[Spyware Récalcitrant] Infecté cacu_001.exe

Question

Bonjour,

Je vous écris parce que depuis un moment, j'ai un message d'alerte au demarage de Windiws que le fichier "C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe" /cleanup est introuvable..

Alors je suis allé dans le registre Système et jai vérifié  dans le dossier RunONCE que la clé eISS_cleanup de valeur "C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe" /cleanup et de type REG_SZ. 

J'ai tout essayé:

-Suppression direct du registre mais quand je le supprime, il revient tout le temps

-Tentative de suppression avec le logiciel HijackThis, Fix Checked mais le probleme c quil me supprime rien du tout, il trevient tout le temps.

-Scan avec Avg,Avast,CCCleaner.... rien trouvé du tout..

-msconfig gestion du démarrage, je decoche tout mais le probleme c quil revient tout le temps.

Si quelq'un avait la solution, un fix... je suis preneur.
 
Je vous donne ce le rapport que ma fait Hijack This:

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 12:42:39, on 08/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Apps\ActivBoard
hksrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32	askmgr.exe
C:\WINDOWSegedit.exe
C:\Program Files\Yahoo!\Yahoo! Widget Engine\YahooWidgetEngine.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\NOTEPAD.EXE
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customsearch/customsearch-en.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.fxsound.com/?vendor=15&subvendor=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O3 - Toolbar: (no name) - {7C261B08-C86A-4988-A369-D03030B3C47F} - (no file)
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [kruayzcql] c:\windows\system32\kruayzcql.exe kruayzcql
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [openvpn-gui] "C:\Program Files\OpenVPN\bin\openvpn-gui.exe"
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\RunOnce: [eISS_cleanup] "C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe" /cleanup
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/net/Import/ImageUploader4.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.fr/?channel=1005
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O20 - AppInit_DLLs: ,clkern.dll,wbsys.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
hksrv.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcappcapd.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

dreamcastman · Answer

Il y aussi se fichier qui est introuvable et ui est impossible à supprimer 

O4 - HKLM\..\Run: [kruayzcql] c:\windows\system32\kruayzcql.exe kruayzcql

rudyrital · Answer

relance hijackthis puis clic sur "do a system scan only"

apres le scan coche ces lignes et seulement celles ci !!

O3 - Toolbar: (no name) - {7C261B08-C86A-4988-A369-D03030B3C47F} - (no file)


O4 - HKLM\..\RunOnce: [eISS_cleanup] "C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe" /cleanup

O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab 

O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab 

O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
 
O16 - DPF: {2250C29C-C5E9-4F55-BE4E-01E45A40FCF1} (CMediaMix Object) - http://musicmix.messenger.msn.com/Medialogic.CAB
 
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab 

O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
 
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://www.extrafilm.fr/net/Import/ImageUploader4.cab 

O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
 
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
 
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
 
O16 - DPF: {CE3409C4-9E26-4F8E-83E4-778498F9E7B4} (PB_Uploader Class) - https://www.photobox.fr/?channel=1005 

O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab 

referme ton navigateur (internet explorer ) puis clic sur " fix check"

Lance AVG Anti-Spyware, mets le à jour, 
Clique sur le bouton « Analyse » 
Puis « Comment réagir », clique sur Actions recommandées. Sélectionne Quarantaine. 
Retour à l'onglet Analyse. 
Clique sur Analyse complète du système. 
A la fin du scan, choisis " Appliquer toutes les actions " 
Clique sur "Enregistrer le rapport". Le fichier texte se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.

dreamcastman · Answer

Voici le nouveau log Hijach This. 

cacu.exe est toujours présent....


Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:45:32, on 08/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Apps\ActivBoard
hksrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\OpenVPN\bin\openvpn.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\eMule\emule.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWSegedit.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Visicom Media\FTP Expert 3\ftpxpert3.exe
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\HiJackThis_v2.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customsearch/customsearch-en.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.fxsound.com/?vendor=15&subvendor=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [openvpn-gui] "C:\Program Files\OpenVPN\bin\openvpn-gui.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [kruayzcql] c:\windows\system32\kruayzcql.exe kruayzcql
O4 - HKLM\..\RunOnce: [eISS_cleanup] "C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe" /cleanup
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - AppInit_DLLs: ,clkern.dll,wbsys.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
hksrv.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcappcapd.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

rudyrital · Answer

Vas sur le site virustotal : http://www.virustotal.com/en/indexf.html 

Puis dans un petit encadré blanc met ce fichier : 

C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe

c:\windows\system32\kruayzcql.exe


Puis clique sur "Send" 
Attend un peu un rapport va être généré. 
Puis poste le rapport.

dreamcastman · Answer

Pour les deux fichiers, il me fait:

0 bytes size received / Se ha recibido un archivo vacio

Ces fichiers sont ils  inexistants ou c le pouvoir des spywares?

rudyrital · Answer

essais de les suprimer avec killbox

Telecharges Killbox : https://www.generation-nt.com/killbox-telechargement-25430.html 

Doubles clique sur killbox.exe (Pocket Killbox) 

sélectionne entièrement la liste ci-dessous : 

EXEMPLES !!!!!! :
C:\StubInstaller.exe 
C:\WINDOWS\system32\SpoonUninstall.exe 
C:\WINDOWS\impborl.dll 
C:\Program Files\funwebproducts 
C:\Program Files\MyWebSearch 

---> et tu fais clic droit / copier 

Ouvres killbox 
- Sélectionne "delete on reboot" 
- Clique sur le menu "File" -> "Past from clip board" 
- Clique sur All Files 
- Clique sur la croix rouge et et blanche 
- Répond yes et laisse redémarrer ton pc. 

NOTE: Si tu reçois le message "PendingFileRenameOperations Registry Data has been removed by external process!" et que l'ordinateur ne redémarre pas, redémarre le manuellement ---> Menu Démarrer / arreter / redémarrer l'ordinateur 

Après redémarrage, relance Killbox puis clic sur l'onglet "fichier" -> Log -> Actions History Log 
Poste le rapport ici

dreamcastman · Answer

Lorsque jai fait ta manip jai eu le 
message: "PendingFileRenameOperations Registry Data has been removed by external process!", donc jai rebooter a la main ^^

voici le document que tu mas demandé:

Pocket Killbox version 2.0.0.648
Running on Windows XP as Administrateur(Administrator)
was started @ dimanche, avril 15, 2007, 5:15 PM
 
# 1 [End Process]
Path = 
Could not End Task on 
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Administrateur(Administrator)
was started @ dimanche, avril 15, 2007, 5:35 PM
 
# 1 [Files to Delete]
Path = c:\windows\system32\kruayzcql.exe
*This file does not seem to exist
 
# 2 [Files to Delete]
Path = c:\windows\system32\kruayzcql.exe kruayzcql
*This file does not seem to exist
 
# 3 [Files to Delete]
Path = c:\windows\system32\qavtintzn.exe
*This File could not be Deleted
 
# 4 [Files to Delete]
Path = c:\windows\system32\qavtintzn.dat
*This File could not be Deleted
 
# 5 [Files to Delete]
Path = c:\windows\system32\qavtintzn_nav.dat
*This File could not be Deleted
 
# 6 [Files to Delete]
Path = c:\windows\system32\qavtinzn_navps.dat
*This file does not seem to exist
 
# 7 [Files to Delete]
Path = c:\windows\system32\qavtintzn_navps.dat
*This File could not be Deleted
 
# 8 [Files to Delete]
Path = C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe
*This file does not seem to exist
 
# 9 [Files to Delete]
Path = C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
*This file does not seem to exist
 
Killbox Closed(Exit) @ 6:45:18 PM
__________________________________________________
 
Pocket Killbox version 2.0.0.978
Running on Windows XP as Administrateur(Administrator)
was started @ mardi, mai 08, 2007, 3:07 PM
 
# 1 [Delete on Reboot]
Path = c:\windows\system32\kruayzcql.exe 

 
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 3:08:38 PM
Killbox Closed(Exit) @ 3:09:35 PM
__________________________________________________
 
Pocket Killbox version 2.0.0.978
Running on Windows XP as Administrateur(Administrator)
was started @ mardi, mai 08, 2007, 3:15 PM

rudyrital · Answer

fait scanner ton pc par un ou plusieurs antivirus en ligne: 

Quelques AV en lignes: 

https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

http://www.bitdefender.fr/scan_fr/scan8/ie.html

https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm 

https://www.trendmicro.com/en_us/forHome/products/housecall.html 


si l'antivirus ne peut pas supprimer: 
- noter le chemin et le nom des fichiers infectés (ou encore mieux, le rapport du scan) et poster le resultat du scan sur le forum.

dreamcastman · Answer

Pocket Killbox version 2.0.0.648
Running on Windows XP as Administrateur(Administrator)
was started @ dimanche, avril 15, 2007, 5:15 PM
 
# 1 [End Process]
Path = 
Could not End Task on 
 
Pocket Killbox version 2.0.0.648
Running on Windows XP as Administrateur(Administrator)
was started @ dimanche, avril 15, 2007, 5:35 PM
 
# 1 [Files to Delete]
Path = c:\windows\system32\kruayzcql.exe
*This file does not seem to exist
 
# 2 [Files to Delete]
Path = c:\windows\system32\kruayzcql.exe kruayzcql
*This file does not seem to exist
 
# 3 [Files to Delete]
Path = c:\windows\system32\qavtintzn.exe
*This File could not be Deleted
 
# 4 [Files to Delete]
Path = c:\windows\system32\qavtintzn.dat
*This File could not be Deleted
 
# 5 [Files to Delete]
Path = c:\windows\system32\qavtintzn_nav.dat
*This File could not be Deleted
 
# 6 [Files to Delete]
Path = c:\windows\system32\qavtinzn_navps.dat
*This file does not seem to exist
 
# 7 [Files to Delete]
Path = c:\windows\system32\qavtintzn_navps.dat
*This File could not be Deleted
 
# 8 [Files to Delete]
Path = C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe
*This file does not seem to exist
 
# 9 [Files to Delete]
Path = C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe
*This file does not seem to exist
 
Killbox Closed(Exit) @ 6:45:18 PM
__________________________________________________
 
Pocket Killbox version 2.0.0.978
Running on Windows XP as Administrateur(Administrator)
was started @ mardi, mai 08, 2007, 3:07 PM
 
# 1 [Delete on Reboot]
Path = c:\windows\system32\kruayzcql.exe 

 
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 3:08:38 PM
Killbox Closed(Exit) @ 3:09:35 PM
__________________________________________________
 
Pocket Killbox version 2.0.0.978
Running on Windows XP as Administrateur(Administrator)
was started @ mardi, mai 08, 2007, 3:15 PM
 
# 1 [Files to Delete]
Path = c:\windows\system32\kruayzcql.exe 
*This file does not seem to exist
 
Killbox Closed(Exit) @ 3:16:30 PM
__________________________________________________
 
Pocket Killbox version 2.0.0.978
Running on Windows XP as Administrateur(Administrator)
was started @ mardi, mai 08, 2007, 3:27 PM
 
# 1 [Delete on Reboot]
Path = C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe

 
PendingFileRenameOperations Registry Data has been Removed by External Process! @ 3:28:10 PM
# 2 [Files to Delete]
Path = C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe
*This file does not seem to exist
 
# 3 [Files to Delete]
Path = C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp.exe
*This file does not seem to exist
 
Killbox Closed(Exit) @ 3:33:24 PM
__________________________________________________
 
Pocket Killbox version 2.0.0.978
Running on Windows XP as Administrateur(Administrator)
was started @ mardi, mai 08, 2007, 4:03 PM
 
# 1 [Files to Delete]
Path = C:\StubInstaller.exe 
*This file does not seem to exist
 
# 2 [Files to Delete]
Path = C:\WINDOWS\impborl.dll 
*This file does not seem to exist
 
# 3 [Files to Delete]
Path = C:\Program Files\funwebproducts 
*This file does not seem to exist
 
# 4 [Files to Delete]
Path = C:\Program Files\MyWebSearch
*This file does not seem to exist

dreamcastman · Answer

Il n y a pas de FIX existant pour mon type de probleme?

Parce que depuis que jai ce probleme jai mon PC qui ralentit et le son qui grésille....

dreamcastman · Answer

En plus jai limpression que mon ordinateur tourne au ralenti...
quand je lance Windows, il met beaucoup trop de temps!

rudyrital · Answer

remet un nouveau log hijackthis stp

dreamcastman · Answer

le voici le voilou, en esperant que tu puisse maider

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 17:58:47, on 08/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard
hksrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\HiJackThis_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customsearch/customsearch-en.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.fxsound.com/?vendor=15&subvendor=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {BE89472C-B803-4D1D-9A9A-0A63660E0FE3} - C:\PROGRA~1\COPERN~1\COPERN~1.DLL
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [openvpn-gui] "C:\Program Files\OpenVPN\bin\openvpn-gui.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [kruayzcql] c:\windows\system32\kruayzcql.exe kruayzcql
O4 - HKLM\..\RunOnce: [eISS_cleanup] "C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe" /cleanup
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O20 - AppInit_DLLs: ,clkern.dll,wbsys.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
hksrv.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcappcapd.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

rudyrital · Answer

fait scanner ton pc par un ou plusieurs antivirus en ligne: 

Quelques AV en lignes: 

https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr 

http://www.bitdefender.fr/scan_fr/scan8/ie.html 

https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm 

https://www.trendmicro.com/en_us/forHome/products/housecall.html 


si l'antivirus ne peut pas supprimer: 
- noter le chemin et le nom des fichiers infectés (ou encore mieux, le rapport du scan) et poster le resultat du scan sur le forum.

dreamcastman · Answer

Je les ai tous fait il nont rien trouver

Ya pas un moyen de les erradiquer concretement?

dreamcastman · Answer

Si ca pe taider, parce que je suis pas tres bon en anglais

https://www.google.fr/search?q=eISS_cleanup&hl=fr&start=0&sa=N&gws_rd=ssl

rudyrital · Answer

Téléchargez SmitfraudFix : http://siri.urz.free.fr/Fix/SmitfraudFix.zip 


Decompresse la totalité de l'archive smitfraudfix.zip 


Double-cliquez sur smitfraudfix.cmd 

Sélectionne 1 et appuyez sur la touche 'Entrée' dans le menu pour créer un rapport des fichiers responsables de l'infection. Le rapport se trouve à la racine du disque système C:\rapport.txt 


Ouvre-le faites en copier/coller et poste-le moi ici. 

