\windows\system32\fnwodulo.exe has been renamed to: c:\windows\system32\fnwodulo.exe.ren
This file will also be marked for renaming during PC restart, in case it is re-created
NVS2.INF, associated with Adware.NaviPromo, found in C:\WINDOWS\system32\
C:\WINDOWS\system32\NVS2.INF has been renamed to: C:\WINDOWS\system32\NVS2.INF.ren
PACK.EPK, associated with Adware.NaviPromo, found in C:\WINDOWS\
C:\WINDOWS\PACK.EPK has been renamed to: C:\WINDOWS\PACK.EPK.ren
C:\WINDOWS\system32\fnwodulo.dat has been renamed to: C:\WINDOWS\system32\fnwodulo.dat.ren
This file will also be marked for renaming during PC restart, in case it is re-created
C:\WINDOWS\system32\fnwodulo_nav.dat has been marked for renaming when the PC is restarted (if it exists)
C:\WINDOWS\system32\fnwodulo_navps.dat has been renamed to: C:\WINDOWS\system32\fnwodulo_navps.dat.ren
This file will also be marked for renaming during PC restart, in case it is re-created
----------

******************************
11:32:55: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

******************************
11:32:55: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
StubPath=C:\WINDOWS\system32\ieudinit.exe - this reference has been left in place
----------
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------

******************************
11:32:59: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this file is globally excluded (file cannot be found)
--------------------
Key=HTTPFilter
ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=Rem
0
Réponse 62 / 105
Darkkiller Messages postés 2336 Statut Contributeur 67
 
Re,

Donc telecharge ELIBAGLA
http://www.zonavirus.com/datos/descargas/95/elibagla.asp

suis ces procédures :

Clique sur le bouton Descargar Elibagla, cela va télécharger le fichier, place-le sur ton Bureau.
Double-clique dessus pour l'ouvrir.
Assure-toi que dans le menu déroulant Unidad, vous ayez bien C:\
Vérifie aussi aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente soit bien cochée.
Clique sur le bouton Explorar pour lancer l'analyse.
Poste le rapport généré en fin d'analyse.

Poste le rapport dans ton prochain post

0
Réponse 63 / 105
dreamcastman Messages postés 97 Statut Membre
 
Il a fini de scanner mais je sais pas ou trover le rapport?
0
Réponse 64 / 105
Darkkiller Messages postés 2336 Statut Contributeur 67
 
Dans

C:/ELIBAGLA
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 105
dreamcastman Messages postés 97 Statut Membre
 
inexistant
0
Réponse 66 / 105
Darkkiller Messages postés 2336 Statut Contributeur 67
 
Re,

C:/ELIBAGLA.txt ou C:/elibagla.txt
0
Réponse 67 / 105
dreamcastman Messages postés 97 Statut Membre
 
Désolé mais ton fichier est inexistant, je crois que cette application ne founit pas de log a la fin de son traitement.

Jai fait un scan avec, il ma trouver aucun virus.

Cependant pendant ce scan, il a essayé de scanner un fichier et avast mais alerter que ce fichier etait atteint du virus Baggle CA
donc je lai supprimer.

Je sais pas si je dois faire kkchose conte baggle?
0
Réponse 68 / 105
Darkkiller Messages postés 2336 Statut Contributeur 67
 
Re,

Ben l'outil elibagla était censé éliminé bagle ^^
Reéxécute-le et copie colles le log.
0
Réponse 69 / 105
dreamcastman Messages postés 97 Statut Membre
 
Benje le trouve pas...
jai iimpression que elibagla se ferme automatiquement en plein milieu de la recherche et c pour ca quil me fait pas de log...

Et en plus jai limpression qua chaque que jaccede a internet mon PC Ralentit. Serait ce a cause de louverture de port reseau?

Help please!
0
Réponse 70 / 105
Darkkiller Messages postés 2336 Statut Contributeur 67
 
Reposte un log Hijackthis.
0
Réponse 71 / 105
dreamcastman Messages postés 97 Statut Membre
 
Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:29:28, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RegSeeker\RegSeeker.exe
C:\WINDOWS\regedit.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\Scan_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - AppInit_DLLs: ,clkern.dll,wbsys.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe
0
Réponse 72 / 105
Darkkiller Messages postés 2336 Statut Contributeur 67
 
Re,

Télécharge la version 1.99 d'Hijackthis car la version 2.0 est une version beta (version test)

télécharger Hijackthis 1.99 :

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html
0
Réponse 73 / 105
dreamcastman Messages postés 97 Statut Membre
 