Merci.

dreamcastman · Answer

Penses tu que ce serait le virus Vundo?






SmitFraudFix v2.177

Rapport fait à 19:10:56,64, 08/05/2007
Executé à partir de C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard
hksrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\FixVundo.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts


»»»»»»»»»»»»»»»»»»»»»»»» C:\


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur.DREAMCAST


»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur.DREAMCAST\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1.DRE\Favoris


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files 


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
 
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
 

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=",clkern.dll,wbsys.dll"


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» pe386-msguard-lzx32-huy32



»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte réseau Fast Ethernet PCI Realtek RTL8139 Family - Miniport d'ordonnancement de paquets
DNS Server Search Order: 212.27.53.252
DNS Server Search Order: 212.27.54.252

HKLM\SYSTEM\CCS\Services\Tcpip\..\{E310FF5F-01E6-41C0-84DD-698DE79882DE}: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\..\{E310FF5F-01E6-41C0-84DD-698DE79882DE}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E310FF5F-01E6-41C0-84DD-698DE79882DE}: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=212.27.53.252 212.27.54.252
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=212.27.54.252 212.27.53.252


»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

rudyrital · Answer

Démarre en mode sans échec : 
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter 
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! 
(Si F8 ne marche pas utilise la touche F5). 
---------------------------------------------------------------------------- 
Relance le programme Smitfraud, 
Cette fois choisit l’option 2, répond oui a tous ; 
Sauvegarde le rapport, Redémarre en mode normal, copie/colle le rapport sauvegardé sur le forum 

renome hijackthis en "scan.exe" par exemple et reposte moi un nouveau rapport

lolo · Answer

salut ,

juste pour vérifier la légitimité des 2 là :
clkern.dll,wbsys.dll

Le deuxième est ok
le premier à débattre.

Juste pour comprendre si c'est pour ça l'option 2

a+ (et excusez moi pour l'intervention)

dreamcastman · Answer

Donc je supprime les deux ou pas?

rudyrital · Answer

apres une demande de verification a plus qualifié que moi , ca ne servira pas a grand chose de  passer a l'etape 2 ( la dexieme a été installé par l'utilisateur)

rudyrital · Answer

renome hijackthis en "scan" par exemple et relance un nouveau log hijackthis stp

dreamcastman · Answer

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:57:11, on 08/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard
hksrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\OpenVPN\bin\openvpn-gui.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\VoipDiscount.com\VoipDiscount\VoipDiscount.exe
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\Scan_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customsearch/customsearch-en.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.fxsound.com/?vendor=15&subvendor=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [kruayzcql] c:\windows\system32\kruayzcql.exe kruayzcql
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [openvpn-gui] "C:\Program Files\OpenVPN\bin\openvpn-gui.exe"
O4 - HKLM\..\RunOnce: [eISS_cleanup] "C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe" /cleanup
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O4 - HKCU\..\Run: [eMuleAutoStart] C:\Program Files\eMule\emule.exe -AutoStart
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - AppInit_DLLs: ,clkern.dll,wbsys.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
hksrv.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcappcapd.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

rudyrital · Answer

- Télécharge http://www.malekal.com/download/clean.zip]clean.zip, décompresse-le sur ton bureau (clic droit / extraire tout), tu dois obtenir un dossier clean. 

¤Démarre en mode sans échec : 
Pour cela, tu tapotes la touche F8 dès le début de l’allumage du pc sans t’arrêter 
Une fenêtre va s’ouvrir tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau s’il n’y a pas toutes les couleurs et autres c’est normal ! 
(Si F8 ne marche pas utilise la touche F5). 

Double-clic sur ce dossier clean, tu y trouveras dedans plusieurs fichiers. 
Double-clic sur clean. Cela va ouvrir une fenêtre noire. 
Un menu va apparaître, choisis l'option 2 en appuyant sur la touche 2 de ton clavier. 
Clean va travailler. 
Un rapport va etre généré, sauvegarde le, redemarre ton pc, colle le contenu entier ici.

dreamcastman · Answer

Script execute en mode sans echec 
Rapport clean par Malekal_morte - http://www.malekal.com 
Script execute en mode sans echec 09/05/2007 a 23:35:57,12 

Microsoft Windows XP [version 5.1.2600]
 
*** Suppression des fichiers dans C: 
 
*** Suppression des fichiers dans C:\WINDOWS\ 
 
*** Suppression des fichiers dans C:\WINDOWS\system32 
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1" 
 
*** Suppression des fichiers dans C:\Program Files 
tentative de suppression de "C:\Program Files\GoRecord2\" 
tentative de suppression de "C:\Program Files\Viewpoint\" 
 
*** Suppression des clefs du registre effectuee.. 
*** Fin du rapport !

dreamcastman · Answer

jai limpression quavec le  temps , mon PC devient de plus en plus lent...

Aidez moi sil vous plait, ya pas de FIX qui pe Exister de chez NORTON?

dreamcastman · Answer

Rapport AVG:

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	08:25:03 10/05/2007

 + Résultat de l'analyse:	



C:\Documents and Settings\Hacène\Bureau\DivX\Power Amc 9.5 Crack.rar/CrcCheck.exe -> Downloader.Dadobr.bk : Aucune action entreprise.
C:\Documents and Settings\Hacène\Bureau\DivX\Cyberlink.PowerDVD.Deluxe.v7.0.Multilingual.Incl.Keymaker-CORE.rar/keygen.exe -> Logger.Banker.ba : Aucune action entreprise.
C:\Documents and Settings\Administrateur.DREAMCAST\Cookies\administrateur@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.


Fin du rapport

Darkkiller · Answer

Re,

Je prend le ralais de rudyrital :

Prends connaissance du contenu le lien suivant: 

http://www.f-secure.com/products/license-terms/eult_fra.pdf 

Tu as donc pris connaissance et accepté les conditions d'utilisations du programme blacklight qui est inclus dans le dossier compressé navilog1.zip que tu vas télécharger. 

Fais un clic droit sur ce lien :
http://perso.orange.fr/il.mafioso/Navifix/navilog1.zip
Enregistrer la cible (du lien) sous... et enregistre-le sur ton bureau.
Fais un clic droit sur navilog1.zip et choisis "tout extraire"
Ensuite double clique sur navilog1.exe pour lancer l'installation.
Une fois l'installation terminée, le fix s'exécutera automatiquement.
(Si ce n'est pas le cas, double-clique sur le raccourci Navilog1 présent sur le bureau).

Laisse-toi guider. Au menu principal, choisis 1 et valides.
(ne fais pas le choix 2,3 ou 4 sans notre avis/accord)

Patiente jusqu'au message :
*** Analyse Termine le ..... ***
Appuie sur une touche comme demandé, le blocnote va s'ouvrir.
Copie-colle l'intégralité dans une réponse. Referme le blocnote.
Le rapport est en outre sauvegardé à la racine du disque (fixnavi.txt)

dreamcastman · Answer

ton lien semble corrompu ou inexistant
qd je fait clic droit enregistrez sous il mele ddl mais qd je doi sle dezipper, il me fait une erreur de dezippage

Darkkiller · Answer

Re,

Nouveau lien ;) :

http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe

dreamcastman · Answer

ET tu pourrai mexpliquer a quoi sert exactement ce logiciel?

Darkkiller · Answer

Re,

Ce logiciel sert à supprimer une infection bien specifié intitulée : EGDACESS.

dreamcastman · Answer

Voici le rapport demandé

Search Navipromo version 2.0.0 commencé le 10/05/2007 à 19:00:56,04
 
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Poster ce rapport sur le forum pour le faire analyser !!!
!!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

Fix lancé depuis C:\Program Files
avilog1
Mise a jour le 09.05.2007 a 08h00 by IL-MAFIOSO

Executé en mode normal

*** Recherche Programmes installes *** 

 
GoRecord 2.0


*** Recherche dossiers dans C:\WINDOWS ***




*** Recherche dossiers dans C:\Program Files ***




*** Recherche dossiers dans C:\Documents and Settings\All Users.WINDOWS\Application Data ***




*** Recherche dossiers dans C:\Documents and Settings\Administrateur.DREAMCAST\Application Data ***



*** Recherche avec BlackLight Engine/F-secure ***
BlackLight Engine est un produit de F-secure, pour + d'infos :
https://www.f-secure.com/en


F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
======================================

Copyright 2005-2006 F-Secure Corporation. All rights reserved.
This is a beta version. It will expire on 1st of April, 2007.
Version information: 2.2.1061.

[+] Started on 05/10/07 at 19:00:58.
[+] Initializing ...
[+] Starting scan, press Ctrl-C to abort.
[+] Scanning for hidden items .................................................................................................................................................................................................
[+] Scan complete.
[+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
[+] Exited on 05/10/07 at 19:25:37 (return code = 0).


*** Recherche fichiers *** 




*** Recherche cles registre ***


Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs] 
 
 

Recherche dans [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage] 
 
 

Recherche Clé Magic Control 
 
HKEY_CURRENT_USER\Software\Lanconfig trouvé ! 
 
 
*** Module de Recherche complémentaire *** 
(Recherche fichiers spécifiques) 
 
1)Recherche fichiers connus:


2)Recherche Heuristique :
* 
** 
*** 
**** 
***** 
****** 
******* 
C:\WINDOWS\system32\atkngx.exe trouvé !
******** 
C:\WINDOWS\system32\atkngx.exe trouvé !
C:\WINDOWS\system32\iosquen.exe trouvé !
 
 
*** Analyse Terminé le 10/05/2007 à 19:26:39,54 ***

Darkkiller · Answer

Re,

Redémarre en mode sans échec (une ptite aide livrée avec  ;) ) :

http://forum.telecharger.01net.com/forum/high-tech/SECURITE/Securite/redemarrer-mode-echec-sujet_1526_1.htm
Puis execute navilog.exe ou .bat (selon la version) et choisis l'option 2.
Redémarre normalement et poste le navilog + un nouvea log Hijackthis.

dreamcastman · Answer

Jai essayé mais lorsque je fais 2 et je reboot, il ne se lance pas au demarrage, ya une fenetre derreur qui me dit ue ....cacu_001.exe na pas pu se lancer
Mais que faire?

Darkkiller · Answer

Qu'est ce qui se lance pas ? Navilog ? Ou le résultat ?

dreamcastman · Answer

en fait je suis oobligé denlever le message dereur pour que navoilog puisse se lancer

Voici le rapport:

Clean Navipromo version 2.0.0 commencé le 10/05/2007 à 21:26:36,00

Fix lancé depuis C:\Program Files
avilog1
Mise a jour le 09.05.2007 a 08h00 by IL-MAFIOSO

Mode suppression automatique avec prise en charge résultats Blacklight


 
*** fsbl1.txt non trouvé ***
(Assurez-vous que Blacklight n'avait rien trouvé lors de la recherche)
 

*** Suppression dossiers dans C:\WINDOWS ***


*** Suppression dossiers dans C:\Program Files ***


*** Suppression dossiers dans C:\Documents and Settings\All Users.WINDOWS\Application Data ***


*** Suppression dossiers dans C:\Documents and Settings\Administrateur.DREAMCAST\Application Data ***



*** Suppression fichiers ***


*** Suppression fichiers temporaires ***

Nettoyage contenu C:\WINDOWS\Temp effectué !
Nettoyage contenu C:\Documents and Settings\Administrateur.DREAMCAST\Local Settings\Temp effectué !

 
*** Sauvegarde du registre vers dossier Backupnavi*** 
 
 
sauvegarde du registre realise avec succes !


*** Nettoyage registre ***


Nettoyage registre Ok

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche et Suppression Heuristique :

* 
** 
*** 
**** 
***** 
****** 
******* 
******** 

*** Nettoyage termine le 10/05/2007 à 21:30:46,76 ***



est ce normal que jai le procesie wscntfy.exe (alertz MAJ WIndows ) se lance au demarrage, quand jessaye de killer le processus, dans la barre des taches (pret de lhorloge), licone rouge du centre de securité windows se duplique....

Darkkiller · Answer

POurquoi killer le processus ?

dreamcastman · Answer

Ben parce c pas normal quil se lance au demarrage et quil soit impossible de le fermer, dans les forums on dit quil peut contenir Troj/Banker-GD

sinon tu as lu mes rapports?

dreamcastman · Answer

sinon tu connai le processus c:\windows\system32\kruayzcql.exe kruayzcql parce avec msconfig, je vois quil se lance au demarrage avec dautres logiciels mais le probleme c que quand je les decoche de msconfig pour quil se lance pas , il se lancent qd meme au demarrage et revienent tout le temps.

pour c:\windows\system32\kruayzcql.exe kruayzcql jai essayer de le supprimer de toute les maniere impossible de le delete killbox,.......j'ai tout fait!

dreamcastman · Answer

Jai meme essayer de le supprimer dans le register systeme adns la partie Run mais impossible, le fichier cacu_001.exe (qui est soit disant inexistant pff) et present dans le dossier run once du registre et est lui aussi impossible a supprimer il reviient tout le temps....

Darkkiller · Answer

poste un log Hijackthis.

dreamcastman · Answer

maintenant jai meme une fenetre 'Protection de fichier Windows ' qui me dit que des fichiers necessaire au fonctionnement de window ont ete supprimé pff

Darkkiller · Answer

Re,

Tu t'est foutu dans une sacrée *****, tu as effacer un fichier sain du système !
Il faut formater.

dreamcastman · Answer

jai fait annuler
et jai plus le message lol 
donc je suis toujours en attente dautres solution merci et qd tu me dis 'tu as'-> jae ne fait que suivre ce que tu me demandes etni + ni - XD

Darkkiller · Answer

Re,

Repost un log Hijackthis pour voir où en on est ;)

dreamcastman · Answer

Voici le log et regarde bien chaque processus qui ce lance au demarrage et tu verras quil y a des trucs bizarres (regarde emule par exemple)

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:17:09, on 10/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard
hksrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\DAEMON Tools\daemon.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\Scan_v2.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = res://C:\Program Files\Copernic Agent\CopernicAgentExt.rdl/INTEGRATION_BAND_SEARCHBAR_HTML
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://client.jogo.cn/cdn/browser/customsearch/customsearch-en.html
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.fxsound.com/?vendor=15&subvendor=1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [kruayzcql] c:\windows\system32\kruayzcql.exe kruayzcql
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [openvpn-gui] "C:\Program Files\OpenVPN\bin\openvpn-gui.exe"
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\RunOnce: [Flags] 
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [AWMON] "C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [TuneUp MemOptimizer] "C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [FreeCall] "C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - AppInit_DLLs: ,clkern.dll,wbsys.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
hksrv.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcappcapd.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

Darkkiller · Answer

Re,

Ouvre Hijackthis et clique sur "DO a system scan only" et coche ces lignes :

O4 - HKLM\..\Run: [kruayzcql] c:\windows\system32\kruayzcql.exe kruayzcql

O4 - HKLM\..\RunOnce: [Flags] 

Puis quand tu as coché ces lignes, clique sur "Fix Checked".

Ensuite repost un log Hijackthis.

dreamcastman · Answer

analyse bien les processus qui ce lance au demarrage les 04 et tu verras quil sont pour la plupart avec des options bizarre ^^ et je narrive pas a les suppriemer

Darkkiller · Answer

Re,

Les processus sont sains, je els ait analysées 1 par 1.
Tu n'arrive pas a fixer sa :

c:\windows\system32\kruayzcql.exe ?

dreamcastman · Answer

Non jai tout essayer pour le supprimer, il revient tout le temps apres chacune tentative de mes suppressions....

Que faire contre ce genre de spyware?

Meme les autres autoruns que tu voient emule,daemon.....meme freecall je lai supprimer il y est encore

dreamcastman · Answer

Personne na jamais eu le meme probleme que moi?

dreamcastman · Answer

DArkkiller tu na pas dautres solutions?

Darkkiller · Answer

Re,

Ce fichier fait parti de ton infection navipromo.
Fais un scan complet AVg A-S et supprime tout ce qu'il trouve.

dreamcastman · Answer

Jai supprimer tout ce quil a trouver

AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

 + Créé à:	08:18:44 12/05/2007

 + Résultat de l'analyse:	



C:\Documents and Settings\Administrateur.DREAMCAST\Cookies\administrateur@247realmedia[1].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\Documents and Settings\Administrateur.DREAMCAST\Cookies\administrateur@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Administrateur.DREAMCAST\Cookies\administrateur@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Administrateur.DREAMCAST\Cookies\administrateur@doubleclick[2].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Administrateur.DREAMCAST\Cookies\administrateur@mediaplex[2].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Administrateur.DREAMCAST\Cookies\administrateur@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Administrateur.DREAMCAST\Cookies\administrateur@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.


Fin du rapport

dreamcastman · Answer

voici un ancien rapport tres recent

Le pribleme c que jai supprimer ces virus mais je sais pas sil ils sont encore present sur mon disque dur

 + Créé à:	08:25:03 10/05/2007

 + Résultat de l'analyse:	



C:\Documents and Settings\Hacène\Bureau\DivX\Power Amc 9.5 Crack.rar/CrcCheck.exe -> Downloader.Dadobr.bk : Aucune action entreprise.
C:\Documents and Settings\Hacène\Bureau\DivX\Cyberlink.PowerDVD.Deluxe.v7.0.Multilingual.Incl.Keymaker-CORE.rar/keygen.exe -> Logger.Banker.ba : Aucune action entreprise.
C:\Documents and Settings\Administrateur.DREAMCAST\Cookies\administrateur@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.


Fin du rapport

dreamcastman · Answer

Est tu vraiment sur que je suis attaqué par le virus Navipromo?

Si oui existe il un moyen efficace pour léradiquer?

Darkkiller · Answer

Re,

Evite de télécharger des logiciels sur Emule ou autres logiciels car c'est sur a 95 % que cela soit infecté ;).

Télécharge Killbox : http://www.downloads.subratam.org/KillBox.zip 

Décompresse-le dans un dossier dédie ! 
Un dossier KillBox.exe va appraitre, double-clique dessus un encadré blanc va appraitre entre ce fichier :

C:\Documents and Settings\Hacène\Bureau\DivX\Power Amc 9.5 Crack.rar/CrcCheck.exe 
C:\Documents and Settings\Hacène\Bureau\DivX\Cyberlink.PowerDVD.Deluxe.v7.0.Multilingual.Incl.Keymaker-CORE.rar/keygen.exe 

Puis ensuite clique sur la petite croix blanche dans un rond rouge. 
Il vont te poser une question disant : Files will be Removed on Reboot, Do you want to reboot now ?" 
(Les fichiers seront supprimés au redémarrage. Souhaitez redémarrer maintenant ?) 
Dans ce cas clique sur "oui" 
Puis repost un log Hijackthis.