Logfile of HijackThis v1.99.1
Scan saved at 19:57:47, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard\nhksrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RegSeeker\RegSeeker.exe
C:\WINDOWS\regedit.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: ,clkern.dll,wbsys.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard\nhksrv.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

A quoi correspondent ces lignes:

O20 - AppInit_DLLs: ,clkern.dll,wbsys.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
0
Réponse 74 / 105
Darkkiller Messages postés 2336 Statut Contributeur 67
 
Re,

Ces lignes sont propres.
As-tu d'autres problèmes ?
As-tu un pare-feu installé ? Si oui lequel ?
0
Réponse 75 / 105
dreamcastman Messages postés 97 Statut Membre
 
Ben pour linstant le seul probleme que jai actuellement et que des que jaccede ainternet, mon pc a lair de tourner au ralentit (video qui saute, son qui gresille, long au démarrage....)

Et je ne sais pas c quoi qui pe faire ca sur mon PC
0
Réponse 76 / 105
Darkkiller Messages postés 2336 Statut Contributeur 67
 
Re,

scan kaspersky https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

Clic sur l'image Kaspersky Online Scanner
Clic sur J'accepte
Installes le ActiveX
Tu attends que la mise à jour se termine, une fois terminé,
clic sur Suivant
Clic sur Paramètres d'analyse
Coche la case Étendue >> Ok
Clic sur Poste de travail pour faire un scan complet
Une fois le scan fini à 100%, clic sur Enregistrer rapport
sous...
Enregistrer le rapport au format .txt (en nom tu mets rapport ou
ce que tu veux et en type tu choisis fichier texte (*.txt)
Tu ouvres le fichier que tu viens de sauvegarder, copie et colle
le rapport ici si tu es infecté
0
Réponse 77 / 105
dreamcastman Messages postés 97 Statut Membre
 
Deja essayer, il ma rien trouver
0
Réponse 78 / 105
Darkkiller Messages postés 2336 Statut Contributeur 67
 
reesaye ;)
0
Réponse 79 / 105
dreamcastman Messages postés 97 Statut Membre
 
Pour ce qui est de lutilisation du pare feu jutilise le pare feu Windows.

je sais pas si il est performant, sil ne lai pas quel pare feu me sonseiller vous sachant que je suis chez free donc il y a deja un pare feu au nivrau de ma freebox/

Je t passerai le log demain
0
Réponse 80 / 105
Darkkiller Messages postés 2336 Statut Contributeur 67
 
Re,
Le pare-feu de windows n'est pas top donc je te conseille el pare-feu kério :

Télécharge ce pare-feu KERIO: ( pare-feu, qui reste gratuit après la période d'essai de 21 jours! ) , ici : < http://www.dsi12.fr/telechargements/vnc/kerio-kpf-4.2.2-911-win.exe >
ou là :< http://www.infos-du-net.com/telecharger/Firewall-Kerio-Personal,0301-390.html >
•- Ensuite lancer l'installation de ce pare-feu.
Pour cela:

- tu dois impérativement couper la connexion de ton modem (débranche-le),
-Ça peut être un routeur et tu es relié par un câble, tu débranches le cable.
-Ça peut être un mécanisme wifi. Tu l'arrêtes ou tu le débranches si c'est un dongle).
-ensuite installer ce pare-feu une fois téléchargé ,
-et l'activer ( vérifier à ce moment que celui de Windows soit bien désactivé
-si non, fais-le manuellement, comme ceci : - Démarrer ->panneau de config (en affichage classique) -> pare-feu windows et tu le mets sur "désactiver". )
•- et enfin si tout s'est bien déroulé, rétablir ta connexion à Internet. .
Eventuellement mettre à jour Kério.

Visite ceci: < https://kerio.probb.fr/ > ; c'est ton intérêt .
Et clic là où renvoient les flèches < http://img249.imageshack.us/img249/1538/screenshot254tq8.gif >
Sur ce site, tu seras aidé spécifiquement à Kerio.
Merci à Boulepate.
Avec ces tutoriels pour configurer et comprendre l'utilisation de Kerio
- http://www.chez.com/leppa/scripts/kpfV4.html
- https://www.vulgarisation-informatique.com/kerio.php
-Tuto - https://forums.cnetfrance.fr
-Bloquer des ports avec Kerio - créer une règle de filtrage < https://www.vulgarisation-informatique.com/bloquer-ports.php >

DESACTIVE BIENSUR LE PAREFEU WINDOWS ;)
0

Discussions similaires

ou telecharger sndrec32.exe svp ?
Soundman -
Micra -

2 réponses
un lien pour telecharger sndrec32.exe
layesanga -
wartib -

2 réponses