dreamcastman · Answer

Jai les ai supprimer c bon.. Voisi un autre log si sa ca pe vous aidez: C:\WINDOWS\System32/drivers\aswRdr.sys -->15/01/2007 19:26:08 C:\WINDOWS\System32/drivers\aswTdi.sys -->15/01/2007 19:25:24 C:\WINDOWS\System32/drivers\aswmon.sys -->21/12/2006 01:56:13 C:\WINDOWS\System32/drivers\aswmon2.sys -->21/12/2006 01:56:00 C:\WINDOWS\System32/drivers\aavmker4.sys -->21/12/2006 01:51:58 C:\WINDOWS\System32/drivers\avgntmgr.sys -->22/11/2006 13:30:31 C:\WINDOWS\System32/drivers\avgntdd.sys -->22/11/2006 13:30:31 C:\WINDOWS\System32\qavtintzn_navps.dat -->15/04/2007 17:41:08 C:\WINDOWS\System32\qavtintzn.dat -->15/04/2007 17:40:10 C:\WINDOWS\System32 vapps.xml -->15/04/2007 17:07:39 C:\WINDOWS\System32\wpa.dbl -->15/04/2007 16:35:34 C:\WINDOWS\System32\PerfStringBackup.INI -->13/04/2007 15:39:06 C:\WINDOWS\System32\perfh00C.dat -->13/04/2007 15:39:06 C:\WINDOWS\System32\perfh009.dat -->13/04/2007 15:39:06 C:\WINDOWS\System32\perfc00C.dat -->13/04/2007 15:39:06 C:\WINDOWS\System32\perfc009.dat -->13/04/2007 15:39:06 C:\WINDOWS\System32\qavtintzn.exe -->08/04/2007 16:31:52 C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Midi Decoder.dat -->06/04/2007 21:33:09 C:\WINDOWS\System32\SpoonUninstall-dBpoweramp Midi Decoder.bmp -->06/04/2007 21:32:50 C:\WINDOWS\System32\iosquen.exe -->06/04/2007 16:31:21 C:\WINDOWS\System32\SpoonUninstall.exe -->04/04/2007 20:28:15 C:\WINDOWS\System32\qavtintzn_nav.dat -->04/04/2007 16:30:41 C:\WINDOWS\System32 dihost.dll -->02/04/2007 14:57:37 C:\WINDOWS\System32\satsukidecodersettings.ini -->28/03/2007 19:09:35 C:\WINDOWS\System32\atkngx.dat -->24/03/2007 17:07:53 C:\WINDOWS\System32\atkngx_nav.dat -->24/03/2007 13:37:11 C:\WINDOWS\System32\atkngx.exe -->14/03/2007 13:34:28 C:\WINDOWS\System32\CONFIG.NT -->25/02/2007 22:44:32 C:\WINDOWS\System32\WINTEMS.EXE.VIR -->25/02/2007 20:23:25 C:\WINDOWS\System32\vsconfig.xml -->25/02/2007 19:02:44 C:\WINDOWS\System32\ff_vfw.dll -->21/02/2007 22:00:28 C:\WINDOWS\System32\uxtheme.dll -->24/01/2007 23:00:18 C:\WINDOWS\setupapi.log -->15/04/2007 17:07:06 C:\WINDOWS\0.log -->15/04/2007 17:06:55 C:\WINDOWS\WindowsUpdate.log -->15/04/2007 17:06:52 C:\WINDOWS\bootstat.dat -->15/04/2007 17:06:26 C:\WINDOWS\msiosd.ini -->15/04/2007 17:04:39 C:\WINDOWS soc.log -->15/04/2007 16:56:56 C:\WINDOWS tdtcsetup.log -->15/04/2007 16:56:56 C:\WINDOWS\imsins.log -->15/04/2007 16:56:56 C:\WINDOWS\iis6.log -->15/04/2007 16:56:56 C:\WINDOWS\comsetup.log -->15/04/2007 16:56:56 C:\WINDOWS\ocgen.log -->15/04/2007 16:56:51 C:\WINDOWS etfxocm.log -->15/04/2007 16:56:51 C:\WINDOWS\FaxSetup.log -->15/04/2007 16:56:51 C:\WINDOWS\msmqinst.log -->15/04/2007 16:56:48 C:\WINDOWS\wiadebug.log -->15/04/2007 16:33:55 C:\WINDOWS\ApplyTheme.exe |02/10/2006 21:57:52 C:\WINDOWS\IPUI_DivXG400.exe |25/06/2006 16:18:11 C:\WINDOWS\is-4D6RR.exe |24/02/2007 17:02:20 C:\WINDOWS\IsUn040c.exe |01/05/2006 21:11:31 C:\WINDOWS\IsUninst.exe |07/06/2006 20:02:39 C:\WINDOWS\iun6002.exe |14/04/2006 13:37:15 C:\WINDOWS\NOTEPAD.EXE |09/04/2006 14:39:32 C:\WINDOWS\PI.EXE |25/04/2006 18:43:14 C:\WINDOWS eico.exe |10/09/2006 13:44:20 C:\WINDOWS\stunwdm.exe |17/05/2002 17:20:48 C:\WINDOWS wunk_16.exe |28/08/2001 15:00:00 C:\WINDOWS wunk_32.exe |28/08/2001 15:00:00 C:\WINDOWS\UN16040C.EXE |04/10/2006 11:47:24 C:\WINDOWS\unin040c.exe |31/05/2006 12:49:57 C:\WINDOWS\UNNeroBackItUp.exe |12/09/2005 16:13:46 C:\WINDOWS\UNNeroMediaHome.exe |12/09/2005 16:13:46 C:\WINDOWS\UNNeroShowTime.exe |12/09/2005 16:13:46 C:\WINDOWS\UNNeroVision.exe |12/09/2005 16:13:46 C:\WINDOWS\UNRecode.exe |12/09/2005 16:13:46 C:\WINDOWS\cs_Internet.dll |14/01/2007 12:21:07 C:\WINDOWS\cygwin1.dll |01/01/2007 18:53:03 C:\WINDOWS\cygz.dll |01/01/2007 18:53:04 C:\WINDOWS\Jpeg2Raw.dll |13/01/2007 23:24:24 C:\WINDOWS\libeay32.dll |28/12/2006 19:40:09 C:\WINDOWS\Libjcc.dll |13/01/2007 23:24:23 C:\WINDOWS\libjsybheap.dll |13/01/2007 23:24:23 C:\WINDOWS\MPEG_ENC_DLL.dll |13/01/2007 23:24:24 C:\WINDOWS\pbdwe80.dll |13/01/2007 23:24:23 C:\WINDOWS\pbvm80.dll |13/01/2007 23:24:23 C:\WINDOWS\snymsico.dll |16/11/2006 20:38:54 C:\WINDOWS\ssleay32.dll |28/12/2006 19:40:09 C:\WINDOWS\stb_comm.dll |13/01/2007 23:24:24 C:\WINDOWS\stb_Compress.dll |13/01/2007 23:24:24 C:\WINDOWS\stb_dwobj.dll |13/01/2007 23:24:24 C:\WINDOWS\stb_EzInternet.dll |13/01/2007 23:24:24 C:\WINDOWS\stb_func.dll |13/01/2007 23:24:24 C:\WINDOWS\stb_import.dll |13/01/2007 23:24:24 C:\WINDOWS\stb_memcopy.dll |14/01/2007 12:21:07 C:\WINDOWS\stb_prog.dll |13/01/2007 23:24:24 C:\WINDOWS\stb_serial32.dll |13/01/2007 23:24:24 C:\WINDOWS\stb_struct.dll |13/01/2007 23:24:25 C:\WINDOWS\stb_user.dll |13/01/2007 23:24:25 C:\WINDOWS\sysgtime.dll |07/01/2000 02:00:00 C:\WINDOWS wain.dll |28/08/2001 15:00:00 C:\WINDOWS wain_32.dll |04/08/2004 02:54:44 C:\WINDOWS\system32\append.exe |28/08/2001 15:00:00 C:\WINDOWS\system32\aswBoot.exe |12/08/2006 10:58:20 C:\WINDOWS\system32\atkngx.exe |14/03/2007 13:34:28 C:\WINDOWS\system32\AutoFAT.exe |30/01/2006 19:52:18 C:\WINDOWS\system32\AutoNTFS.exe |30/01/2006 19:51:58 C:\WINDOWS\system32\calc.exe |09/04/2006 12:48:49 C:\WINDOWS\system32\debug.exe |28/08/2001 15:00:00 C:\WINDOWS\system32\dosx.exe |04/08/2004 00:51:28 C:\WINDOWS\system32\dvdplay.exe |25/01/2005 01:28:38 C:\WINDOWS\system32\edlin.exe |28/08/2001 15:00:00 C:\WINDOWS\system32\exe2bin.exe |28/08/2001 15:00:00 C:\WINDOWS\system32\fastopen.exe |28/08/2001 15:00:00 C:\WINDOWS\system32\iosquen.exe |06/04/2007 16:31:21 C:\WINDOWS\system32\java.exe |16/12/2006 22:51:12 C:\WINDOWS\system32\javaw.exe |16/12/2006 22:51:12 C:\WINDOWS\system32\javaws.exe |16/12/2006 22:51:12 C:\WINDOWS\system32\keystone.exe |01/06/2006 17:22:00 C:\WINDOWS\system32\mem.exe |28/08/2001 15:00:00 C:\WINDOWS\system32\mscdexnt.exe |28/08/2001 15:00:00 C:\WINDOWS\system32 lsfunc.exe |28/08/2001 15:00:00 C:\WINDOWS\system32 otepad.exe |07/01/2005 15:06:55 C:\WINDOWS\system32 vappbar.exe |01/06/2006 17:22:00 C:\WINDOWS\system32 vcolor.exe |01/06/2006 17:22:00 C:\WINDOWS\system32 vcplui.exe |01/06/2006 17:22:00 C:\WINDOWS\system32 vdspsch.exe |01/06/2006 17:22:00 C:\WINDOWS\system32 vsvc32(2).exe |01/06/2006 17:22:00 C:\WINDOWS\system32 vsvc32.exe |01/06/2006 17:22:00 C:\WINDOWS\system32 vudisp.exe |05/07/2006 01:57:38 C:\WINDOWS\system32\NVUNINST.EXE |05/07/2006 01:57:03 C:\WINDOWS\system32 w16.exe |28/08/2001 15:00:00 C:\WINDOWS\system32 wiz.exe |01/06/2006 17:22:00 C:\WINDOWS\system32\pxcpya64.exe |27/04/2006 20:53:26 C:\WINDOWS\system32\pxhpinst.exe |09/04/2006 16:13:06 C:\WINDOWS\system32\pxinsa64.exe |27/04/2006 20:53:26 C:\WINDOWS\system32\pxinsi64.exe |17/12/2006 18:02:44 C:\WINDOWS\system32 edir.exe |04/08/2004 00:48:48 C:\WINDOWS\system32\setver.exe |28/08/2001 15:00:00 C:\WINDOWS\system32\share.exe |28/08/2001 15:00:00 C:\WINDOWS\system32\SpoonUninstall.exe |29/06/2006 18:12:09 C:\WINDOWS\system32\TweakUI.exe |07/01/2002 18:01:52 C:\WINDOWS\system32\vmnat.exe |18/01/2007 20:05:42 C:\WINDOWS\system32\vmnetdhcp.exe |18/01/2007 20:05:47 C:\WINDOWS\system32\vwipxspx.exe |28/08/2001 15:00:00 C:\WINDOWS\system32\xcleaner_free.exe |26/01/2005 01:09:56 C:\WINDOWS\system32\amstream.dll |04/08/2004 02:54:22 C:\WINDOWS\system32\atmfd.dll |04/08/2004 02:52:50 C:\WINDOWS\system32\atmlib.dll |04/08/2004 02:54:22 C:\WINDOWS\system32\avcodec.dll |15/07/2006 17:40:03 C:\WINDOWS\system32\avisynth.dll |01/09/2004 16:49:56 C:\WINDOWS\system32\Budapi32.dll |11/07/2006 19:23:48 C:\WINDOWS\system32\CDDBControl.dll |16/11/2006 20:38:13 C:\WINDOWS\system32\CddbLangFR.dll |16/11/2006 20:38:13 C:\WINDOWS\system32\CDDBUI.dll |16/11/2006 20:38:13 C:\WINDOWS\system32\CLKERN.DLL |08/09/2006 23:25:03 C:\WINDOWS\system32\CmdLineExt.dll |25/04/2006 23:16:49 C:\WINDOWS\system32\compatUI.dll |04/08/2004 02:54:24 C:\WINDOWS\system32\cpuinf32.dll |09/04/2006 12:57:44 C:\WINDOWS\system32\cygusb0.dll |18/12/2006 03:19:02 C:\WINDOWS\system32\cygz.dll |01/01/2007 18:53:04 C:\WINDOWS\system32\devil.dll |23/02/2004 15:41:30 C:\WINDOWS\system32\dgrpsetu.dll |09/04/2006 14:39:36 C:\WINDOWS\system32\dgsetup.dll |09/04/2006 14:39:35 C:\WINDOWS\system32\dump.dll |30/06/2003 17:39:56 C:\WINDOWS\system32\encdec.dll |04/08/2004 02:54:26 C:\WINDOWS\system32\EqnClass.Dll |09/04/2006 14:39:35 C:\WINDOWS\system32\ff_vfw.dll |21/02/2007 22:00:28 C:\WINDOWS\system32\frapsvid.dll |26/10/2006 15:08:36 C:\WINDOWS\system32\fun_mp4_enc.dll |15/07/2006 17:40:03 C:\WINDOWS\system32\fwapi.dll |09/04/2006 13:03:04 C:\WINDOWS\system32\GCCollection.dll |03/09/2004 18:52:50 C:\WINDOWS\system32\gcmd5query.dll |17/04/1999 11:06:00 C:\WINDOWS\system32\gcUnCompress.dll |02/12/1998 10:11:00 C:\WINDOWS\system32\gigagetbho_v10.dll |27/07/2006 02:15:01 C:\WINDOWS\system32\HHActiveX.dll |20/03/2002 22:01:58 C:\WINDOWS\system32\hticons.dll |09/04/2006 12:48:55 C:\WINDOWS\system32\hypertrm.dll |09/04/2006 12:48:38 C:\WINDOWS\system32\iccvid.dll |04/08/2004 02:54:28 C:\WINDOWS\system32\imagX7.dll |26/07/2004 17:16:10 C:\WINDOWS\system32\imagXpr7.dll |26/07/2004 17:16:10 C:\WINDOWS\system32\imagXR7.dll |26/07/2004 17:16:10 C:\WINDOWS\system32\imagXRA7.dll |26/07/2004 17:16:10 C:\WINDOWS\system32\ir32_32.dll |28/08/2001 15:00:00 C:\WINDOWS\system32\ir41_qc.dll |04/08/2004 02:54:30 C:\WINDOWS\system32\ir41_qcx.dll |04/08/2004 02:54:30 C:\WINDOWS\system32\ir50_32.dll |04/08/2004 02:54:30 C:\WINDOWS\system32\ir50_qc.dll |04/08/2004 02:54:30 C:\WINDOWS\system32\ir50_qcx.dll |04/08/2004 02:54:30 C:\WINDOWS\system32\isrdbg32.dll |09/04/2006 12:50:42 C:\WINDOWS\system32\jgaw400.dll |28/08/2001 15:00:00 C:\WINDOWS\system32\jgdw400.dll |28/08/2001 15:00:00 C:\WINDOWS\system32\jgmd400.dll |28/08/2001 15:00:00 C:\WINDOWS\system32\jgpl400.dll |28/08/2001 15:00:00 C:\WINDOWS\system32\jgsd400.dll |28/08/2001 15:00:00 C:\WINDOWS\system32\jgsh400.dll |28/08/2001 15:00:00 C:\WINDOWS\system32\libusb0.dll |27/08/2006 09:59:12 C:\WINDOWS\system32\mdwmdmsp.dll |25/01/2005 01:28:58 C:\WINDOWS\system32\mgxoschk.dll |23/02/2007 11:12:51 C:\WINDOWS\system32\mp4_vcodec.dll |15/07/2006 17:40:03 C:\WINDOWS\system32\msdmo.dll |04/08/2004 02:54:34 C:\WINDOWS\system32\msencode.dll |28/08/2001 15:00:00 C:\WINDOWS\system32\MsgPlusLoader.dll |11/11/2006 16:29:29 C:\WINDOWS\system32\msikbd.dll |09/04/2006 14:44:31 C:\WINDOWS\system32\msiosd32.dll |09/04/2006 14:44:31 C:\WINDOWS\system32\NeroCo.dll |16/02/2005 15:18:04 C:\WINDOWS\system32\NexPlayerX.dll |08/06/2005 11:06:34 C:\WINDOWS\system32 v4_disp(3).dll |29/10/2004 18:50:00 C:\WINDOWS\system32 v4_disp.dll |29/10/2004 18:50:00 C:\WINDOWS\system32 vapi.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vcod(2).dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vcod.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vcodins.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vcpl(2).dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vcpl.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vcpluir.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vdisps.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vdispsr.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vexpbar.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vgames.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vgamesr.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vhwvid.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 view.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vmccs.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vmccsrs.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vmccss.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vmccssr.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vmctray.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vmobls.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vmoblsr.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vnt4cpl.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 voglnt.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vrsar.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vrscs.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vrsda.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vrsde.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vrsel.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vrseng.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vrses.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vrsesm.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vrsfi.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vrsfr.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vrshe.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vrshu.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vrsit.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vrsja.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vrsko.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vrsnl.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vrsno.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vrspl.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vrspt.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vrsptb.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vrsru.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vrssk.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vrssl.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vrssv.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vrstr.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vrszhc.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vrszht.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vshell.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vvitvs.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vvitvsr.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vwddi.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vwdmcpl.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vwimg.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vwrsar.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vwrscs.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vwrsda.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vwrsde.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vwrsel.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vwrseng.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vwrses.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vwrsesm.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vwrsfi.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vwrsfr.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vwrshe.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vwrshu.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vwrsit.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vwrsja.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vwrsko.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vwrsnl.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vwrsno.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vwrspl.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vwrspt.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vwrsptb.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vwrsru.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vwrssk.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vwrssl.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vwrssv.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vwrstr.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vwrszhc.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vwrszht.dll |22/10/2006 13:22:00 C:\WINDOWS\system32 vwss.dll |01/06/2006 17:22:00 C:\WINDOWS\system32 vwssr.dll |01/06/2006 17:22:00 C:\WINDOWS\system32\openports.dll |07/03/2004 14:51:00 C:\WINDOWS\system32\packet.dll |29/10/2004 16:13:40 C:\WINDOWS\system32\paqsp.dll |25/01/2005 01:29:02 C:\WINDOWS\system32\pdfcmnnt.dll |20/11/2006 23:52:47 C:\WINDOWS\system32\pncrt.dll |09/04/2006 12:58:24 C:\WINDOWS\system32\pndx5016.dll |09/04/2006 12:58:24 C:\WINDOWS\system32\pndx5032.dll |09/04/2006 12:58:24 C:\WINDOWS\system32\pthreadVC.dll |15/01/2004 07:01:26 C:\WINDOWS\system32\Px.dll |14/09/2006 16:13:38 C:\WINDOWS\system32\pxafs.dll |17/12/2006 18:02:43 C:\WINDOWS\system32\pxdrv.dll |13/09/2006 01:01:00 C:\WINDOWS\system32\PxMas.dll |14/09/2006 16:13:40 C:\WINDOWS\system32\PxSFS.DLL |14/09/2006 16:13:40 C:\WINDOWS\system32\PxWave.dll |14/09/2006 16:13:42 C:\WINDOWS\system32\qedwipes.dll |04/08/2004 02:53:42 C:\WINDOWS\system32 dihost.dll |01/04/2007 21:08:05 C:\WINDOWS\system32\RFFTW2dll.dll |11/11/1999 02:39:00 C:\WINDOWS\system32\RFHelper.dll |05/12/2006 11:41:37 C:\WINDOWS\system32 fhres.dll |05/12/2006 11:41:37 C:\WINDOWS\system32\RFNP32.dll |05/12/2006 11:41:37 C:\WINDOWS\system32 fshext.dll |05/12/2006 11:41:37 C:\WINDOWS\system32 fshres.dll |05/12/2006 11:41:37 C:\WINDOWS\system32 fstrres.dll |05/12/2006 11:41:37 C:\WINDOWS\system32 fwdres.dll |05/12/2006 11:41:37 C:\WINDOWS\system32\RHGBTN32.DLL |01/05/2006 21:14:31 C:\WINDOWS\system32 moc3260.dll |09/04/2006 12:58:24 C:\WINDOWS\system32\ROBOEX32.DLL |01/05/2006 21:14:31 C:\WINDOWS\system32\sbe.dll |04/08/2004 02:54:38 C:\WINDOWS\system32\scrcap.dll |27/09/2006 15:57:06 C:\WINDOWS\system32\scriptpw.dll |28/08/2001 15:00:00 C:\WINDOWS\system32\scrvid.dll |27/09/2006 16:08:14 C:\WINDOWS\system32\SDelete.dll |30/06/2004 16:04:46 C:\WINDOWS\system32\SHW32.DLL |15/10/2006 01:23:07 C:\WINDOWS\system32\slbcsp.dll |04/08/2004 00:31:44 C:\WINDOWS\system32\slbiop.dll |04/08/2004 02:54:40 C:\WINDOWS\system32\slbrccsp.dll |28/08/2001 15:00:00 C:\WINDOWS\system32\sockspy.dll |31/08/2004 16:07:56 C:\WINDOWS\system32\spnike.dll |25/01/2005 01:29:06 C:\WINDOWS\system32\sprio600.dll |25/01/2005 01:29:06 C:\WINDOWS\system32\sprio800.dll |25/01/2005 01:29:06 C:\WINDOWS\system32\spxcoins.dll |09/04/2006 14:39:35 C:\WINDOWS\system32\srecorder.dll |11/01/2007 23:32:18 C:\WINDOWS\system32\SSubTmr6.dll |14/09/2004 10:34:02 C:\WINDOWS\system32\TDI-SonyOMG.dll |24/10/2001 17:00:40 C:\WINDOWS\system32 sccvid.dll |03/09/2006 16:17:42 C:\WINDOWS\system32 sd32.dll |28/08/2001 15:00:00 C:\WINDOWS\system32\TwnLib4.dll |09/07/2004 09:43:56 C:\WINDOWS\system32\UNACEV2.DLL |21/03/2002 15:39:02 C:\WINDOWS\system32\UNZIP32.DLL |16/06/2001 18:53:18 C:\WINDOWS\system32\uxtuneup.dll |15/02/2007 16:20:06 C:\WINDOWS\system32\V2iDiskLib.dll |03/08/2006 13:49:50 C:\WINDOWS\system32\vbzlib.dll |26/04/2005 03:05:50 C:\WINDOWS\system32\vmnc.dll |04/08/2006 12:32:24 C:\WINDOWS\system32\vmnetbridge.dll |04/08/2006 12:35:56 C:\WINDOWS\system32\vnetinst.dll |18/01/2007 20:05:54 C:\WINDOWS\system32\vnetlib.dll |18/01/2007 20:05:32 C:\WINDOWS\system32\vp6vfw.dll |09/04/2006 16:07:19 C:\WINDOWS\system32\vsdata.dll |25/02/2007 18:54:24 C:\WINDOWS\system32\vsinit.dll |25/02/2007 18:54:24 C:\WINDOWS\system32\vsmonapi.dll |25/02/2007 18:54:51 C:\WINDOWS\system32\vspubapi.dll |25/02/2007 18:54:51 C:\WINDOWS\system32\vsutil.dll |25/02/2007 18:54:23 C:\WINDOWS\system32\vsxml.dll |25/02/2007 18:54:52 C:\WINDOWS\system32\VXBLOCK.dll |21/08/2006 01:00:00 C:\WINDOWS\system32\wanpacket.dll |29/10/2004 16:13:36 C:\WINDOWS\system32\wbload.dll |24/01/2007 23:15:00 C:\WINDOWS\system32\wbsys.dll |24/01/2007 23:15:00 C:\WINDOWS\system32\win87em.dll |28/08/2001 15:00:00 C:\WINDOWS\system32\winavcode1.dll |15/05/2006 00:02:36 C:\WINDOWS\system32\winavcode2.dll |09/09/2005 16:51:50 C:\WINDOWS\system32\winavcode3.dll |19/01/2005 18:23:28 C:\WINDOWS\system32\wnaspi32.dll |09/04/2006 12:57:38 C:\WINDOWS\system32\wpcap.dll |29/10/2004 16:29:08 C:\WINDOWS\system32\xcomm.dll |02/10/2003 12:15:34 C:\WINDOWS\system32\xreglib.dll |06/12/2002 17:37:06 C:\WINDOWS\system32\xvidcore.dll |25/06/2006 17:30:11 C:\WINDOWS\system32\xvidvfw.dll |25/06/2006 17:30:11 C:\WINDOWS\system32\ZIP32.DLL |16/06/2001 16:09:46 C:\WINDOWS\system32\zlib.dll |26/04/2005 02:05:50 Le volume dans le lecteur C s'appelle Mon Disque Dur Le numéro de série du volume est D42B-D510 Répertoire de C:\WINDOWS\system 10/09/1999 13:06 4 672 wowpost.exe 1 fichier(s) 4 672 octets 0 Rép(s) 456 581 120 octets libres Le volume dans le lecteur C s'appelle Mon Disque Dur Le numéro de série du volume est D42B-D510 Répertoire de C:\WINDOWS\system32 04/08/2004 02:54 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 456 581 120 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C s'appelle Mon Disque Dur Le numéro de série du volume est D42B-D510 Répertoire de C:\WINDOWS\Downloaded Program Files 13/03/2007 00:03 . 13/03/2007 00:03 .. 14/03/2007 11:46 CONFLICT.1 09/04/2006 12:52 65 desktop.ini 14/07/2005 17:28 365 f3initialsetup1.0.0.15.inf 23/11/2006 00:22 372 736 GAME_UNO1.dll 22/11/2006 21:50 316 GAME_UNO1.INF 14/02/2007 19:44 378 ImageUploader4.inf 14/02/2007 19:44 2 557 752 ImageUploader4.ocx 15/11/2005 14:11 87 040 installer2.dll 27/07/2006 13:52 367 LegitCheckControl.inf 16/11/2005 11:52 490 Medialogic.INF 29/05/2003 15:00 160 864 messengerstatsclient.dll 23/02/2007 00:41 304 544 MessengerStatsPAClient.dll 29/05/2003 15:00 84 064 minesweeper.dll 29/05/2003 16:00 77 408 msgrchkr.dll 13 fichier(s) 3 646 389 octets Répertoire de C:\WINDOWS\Downloaded Program Files\CONFLICT.1 14/03/2007 11:46 . 14/03/2007 11:46 .. 28/02/2007 15:21 130 472 MineSweeper.dll 28/02/2007 15:21 131 472 msgrchkr.dll 2 fichier(s) 261 944 octets Total des fichiers listés : 15 fichier(s) 3 908 333 octets 5 Rép(s) 456 577 024 octets libres Recherche de rootkit! (Merci S!Ri) [b]infection possible Magic.Control[/b] : un scan F-Secure BlackLight est recommandé ^---Ca me fait peur ca? keskeje dois faireconter le Magic Control?

dreamcastman · Answer

Log de Trojan Remover: ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.5.9, Build 2457. For information, email simplysupsupport@aol.com [Unregistered version] Scan started at: 12/05/2007 22:13:11 Using Database v6760 Operating System: Windows XP Professional Service Pack 2 (Build 2600) Using data directory: C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Simply Super Software\Trojan Remover\ Logfile directory: C:\Documents and Settings\Administrateur.DREAMCAST\Mes documents\Simply Super Software\Trojan Remover Logfiles\ Running with Administrator privileges ************************************************** Checking Registry exefile command for modifications Checking Registry comfile command for modifications Checking Registry piffile command for modifications Checking Registry batfile command for modifications Checking Registry regfile command for modifications Checking Registry cmdfile command for modifications Checking Registry scrfile command for modifications ****************************** 22:13:11: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS ****************************** 22:13:11: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS ****************************** 22:13:11: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ****************************** 22:13:13: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Explorer.exe - this entry has been left in place ---------- This key's "Userinit" value calls the following program(s): C:\WINDOWS\system32\userinit.exe - this entry has been left in place ---------- This key's "System" value appears to be blank ---------- -------------------- Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name = load The Data Value for this entry appears to be blank -------------------- -------------------- Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run This Registry Key attempts to run the following program(s): Value Name = ACTIVBOARD Value Data = C:\Apps\ActivBoard\MMKeybd.exe - this command has been left in place -------------------- Value Name = avast! Value Data = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - this command has been left in place -------------------- -------------------- Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices This Registry Key appears to be empty -------------------- Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce This Registry Key appears to be empty -------------------- Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run This Registry Key attempts to run the following program(s): Value Name = msnmsgr Value Data = C:\Program Files\MSN Messenger\msnmsgr.exe" /background - this command has been left in place -------------------- -------------------- Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices This Registry Key appears to be empty -------------------- Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce This Registry Key appears to be empty -------------------- Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceEx This Registry Key appears to be empty ****************************** 22:13:14: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} Value: AVG Anti-Spyware 7.5 File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll - this ShellExecuteHook has been left in place ---------- ****************************** 22:13:14: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- No Registry Run Keys Hidden Entries found ---------- ****************************** 22:13:15: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ****************************** 22:13:15: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Checking the StubPath calls in the Active Setup\Installed Components registry keys: Key=<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} StubPath=C:\WINDOWS\system32\ieudinit.exe - this reference has been left in place ---------- Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place ---------- Key=>{26923b43-4d38-484f-9b9e-de460746276c} StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place ---------- Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place ---------- Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED} StubPath=C:\WINDOWS\system32 egsvr32.exe - this reference has been left in place ---------- Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C} StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place ---------- Key={7790769C-0471-11d2-AF11-00C04FA35D02} StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place ---------- Key={89820200-ECBD-11cf-8B85-00AA005B4340} StubPath=regsvr32.exe - this reference has been left in place ---------- Key={89820200-ECBD-11cf-8B85-00AA005B4383} StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place ---------- ****************************** 22:13:18: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Checking DLL files called from the CurrentControlSet\Services Keys: -------------------- Key=Alerter ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place -------------------- Key=AppMgmt ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place -------------------- Key=AudioSrv ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place -------------------- Key=BITS ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place -------------------- Key=Browser ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place -------------------- Key=CryptSvc ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place -------------------- Key=DcomLaunch ServiceDLL=%SystemRoot%\system32 pcss.dll - this reference has been left in place -------------------- Key=Dhcp ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place -------------------- Key=dmserver ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place -------------------- Key=Dnscache ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place -------------------- Key=ERSvc ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place -------------------- Key=EventSystem ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place -------------------- Key=FastUserSwitchingCompatibility ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place -------------------- Key=helpsvc ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place -------------------- Key=HidServ ServiceDLL=%SystemRoot%\System32\hidserv.dll - this file is globally excluded (file cannot be found) -------------------- Key=HTTPFilter ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place -------------------- Key=lanmanserver ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place -------------------- Key=lanmanworkstation ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place -------------------- Key=LmHosts ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place -------------------- Key=Messenger ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place -------------------- Key=Netman ServiceDLL=%SystemRoot%\System32 etman.dll - this reference has been left in place -------------------- Key=Nla ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place -------------------- Key=NtmsSvc ServiceDLL=%SystemRoot%\system32 tmssvc.dll - this reference has been left in place -------------------- Key=RasAuto ServiceDLL=%SystemRoot%\System32 asauto.dll - this reference has been left in place -------------------- Key=RasMan ServiceDLL=%SystemRoot%\System32 asmans.dll - this reference has been left in place -------------------- Key=RemoteAccess ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place -------------------- Key=RemoteRegistry ServiceDLL=%SystemRoot%\system32 egsvc.dll - this reference has been left in place -------------------- Key=RpcSs ServiceDLL=%SystemRoot%\system32 pcss.dll - this reference has been left in place -------------------- Key=Schedule ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place -------------------- Key=seclogon ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place -------------------- Key=SENS ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place -------------------- Key=SharedAccess ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place -------------------- Key=ShellHWDetection ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place -------------------- Key=srservice ServiceDLL=C:\WINDOWS\system32\srsvc.dll - this reference has been left in place -------------------- Key=SSDPSRV ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place -------------------- Key=stisvc ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place -------------------- Key=TapiSrv ServiceDLL=%SystemRoot%\System32 apisrv.dll - this reference has been left in place -------------------- Key=TermService ServiceDLL=%SystemRoot%\System32 ermsrv.dll - this reference has been left in place -------------------- Key=Themes ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place -------------------- Key=TrkWks ServiceDLL=%SystemRoot%\system32 rkwks.dll - this reference has been left in place -------------------- Key=upnphost ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place -------------------- Key=UxTuneUp ServiceDLL=%SystemRoot%\System32\uxtuneup.dll - this reference has been left in place -------------------- Key=W32Time ServiceDLL=C:\WINDOWS\system32\w32time.dll - this reference has been left in place -------------------- Key=WebClient ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place -------------------- Key=winmgmt ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place -------------------- Key=WmdmPmSN ServiceDLL=C:\WINDOWS\system32\MsPMSNSv.dll - this reference has been left in place -------------------- Key=Wmi ServiceDLL=%SystemRoot%\System32\advapi32.dll - this reference has been left in place -------------------- Key=wscsvc ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place -------------------- Key=wuauserv ServiceDLL=C:\WINDOWS\system32\wuauserv.dll - this reference has been left in place -------------------- Key=WudfSvc ServiceDLL=%SystemRoot%\System32\WUDFSvc.dll - this reference has been left in place -------------------- Key=WZCSVC ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place -------------------- Key=xmlprov ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place ****************************** 22:13:32: Scanning ----- SERVICES REGISTRY KEYS ----- Checking files called from the CurrentControlSet\Services Keys: Key=a2AntiMalware ImagePath=C:\Program Files\a-squared Anti-Malware\a2service.exe - this reference has been left in place ---------- Key=a347bus ImagePath=system32\DRIVERS\a347bus.sys - this reference has been left in place ---------- Key=a347scsi ImagePath=System32\Drivers\a347scsi.sys - this reference has been left in place ---------- Key=ACPI ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place ---------- Key=aec ImagePath=system32\drivers\aec.sys - this reference has been left in place ---------- Key=AFD ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place ---------- Key=ALG ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place ---------- Key=Arp1394 ImagePath=system32\DRIVERS\arp1394.sys - this reference has been left in place ---------- Key=aspnet_state ImagePath=%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - this reference has been left in place ---------- Key=aswUpdSv ImagePath="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" - this reference has been left in place ---------- Key=AsyncMac ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place ---------- C:\WINDOWS\system32\DRIVERS\atapi.sys appears to be in-use/locked - scanning skipped. Key=atapi ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place ---------- Key=Atmarpc ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place ---------- Key=audstub ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place ---------- Key=avast! Antivirus ImagePath="C:\Program Files\Alwil Software\Avast4\ashServ.exe" - this reference has been left in place ---------- Key=avast! Mail Scanner ImagePath="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service - this reference has been left in place ---------- Key=avast! Web Scanner ImagePath="C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service - this reference has been left in place ---------- Key=AVG Anti-Spyware Driver ImagePath=\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys - this reference has been left in place ---------- Key=AVG Anti-Spyware Guard ImagePath=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - this reference has been left in place ---------- Key=AvgAsCln ImagePath=System32\DRIVERS\AvgAsCln.sys - this reference has been left in place ---------- Key=Bridge ImagePath=system32\DRIVERS\bridge.sys - this reference has been left in place ---------- Key=BridgeMP ImagePath=system32\DRIVERS\bridge.sys - this reference has been left in place ---------- Key=Cdrom ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place ---------- Key=CiSvc ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place ---------- Key=ClipSrv ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place ---------- Key=clr_optimization_v2.0.50727_32 ImagePath=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - this reference has been left in place ---------- Key=COMSysApp ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place ---------- Key=Disk ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place ---------- Key=Diskeeper ImagePath="C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe" - this reference has been left in place ---------- Key=dmadmin ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place ---------- Key=dmboot ImagePath=System32\drivers\dmboot.sys - this reference has been left in place ---------- Key=dmio ImagePath=System32\drivers\dmio.sys - this reference has been left in place ---------- Key=dmload ImagePath=System32\drivers\dmload.sys - this reference has been left in place ---------- Key=DMusic ImagePath=system32\drivers\DMusic.sys - this reference has been left in place ---------- Key=driverhardwarev2 ImagePath=\??\C:\Program Files\HardwareDetection\driverhardwarev2.sys - this reference has been left in place ---------- Key=drmkaud ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place ---------- C:\WINDOWS\System32\Drivers\dtscsi.sys appears to be in-use/locked - scanning skipped. Key=dtscsi ImagePath=\SystemRoot\System32\Drivers\dtscsi.sys - this reference has been left in place ---------- Key=Eventlog ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place ---------- Key=Fdc ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place ---------- Key=FltMgr ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place ---------- Key=Ftdisk ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place ---------- Key=giveio ImagePath=system32\giveio.sys - this reference has been left in place ---------- Key=Gpc ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place ---------- Key=HidUsb ImagePath=system32\DRIVERS\hidusb.sys - this reference has been left in place ---------- Key=HTTP ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place ---------- Key=i8042prt ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place ---------- Key=IDriverT ImagePath="C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" - this reference has been left in place ---------- Key=Imapi ImagePath=system32\DRIVERS\imapi.sys - this reference has been left in place ---------- Key=ImapiService ImagePath=C:\WINDOWS\system32\imapi.exe - this reference has been left in place ---------- Key=intelppm ImagePath=system32\DRIVERS\intelppm.sys - this reference has been left in place ---------- Key=Ip6Fw ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place ---------- Key=IpFilterDriver ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place ---------- Key=IpInIp ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place ---------- Key=IpNat ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place ---------- Key=IPSec ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place ---------- Key=IRENUM ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place ---------- Key=isapnp ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place ---------- Key=ithsgt ImagePath=system32\DRIVERS\ithsgt.sys - this reference has been left in place ---------- Key=Kbdclass ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place ---------- Key=kmixer ImagePath=system32\drivers\kmixer.sys - this reference has been left in place ---------- Key=libusb0 ImagePath=system32\DRIVERS\libusb0.sys - this reference has been left in place ---------- Key=lilsgt ImagePath=system32\DRIVERS\lilsgt.sys - this reference has been left in place ---------- Key=mnmsrvc ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place ---------- Key=Mouclass ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place ---------- Key=MRxDAV ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place ---------- Key=MRxSmb ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place ---------- Key=MSDTC ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place ---------- Key=msikbd2k ImagePath=System32\DRIVERS\msikbd2k.sys - this reference has been left in place ---------- Key=MSIServer ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place ---------- Key=MSKSSRV ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place ---------- Key=MSPCLOCK ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place ---------- Key=MSPQM ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place ---------- Key=mssmbios ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place ---------- Key=NdisTapi ImagePath=system32\DRIVERS distapi.sys - this reference has been left in place ---------- Key=Ndisuio ImagePath=system32\DRIVERS disuio.sys - this reference has been left in place ---------- Key=NdisWan ImagePath=system32\DRIVERS diswan.sys - this reference has been left in place ---------- Key=NetBIOS ImagePath=system32\DRIVERS etbios.sys - this reference has been left in place ---------- Key=NetBT ImagePath=system32\DRIVERS etbt.sys - this reference has been left in place ---------- Key=NetDDE ImagePath=%SystemRoot%\system32 etdde.exe - this reference has been left in place ---------- Key=NetDDEdsdm ImagePath=%SystemRoot%\system32 etdde.exe - this reference has been left in place ---------- Key=Netlogon ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place ---------- Key=nhksrv ImagePath=C:\Apps\ActivBoard hksrv.exe - this reference has been left in place ---------- Key=NIC1394 ImagePath=system32\DRIVERS ic1394.sys - this reference has been left in place ---------- Key=nm ImagePath=system32\DRIVERS\NMnt.sys - this reference has been left in place ---------- Key=NPF ImagePath=system32\drivers pf.sys - this reference has been left in place ---------- Key=NtLmSsp ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place ---------- Key=nv ImagePath=system32\DRIVERS v4_mini.sys - this reference has been left in place ---------- Key=NVSvc ImagePath=%SystemRoot%\system32 vsvc32.exe - this reference has been left in place ---------- Key=NwlnkFlt ImagePath=system32\DRIVERS wlnkflt.sys - this reference has been left in place ---------- Key=NwlnkFwd ImagePath=system32\DRIVERS wlnkfwd.sys - this reference has been left in place ---------- Key=odserv ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE" - this reference has been left in place ---------- Key=ohci1394 ImagePath=system32\DRIVERS\ohci1394.sys - this reference has been left in place ---------- Key=OpenVPNService ImagePath=C:\Program Files\OpenVPN\bin\openvpnserv.exe - this reference has been left in place ---------- Key=ose ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" - this reference has been left in place ---------- Key=PACSPTISVR ImagePath="C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe" - this reference has been left in place ---------- Key=Parport ImagePath=system32\DRIVERS\parport.sys - this reference has been left in place ---------- Key=PCI ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place ---------- Key=pfc ImagePath=system32\drivers\pfc.sys - this reference has been left in place ---------- Key=PlugPlay ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place ---------- Key=PolicyAgent ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place ---------- Key=PptpMiniport ImagePath=system32\DRIVERS aspptp.sys - this reference has been left in place ---------- Key=ProtectedStorage ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place ---------- Key=PSched ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place ---------- Key=Ptilink ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place ---------- Key=PxHelp20 ImagePath=system32\DRIVERS\PxHelp20.sys - this reference has been left in place ---------- Key=RasAcd ImagePath=system32\DRIVERS asacd.sys - this reference has been left in place ---------- Key=Rasl2tp ImagePath=system32\DRIVERS asl2tp.sys - this reference has been left in place ---------- Key=RasPppoe ImagePath=system32\DRIVERS aspppoe.sys - this reference has been left in place ---------- Key=Raspti ImagePath=system32\DRIVERS aspti.sys - this reference has been left in place ---------- Key=Rdbss ImagePath=system32\DRIVERS dbss.sys - this reference has been left in place ---------- Key=RDPCDD ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place ---------- Key=rdpdr ImagePath=system32\DRIVERS dpdr.sys - this reference has been left in place ---------- Key=RDSessMgr ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place ---------- Key=redbook ImagePath=system32\DRIVERS edbook.sys - this reference has been left in place ---------- Key=rpcapd ImagePath="%ProgramFiles%\WinPcap pcapd.exe" -d -f "%ProgramFiles%\WinPcap pcapd.ini" - this reference has been left in place ---------- Key=RpcLocator ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place ---------- Key=RSVP ImagePath=%SystemRoot%\system32 svp.exe - this reference has been left in place ---------- Key=rtl8139 ImagePath=system32\DRIVERS\RTL8139.SYS - this reference has been left in place ---------- Key=SamSs ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place ---------- Key=SCardSvr ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place ---------- Key=scrcap ImagePath=system32\DRIVERS\scrcap.sys - this reference has been left in place ---------- Key=Secdrv ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place ---------- Key=serenum ImagePath=system32\DRIVERS\serenum.sys - this reference has been left in place ---------- Key=Serial ImagePath=system32\DRIVERS\serial.sys - this reference has been left in place ---------- Key=sfdrv01 ImagePath=System32\drivers\sfdrv01.sys - this reference has been left in place ---------- Key=sfhlp02 ImagePath=System32\drivers\sfhlp02.sys - this reference has been left in place ---------- Key=sfvfs02 ImagePath=System32\drivers\sfvfs02.sys - this reference has been left in place ---------- Key=sisagp ImagePath=system32\DRIVERS\sisagp.sys - this reference has been left in place ---------- Key=SiSide ImagePath=system32\DRIVERS\siside.sys - this reference has been left in place ---------- Key=speedfan ImagePath=system32\speedfan.sys - this reference has been left in place ---------- Key=splitter ImagePath=system32\drivers\splitter.sys - this reference has been left in place ---------- Key=Spooler ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place ---------- Key=sptd ImagePath=System32\Drivers\sptd.sys - this file is globally excluded ---------- Key=SPTISRV ImagePath="C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe" - this reference has been left in place ---------- Key=sr ImagePath=system32\DRIVERS\sr.sys - this reference has been left in place ---------- Key=Srv ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place ---------- Key=ssm_bus ImagePath=system32\DRIVERS\ssm_bus.sys - this reference has been left in place ---------- Key=ssm_mdfl ImagePath=system32\DRIVERS\ssm_mdfl.sys - this reference has been left in place ---------- Key=ssm_mdm ImagePath=system32\DRIVERS\ssm_mdm.sys - this reference has been left in place ---------- Key=ss_bus ImagePath=system32\DRIVERS\ss_bus.sys - this reference has been left in place ---------- Key=ss_mdfl ImagePath=system32\DRIVERS\ss_mdfl.sys - this reference has been left in place ---------- Key=ss_mdm ImagePath=system32\DRIVERS\ss_mdm.sys - this reference has been left in place ---------- Key=STAC97NA ImagePath=system32\drivers\stac97na.sys - this reference has been left in place ---------- Key=STAC97NH ImagePath=system32\drivers\stac97nh.sys - this reference has been left in place ---------- Key=swenum ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place ---------- Key=swmidi ImagePath=system32\drivers\swmidi.sys - this reference has been left in place ---------- Key=SwPrv ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{1E3B57ED-6813-4E52-BB50-1C87CDB8F21B} - this reference has been left in place ---------- Key=sysaudio ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place ---------- Key=SysmonLog ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place ---------- Key=tap0801 ImagePath=system32\DRIVERS ap0801.sys - this reference has been left in place ---------- Key=Tcpip ImagePath=system32\DRIVERS cpip.sys - this reference has been left in place ---------- Key=TermDD ImagePath=system32\DRIVERS ermdd.sys - this reference has been left in place ---------- Key=Tetris ImagePath=System32\Drivers\Tetris.sys - this reference has been left in place ---------- Key=TlntSvr ImagePath=C:\WINDOWS\system32 lntsvr.exe - this reference has been left in place ---------- Key=Update ImagePath=system32\DRIVERS\update.sys - this reference has been left in place ---------- Key=UPS ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place ---------- Key=usbccgp ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place ---------- Key=usbehci ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place ---------- Key=usbhub ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place ---------- Key=usbohci ImagePath=system32\DRIVERS\usbohci.sys - this reference has been left in place ---------- Key=usbscan ImagePath=system32\DRIVERS\usbscan.sys - this reference has been left in place ---------- Key=USBSTOR ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place ---------- Key=usnjsvc ImagePath="C:\Program Files\MSN Messenger\usnsvc.exe" - this reference has been left in place ---------- Key=Vcs ImagePath=\??\C:\WINDOWS\system32\Drivers\Vcs.sys - this reference has been left in place ---------- Key=VgaSave ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place ---------- Key=VMnetAdapter ImagePath=system32\DRIVERS\vmnetadapter.sys - this reference has been left in place ---------- Key=vsdatant ImagePath=\??\C:\WINDOWS\system32\vsdatant.sys - this reference has been left in place ---------- Key=VSS ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place ---------- Key=Wanarp ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place ---------- Key=wdmaud ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place ---------- Key=WebDriveFSD ImagePath=\??\C:\Program Files\NetDrive ffsd.sys - this reference has been left in place ---------- Key=WebDriveService ImagePath=C:\Program Files\NetDrive\wdService.exe - this reference has been left in place ---------- Key=WmiApSrv ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place ---------- Key=WMPNetworkSvc ImagePath=C:\Program Files\Windows Media Player\WMPNetwk.exe - this reference has been left in place ---------- Key=WS2IFSL ImagePath=\SystemRoot\System32\drivers\ws2ifsl.sys - this reference has been left in place ---------- Key=WudfPf ImagePath=system32\DRIVERS\WudfPf.sys - this reference has been left in place ---------- Key=WudfRd ImagePath=system32\DRIVERS\wudfrd.sys - this reference has been left in place ---------- Key=XBCD ImagePath=System32\Drivers\xbcd.sys - this reference has been left in place ---------- ****************************** 22:15:14: Scanning -----VXD ENTRIES----- Checking VMM32 VxD files being loaded ****************************** 22:15:14: Scanning ----- WINLOGON\NOTIFY DLLS ----- Checking DLLs called from the Winlogon\Notify key: Key=crypt32chain DLLName=crypt32.dll - this reference has been left in place ---------- Key=cryptnet DLLName=cryptnet.dll - this reference has been left in place ---------- Key=cscdll DLLName=cscdll.dll - this reference has been left in place ---------- Key=ScCertProp DLLName=wlnotify.dll - this reference has been left in place ---------- Key=Schedule DLLName=wlnotify.dll - this reference has been left in place ---------- Key=sclgntfy DLLName=sclgntfy.dll - this reference has been left in place ---------- Key=SensLogn DLLName=WlNotify.dll - this reference has been left in place ---------- Key=termsrv DLLName=wlnotify.dll - this reference has been left in place ---------- Key=WBSrv DLLName=C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll - this reference has been left in place ---------- Key=wlballoon DLLName=wlnotify.dll - this reference has been left in place ---------- ****************************** 22:15:17: Scanning ----- CONTEXTMENUHANDLERS ----- Key = 7-Zip CLSID = {23170F69-40C1-278A-1000-000100020000} C:\Program Files\7-Zip\7-zip.dll - this ContextMenuHandler has been left in place ---------- Key = avast CLSID = {472083B0-C522-11CF-8763-00608CC02F24} C:\Program Files\Alwil Software\Avast4\ashShell.dll - this ContextMenuHandler has been left in place ---------- Key = AVG Anti-Spyware CLSID = {8934FCEF-F5B8-468f-951F-78A921CD3920} C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll - this ContextMenuHandler has been left in place ---------- Key = Fichiers hors connexion CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03} %SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place ---------- Key = FTP Expert CLSID = {1EBC3533-B289-409F-9924-B84B3F0717D2} C:\PROGRA~1\VISICO~1\FTPEXP~1\ftpcntxt.dll - this ContextMenuHandler has been left in place ---------- Key = MatroskaContextMenu CLSID = {789111D8-68A3-46a3-9663-145A3FF4C9C9} C:\Program Files\MatroskaProp\MatroskaProp.dll - this ContextMenuHandler has been left in place ---------- Key = Open With CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936} %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place ---------- Key = Open With EncryptionMenu CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46} %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place ---------- Key = Trojan Remover CLSID = {52B87208-9CCF-42C9-B88E-069281105805} C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place ---------- Key = TuneUp Shredder Shell Extension CLSID = {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll - this ContextMenuHandler has been left in place ---------- Key = VIDEOTRANS CLSID = {548773BA-874E-4C02-9DC7-B7A096772C7D} C:\Program Files\MP3 Player Utilities 3.57\AMVTools\SrcCount.dll - this ContextMenuHandler has been left in place ---------- Key = WinRAR CLSID = {B41DB860-8EE4-11D2-9906-E49FADC173CA} C:\Program Files\WinRAR arext.dll - this ContextMenuHandler has been left in place ---------- Key = WinUHA CLSID = {095177B8-8097-4D32-9081-A8949C47020E} C:\PROGRA~1\WinUHA\SHELLW~1.DLL - this ContextMenuHandler has been left in place ---------- Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8} %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place ---------- Key = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208} C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll - this ContextMenuHandler has been left in place ---------- ****************************** 22:15:24: Scanning ----- FOLDER\COLUMNHANDLERS ----- Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871} %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place ---------- Key = {24F14F01-7B1C-11d1-838f-0000F80461CF} %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place ---------- Key = {24F14F02-7B1C-11d1-838f-0000F80461CF} %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place ---------- Key = {66742402-F9B9-11D1-A202-0000F81FEDEE} %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place ---------- Key = {781395AF-A127-469f-A06F-59B482AF4F3F} C:\Program Files\MatroskaProp\MatroskaProp.dll - this Folder\ColumnHandler has been left in place ---------- Key = {7D4D6379-F301-4311-BEBA-E26EB0561882} C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll - this Folder\ColumnHandler has been left in place ---------- Key = {F9DB5320-233E-11D1-9F84-707F02C10627} C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place ---------- Key = {FED7043D-346A-414D-ACD7-550D052499A7} C:\Program Files\Illustrate\dBpowerAMP\dBShell.dll - this Folder\ColumnHandler has been left in place ---------- ****************************** 22:15:27: Scanning ----- BROWSER HELPER OBJECTS ----- No Browser Helper Objects found to scan ****************************** 22:15:27: Scanning ----- SHELLSERVICEOBJECTS ----- Key = PostBootReminder %SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place ---------- Key = CDBurn %SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place ---------- Key = WebCheck C:\WINDOWS\system32\webcheck.dll - this ShellServiceObject has been left in place ---------- Key = SysTray C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place ---------- Key = WPDShServiceObj C:\WINDOWS\system32\WPDShServiceObj.dll - this ShellServiceObject has been left in place ---------- ****************************** 22:15:28: Scanning ----- SHAREDTASKSCHEDULER ENTRIES ----- Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1} Comment = Pré-chargeur Browseui File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place ---------- Value = {8C7461EF-2B13-11d2-BE35-3078302C2030} Comment = Démon de cache des catégories de composant File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place ---------- ****************************** 22:15:29: Scanning ----- IMAGEFILE DEBUGGERS ----- No "Debugger" entries found. ****************************** 22:15:29: Scanning ----- APPINIT_DLLS ----- [AppInitDLLs entry = ,clkern.dll,wbsys.dll] The following AppInit_DLLs are loaded at boot-time: clkern.dll - this file has been left in place ---------- wbsys.dll - this file has been left in place ---------- ****************************** 22:15:30: Scanning ------ USER STARTUP GROUPS ------ Checking Startup Group for All Users [C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp] No Startup files for All Users were located to check ****************************** 22:15:30: Scanning ------ COMMON STARTUP GROUP ------ [C:\Documents and Settings\All Users.WINDOWS\Menu Démarrer\Programmes\Démarrage] The Common Startup Group attempts to load the following file(s) at boot time: desktop.ini - this file is expected and has been left in place -------------------- ****************************** No User Startup Groups were located to check ****************************** 22:15:31: Scanning ----- SCHEDULED TASKS ----- ****************************** 22:15:31: ----- EXTRA CHECKS ----- PE386 rootkit checks completed ---------- Winlogon registry rootkit checks completed ---------- Heuristic checks for hidden files/drivers completed ---------- ****************************** 22:15:32: Scanning ------ DOWNLOADED PROGRAM FILES ------ The following files are located in the DOWNLOADED PROGRAM FILES directory: C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place ****************************** 22:15:32: Scanning ----- RUNNING PROCESSES ----- C:\WINDOWS\System32\smss.exe -------------------- C:\WINDOWS\system32\csrss.exe -------------------- C:\WINDOWS\system32\winlogon.exe -------------------- C:\WINDOWS\system32\services.exe -------------------- C:\WINDOWS\system32\lsass.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\WINDOWS\System32\svchost.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -------------------- C:\Program Files\Alwil Software\Avast4\ashServ.exe -------------------- C:\Apps\ActivBoard hksrv.exe -------------------- C:\Program Files\a-squared Anti-Malware\a2service.exe -------------------- C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe -------------------- C:\WINDOWS\system32\svchost.exe -------------------- C:\Apps\ActivBoard\MMKeybd.exe -------------------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe -------------------- C:\Program Files\MSN Messenger\msnmsgr.exe -------------------- C:\Apps\ActivBoard\TrayMon.exe -------------------- C:\Apps\ActivBoard\OSD.exe -------------------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -------------------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -------------------- C:\WINDOWS\System32\alg.exe -------------------- C:\Program Files\MSN Messenger\usnsvc.exe -------------------- C:\Program Files\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWare.exe -------------------- C:\Program Files\Ashampoo\Ashampoo AntiSpyWare\AntiSpyWareControl.exe -------------------- C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\Scan_v2.exe -------------------- C:\WINDOWS\explorer.exe -------------------- C:\Program Files\Notepad++ otepad++.exe -------------------- C:\Program Files\Mozilla Firefox\firefox.exe -------------------- C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Simply Super Software\Trojan Remover\kif2E.exe FileSize: 1 790 528 [This is a Trojan Remover component] -------------------- C:\Program Files\Internet Explorer\IEXPLORE.EXE -------------------- ****************************** 22:15:52: Checking AUTOEXEC.BAT file AUTOEXEC.BAT found in C:\ No malicious entries were found in the AUTOEXEC.BAT file ****************************** 22:15:52: Checking AUTOEXEC.NT file AUTOEXEC.NT found in C:\WINDOWS\system32 No malicious entries were found in the AUTOEXEC.NT file ****************************** ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------ HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page": https://fr.yahoo.com/?p=us HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page": %SystemRoot%\system32\blank.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page": https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL": https://www.msn.com/fr-fr/?ocid=iehp HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL": https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch": https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant": https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page": https://www.google.fr/?gws_rd=ssl HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page": C:\WINDOWS\system32\blank.htm HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page": https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF ****************************** NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES Scan completed at: 12/05/2007 22:15:52 ************************************************************ ***** INDIVIDUAL FILE SCAN ***** Trojan Remover Ver 6.5.9, Build 2457. For information, email simplysupsupport@aol.com [Unregistered version] Scan started at: 10/05/2007 22:04:37 Using Database v6760 Operating System: Windows XP Professional Service Pack 2 (Build 2600) Using data directory: C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Simply Super Software\Trojan Remover\ Logfile directory: C:\Documents and Settings\Administrateur.DREAMCAST\Mes documents\Simply Super Software\Trojan Remover Logfiles\ Running with Administrator privileges ************************************************** Carrying out individual file scan on C:\WINDOWS\system32\wscntfy.exe This file appears to be OK C:\WINDOWS\system32\wscntfy.exe - running process located and terminated C:\WINDOWS\system32\wscntfy.exe has been deleted ************************************************************ ***** NORMAL SCAN FOR ACTIVE MALWARE ***** Trojan Remover Ver 6.5.9, Build 2457. For information, email simplysupsupport@aol.com [Unregistered version] Scan started at: 06/05/2007 11:32:10 Using Database v6760 Operating System: Windows XP Professional Service Pack 2 (Build 2600) Using data directory: C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Simply Super Software\Trojan Remover\ Logfile directory: C:\Documents and Settings\Administrateur.DREAMCAST\Mes documents\Simply Super Software\Trojan Remover Logfiles\ Running with Administrator privileges ************************************************** Checking Registry exefile command for modifications Checking Registry comfile command for modifications Checking Registry piffile command for modifications Checking Registry batfile command for modifications Checking Registry regfile command for modifications Checking Registry cmdfile command for modifications Checking Registry scrfile command for modifications ****************************** 11:32:10: Scanning ----------WIN.INI----------- WIN.INI found in C:\WINDOWS ****************************** 11:32:10: Scanning --------SYSTEM.INI--------- SYSTEM.INI found in C:\WINDOWS ****************************** 11:32:10: ----- SCANNING FOR ROOTKIT SERVICES ----- No hidden Services were detected. ****************************** 11:32:12: Scanning -----WINDOWS REGISTRY----- -------------------- Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon -------------------- Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon This key's "Shell" value calls the following program(s): Explorer.exe - this entry has been left in place ---------- This key's "Userinit" value calls the following program(s): C:\WINDOWS\system32\userinit.exe - this entry has been left in place ---------- This key's "System" value appears to be blank ---------- -------------------- Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows -------------------- Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows Value Name = load The Data Value for this entry appears to be blank -------------------- -------------------- Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run This Registry Key attempts to run the following program(s): Value Name = ACTIVBOARD Value Data = C:\Apps\ActivBoard\MMKeybd.exe - this command has been left in place -------------------- Value Name = DAEMON Tools Value Data = C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033 - this command has been left in place -------------------- Value Name = openvpn-gui Value Data = C:\Program Files\OpenVPN\bin\openvpn-gui.exe - this command has been left in place -------------------- Value Name = NvCplDaemon Value Data = "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup - this command has been left in place -------------------- Value Name = avast! Value Data = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - this command has been left in place -------------------- Value Name = QuickTime Task Value Data = C:\Program Files\QuickTime\qttask.exe" -atboottime - this command has been left in place -------------------- Value Name = gcasServ Value Data = C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe - this command has been left in place [file not found to scan] -------------------- Value Name = kruayzcql Value Data = c:\windows\system32\kruayzcql.exe kruayzcql - this command has been left in place [file not found to scan] -------------------- Value Name = kruayzcql Value Data = c:\windows\system32\kruayzcql.exe kruayzcql - this command has been left in place [file not found to scan] -------------------- -------------------- Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key attempts to run the following program(s): Value Name = eISS_cleanup Value Data = C:\DOCUME~1\ADMINI~1.DRE\LOCALS~1\Temp\cacu_001.exe" /cleanup - this command has been left in place [file not found to scan] -------------------- -------------------- Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices This Registry Key appears to be empty -------------------- Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce This Registry Key appears to be empty -------------------- Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx This Registry Key appears to be empty -------------------- Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run This Registry Key attempts to run the following program(s): Value Name = SuperCopier2.exe Value Data = C:\Program Files\SuperCopier2\SuperCopier2.exe - this command has been left in place -------------------- Value Name = TuneUp MemOptimizer Value Data = C:\Program Files\TuneUp Utilities 2007\MemOptimizer.exe" autostart - this command has been left in place -------------------- Value Name = ctfmon.exe Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place -------------------- Value Name = AWMON Value Data = C:\PROGRA~1\Lavasoft\AD-AWA~1\Ad-Watch.exe - this command has been left in place -------------------- Value Name = msnmsgr Value Data = C:\Program Files\MSN Messenger\msnmsgr.exe" /background - this command has been left in place -------------------- Value Name = FreeCall Value Data = C:\Program Files\FreeCall.com\FreeCall\FreeCall.exe" -nosplash -minimized - this command has been left in place [file not found to scan] -------------------- Value Name = eMuleAutoStart Value Data = C:\Program Files\eMule\emule.exe -AutoStart - this command has been left in place -------------------- -------------------- Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce This Registry Key appears to be empty -------------------- Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices This Registry Key appears to be empty -------------------- Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce This Registry Key appears to be empty -------------------- Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceEx This Registry Key appears to be empty ****************************** 11:32:19: Scanning -----SHELLEXECUTEHOOKS----- ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972} File: shell32.dll - this file is expected and has been left in place ---------- ****************************** 11:32:19: Scanning -----HIDDEN REGISTRY ENTRIES----- Taskdir check completed ---------- Hidden Registry Key: HKLM\Software\Microsoft\Windows\CurrentVersion\Run ValueName: fnwodulo Value: c:\windows\system32\fnwodulo.exe fnwodulo fnwodulo - this registry value has been removed [file not found to scan] c:\windows\system32\fnwodulo.exe - process is either not running or could not be terminated c:\windows\system32\fnwodulo.exe has been renamed to: c:\windows\system32\fnwodulo.exe.ren This file will also be marked for renaming during PC restart, in case it is re-created NVS2.INF, associated with Adware.NaviPromo, found in C:\WINDOWS\system32\ C:\WINDOWS\system32\NVS2.INF has been renamed to: C:\WINDOWS\system32\NVS2.INF.ren PACK.EPK, associated with Adware.NaviPromo, found in C:\WINDOWS\ C:\WINDOWS\PACK.EPK has been renamed to: C:\WINDOWS\PACK.EPK.ren C:\WINDOWS\system32\fnwodulo.dat has been renamed to: C:\WINDOWS\system32\fnwodulo.dat.ren This file will also be marked for renaming during PC restart, in case it is re-created C:\WINDOWS\system32\fnwodulo_nav.dat has been marked for renaming when the PC is restarted (if it exists) C:\WINDOWS\system32\fnwodulo_navps.dat has been renamed to: C:\WINDOWS\system32\fnwodulo_navps.dat.ren This file will also be marked for renaming during PC restart, in case it is re-created ---------- ****************************** 11:32:55: Scanning -----ACTIVE SCREENSAVER----- No active ScreenSaver found to scan. ****************************** 11:32:55: Scanning ----- REGISTRY ACTIVE SETUP KEYS ----- Checking the StubPath calls in the Active Setup\Installed Components registry keys: Key=<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} StubPath=C:\WINDOWS\system32\ieudinit.exe - this reference has been left in place ---------- Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95} StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place ---------- Key=>{26923b43-4d38-484f-9b9e-de460746276c} StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place ---------- Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a} StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place ---------- Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED} StubPath=C:\WINDOWS\system32 egsvr32.exe - this reference has been left in place ---------- Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C} StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place ---------- Key={7790769C-0471-11d2-AF11-00C04FA35D02} StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place ---------- Key={89820200-ECBD-11cf-8B85-00AA005B4340} StubPath=regsvr32.exe - this reference has been left in place ---------- Key={89820200-ECBD-11cf-8B85-00AA005B4383} StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place ---------- ****************************** 11:32:59: Scanning ----- SERVICEDLL REGISTRY KEYS ----- Checking DLL files called from the CurrentControlSet\Services Keys: -------------------- Key=Alerter ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place -------------------- Key=AppMgmt ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place -------------------- Key=AudioSrv ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place -------------------- Key=BITS ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place -------------------- Key=Browser ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place -------------------- Key=CryptSvc ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place -------------------- Key=DcomLaunch ServiceDLL=%SystemRoot%\system32 pcss.dll - this reference has been left in place -------------------- Key=Dhcp ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place -------------------- Key=dmserver ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place -------------------- Key=Dnscache ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place -------------------- Key=ERSvc ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place -------------------- Key=EventSystem ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place -------------------- Key=FastUserSwitchingCompatibility ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place -------------------- Key=helpsvc ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place -------------------- Key=HidServ ServiceDLL=%SystemRoot%\System32\hidserv.dll - this file is globally excluded (file cannot be found) -------------------- Key=HTTPFilter ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place -------------------- Key=lanmanserver ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place -------------------- Key=lanmanworkstation ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place -------------------- Key=LmHosts ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place -------------------- Key=Messenger ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place -------------------- Key=Netman ServiceDLL=%SystemRoot%\System32 etman.dll - this reference has been left in place -------------------- Key=Nla ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place -------------------- Key=NtmsSvc ServiceDLL=%SystemRoot%\system32 tmssvc.dll - this reference has been left in place -------------------- Key=RasAuto ServiceDLL=%SystemRoot%\System32 asauto.dll - this reference has been left in place -------------------- Key=RasMan ServiceDLL=%SystemRoot%\System32 asmans.dll - this reference has been left in place -------------------- Key=Rem

Darkkiller · Answer

Re,

Donc telecharge ELIBAGLA 
http://www.zonavirus.com/datos/descargas/95/elibagla.asp 

suis ces procédures : 

Clique sur le bouton Descargar Elibagla, cela va télécharger le fichier, place-le sur ton Bureau. 
Double-clique dessus pour l'ouvrir. 
Assure-toi que dans le menu déroulant Unidad, vous ayez bien C:\ 
Vérifie aussi aussi que l'option en bas de la fenêtre Eliminar Ficheros Automaticamente soit bien cochée. 
Clique sur le bouton Explorar pour lancer l'analyse. 
Poste le rapport généré en fin d'analyse. 

Poste le rapport dans ton prochain post

dreamcastman · Answer

Il a fini de scanner mais je sais pas ou trover le rapport?

Darkkiller · Answer

Dans 

C:/ELIBAGLA

dreamcastman · Answer

inexistant

Darkkiller · Answer

Re,

C:/ELIBAGLA.txt ou  C:/elibagla.txt

dreamcastman · Answer

Désolé mais ton fichier est inexistant, je crois que cette application ne founit pas de log a la fin de son traitement.

Jai fait un scan avec, il ma trouver aucun virus.

Cependant pendant ce scan, il a essayé de scanner un fichier et avast mais alerter que ce fichier etait atteint du virus Baggle CA
donc je lai supprimer.

Je sais pas si je dois faire kkchose conte baggle?

Darkkiller · Answer

Re,

Ben l'outil elibagla était censé éliminé bagle ^^
Reéxécute-le et copie colles le log.

dreamcastman · Answer

Benje le trouve pas...
 jai iimpression que elibagla se ferme automatiquement en plein milieu de la recherche et c pour ca quil me fait pas de log...

Et en plus jai limpression qua chaque que jaccede a internet mon PC Ralentit. Serait ce a cause de louverture de port reseau?



























Help please!

Darkkiller · Answer

Reposte un log Hijackthis.

dreamcastman · Answer

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 19:29:28, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard
hksrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RegSeeker\RegSeeker.exe
C:\WINDOWSegedit.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\Scan_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O20 - AppInit_DLLs: ,clkern.dll,wbsys.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
hksrv.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - NetGroup - Politecnico di Torino - C:\Program Files\WinPcappcapd.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

Darkkiller · Answer

Re,

Télécharge la version 1.99 d'Hijackthis car la version 2.0 est une version beta (version test)

télécharger Hijackthis 1.99 :

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

dreamcastman · Answer

Logfile of HijackThis v1.99.1
Scan saved at 19:57:47, on 14/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard
hksrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\RegSeeker\RegSeeker.exe
C:\WINDOWSegedit.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\WINDOWS\system32\msiexec.exe
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: ,clkern.dll,wbsys.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
hksrv.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe


A quoi correspondent ces lignes:

O20 - AppInit_DLLs: ,clkern.dll,wbsys.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll

Darkkiller · Answer

Re,

Ces lignes sont propres.
As-tu d'autres problèmes ?
As-tu un pare-feu installé ? Si oui lequel ?

dreamcastman · Answer

Ben pour linstant le seul probleme que jai actuellement et que des que jaccede ainternet, mon pc a lair de tourner au ralentit (video qui saute, son qui gresille, long au démarrage....)

Et je ne sais pas c quoi qui pe faire ca sur mon PC

Darkkiller · Answer

Re,

scan kaspersky https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr 

Clic sur l'image Kaspersky Online Scanner 
Clic sur J'accepte 
Installes le ActiveX 
Tu attends que la mise à jour se termine, une fois terminé, 
clic sur Suivant 
Clic sur Paramètres d'analyse 
Coche la case Étendue >> Ok 
Clic sur Poste de travail pour faire un scan complet 
Une fois le scan fini à 100%, clic sur Enregistrer rapport 
sous... 
Enregistrer le rapport au format .txt (en nom tu mets rapport ou 
ce que tu veux et en type tu choisis fichier texte (*.txt) 
Tu ouvres le fichier que tu viens de sauvegarder, copie et colle 
le rapport ici si tu es infecté

dreamcastman · Answer

Deja essayer, il ma rien trouver

Darkkiller · Answer

reesaye ;)

dreamcastman · Answer

Pour ce qui est de lutilisation du pare feu jutilise le pare feu Windows.

je sais pas si il est performant, sil ne lai pas quel pare feu me sonseiller vous sachant que je suis chez free donc il y a deja un pare feu au nivrau de ma freebox/

Je t passerai le log demain

Darkkiller · Answer

Re, Le pare-feu de windows n'est pas top donc je te conseille el pare-feu kério : Télécharge ce pare-feu KERIO: ( pare-feu, qui reste gratuit après la période d'essai de 21 jours! ) , ici : < http://www.dsi12.fr/telechargements/vnc/kerio-kpf-4.2.2-911-win.exe > ou là :< http://www.infos-du-net.com/telecharger/Firewall-Kerio-Personal,0301-390.html > •- Ensuite lancer l'installation de ce pare-feu. Pour cela: - tu dois impérativement couper la connexion de ton modem (débranche-le), -Ça peut être un routeur et tu es relié par un câble, tu débranches le cable. -Ça peut être un mécanisme wifi. Tu l'arrêtes ou tu le débranches si c'est un dongle). -ensuite installer ce pare-feu une fois téléchargé , -et l'activer ( vérifier à ce moment que celui de Windows soit bien désactivé -si non, fais-le manuellement, comme ceci : - Démarrer ->panneau de config (en affichage classique) -> pare-feu windows et tu le mets sur "désactiver". ) •- et enfin si tout s'est bien déroulé, rétablir ta connexion à Internet. . Eventuellement mettre à jour Kério. Visite ceci: < https://kerio.probb.fr/ > ; c'est ton intérêt . Et clic là où renvoient les flèches < http://img249.imageshack.us/img249/1538/screenshot254tq8.gif > Sur ce site, tu seras aidé spécifiquement à Kerio. Merci à Boulepate. Avec ces tutoriels pour configurer et comprendre l'utilisation de Kerio - http://www.chez.com/leppa/scripts/kpfV4.html - https://www.vulgarisation-informatique.com/kerio.php -Tuto - https://forums.cnetfrance.fr -Bloquer des ports avec Kerio - créer une règle de filtrage < https://www.vulgarisation-informatique.com/bloquer-ports.php > DESACTIVE BIENSUR LE PAREFEU WINDOWS ;)

dreamcastman · Answer

Jai essaye daller sur ton Kaspersky Online Scanner 
Mais le probleme c quil me fait quil ya eu une erreur sur la Page (JavaScript je pense).

Donc si tu av un autre lien a me proposer je suis prenant

Darkkiller · Answer

Re,

Autre scan :

https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm

Tutorial a suivre ( provenant du site a Malekal_Morte ) :

https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId237368

dreamcastman · Answer

Je sai pas si jai encore un virus sur mon PC mais le seuk probleme que jai pour linstant c le son.

Quand je lance mon PC (qui met 10 ans) et que je lance un film le son est niquel mais des que je lance un logiciel ou internet kkchose qui fait travailler la memoire ben le son ne fait que grésiler.

Est ce un virus ou autre chose?

Darkkiller · Answer

Re,

Fais le scan panda que j'ai indiqué lors du post <83>

dreamcastman · Answer

Quand je clique pour lancer le scan rien ne se lance....

Je crois avoir cerner le ^robleme:

Mon PC lag si et seulement si je me connecte a internet !!!

comment je peux savoir si un trojan ma ouvert des ports dangereux.......??

Help

Darkkiller · Answer

Poste un log Hijackthis.

dreamcastman · Answer

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 23:29:11, on 15/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard
hksrv.exe
C:\Program Files\a-squared Anti-Malware\a2service.exe
C:\WINDOWS\system32\svchost.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\Scan_v2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O20 - AppInit_DLLs: ,clkern.dll,wbsys.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
hksrv.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Service Partage réseau du Lecteur Windows Media (WMPNetworkSvc) - Unknown owner - C:\Program Files\Windows Media Player\WMPNetwk.exe

Darkkiller · Answer

Re,

Télécharge la bersion 1.99 d'Hijackthis :

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

dreamcastman · Answer

Logfile of HijackThis v1.99.1
Scan saved at 23:37:58, on 15/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard
hksrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: ,clkern.dll,wbsys.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
hksrv.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

Darkkiller · Answer

Re,

Renomme Hijackthis en Scanner.exe et repost un log.

dreamcastman · Answer

Logfile of HijackThis v1.99.1
Scan saved at 23:50:20, on 15/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard
hksrv.exe
C:\WINDOWS\system32\svchost.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\hijackthis\HijackThis.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\hijackthis\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O11 - Options group: [INTERNATIONAL] International*
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Fichiers communs\Microsoft Shared\Help\hxds.dll
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: ,clkern.dll,wbsys.dll
O20 - Winlogon Notify: WBSrv - C:\PROGRA~1\Stardock\OBJECT~1\WINDOW~1\wbsrv.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Program Files\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
hksrv.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe

dreamcastman · Answer

Le pire des ralentissement c quand je lance emule

Mon PC ralentit a un point jamais vu!!!

comment verifier louverture des ports propres?

dreamcastman · Answer

Emule bouffe 100% de Mon UC c pe- pour ca quil lag mon PC?

Darkkiller · Answer

Re,

Désinstalle EmUle, c'est normal qu'il prenne tout ton UC car il recherche et télécharge des fichiers donc c'est trop pour ton pc , je te conseille vivement de désinstaller Emule.

dreamcastman · Answer

Ca fait plus de deux ans que jutilise emule sur le meme PC et c que maintenant que jai ce probleme!!

C pas un virus ou des ports réseau ouverts par un spyware?

Darkkiller · Answer

Re,

Passe un coup d'avg a-s :

Télécharge AVG Anti-Spyware: 


https://www.avg.com/en-ww/free-antivirus-download 


Tu l'installes. 
Lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente 

Lance AVG Anti-Spyware 
Clique sur le bouton Analyse (de la barre d'outils) 
Puis sur l'onglets Comment réagir, clique sur Actions recommandées. Sélectionne Quarantaine. 
Reviens à l'onglet Analyse. Clique sur Analyse complète du système. 
A la fin du scan, choisis l'option " Appliquer toutes les actions " en bas. 
Clique sur "Enregistrer le rapport". Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware. 

poste le rapport AVG!

dreamcastman · Answer

Deja FAit

Darkkiller · Answer

Ben repost un nouveau rapport que tu viens de faire biensûr ;)

dreamcastman · Answer

Mais le probleme c que c long lantivirus ca prend pas 5 min

Darkkiller · Answer

Je sais mais il me le faut vraiment :s

dreamcastman · Answer

Me REvoila DSL pour le retard jai pas trop eu le temps :

Je vous donne 2 Rapports, AVG et Hijack:


 + Créé à:	08:49:59 18/05/2007

 + Résultat de l'analyse:	



C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\EliBaglA.exe -> Heuristic.Win32.AVKiller : Aucune action entreprise.
:mozilla.36:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.37:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.247realmedia : Aucune action entreprise.
:mozilla.42:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.44:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.Adtech : Aucune action entreprise.
:mozilla.40:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.Adviva : Aucune action entreprise.
C:\Documents and Settings\Administrateur.DREAMCAST\Cookies\administrateur@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
:mozilla.39:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
:mozilla.91:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.92:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.93:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.Comclick : Aucune action entreprise.
:mozilla.43:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
:mozilla.59:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Documents and Settings\Administrateur.DREAMCAST\Cookies\administrateur@overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
:mozilla.60:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.61:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.62:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
:mozilla.11:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.12:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
:mozilla.30:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
:mozilla.31:C:\Documents and Settings\Administrateur.DREAMCAST\Application Data\Mozilla\Firefox\Profiles\k1kx492a.default\cookies.txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Documents and Settings\Administrateur.DREAMCAST\Cookies\administrateur@ad.yieldmanager[2].txt -> TrackingCookie.Yieldmanager : Aucune action entreprise.


Fin du rapport (jai tout supprimer)


Hijack:

Logfile of HijackThis v1.99.1
Scan saved at 12:09:52, on 18/05/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\Apps\ActivBoard
hksrv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32
vsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetDrive\wdService.exe
C:\Apps\ActivBoard\MMKeybd.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Apps\ActivBoard\TrayMon.exe
C:\Apps\ActivBoard\OSD.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\hijackthis\Scanner.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = 
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet	ools\BitCometBHO_1.1.4.29.dll
O4 - HKLM\..\Run: [ACTIVBOARD] C:\Apps\ActivBoard\MMKeybd.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKCU\..\Run: [SuperCopier2.exe] "C:\Program Files\SuperCopier2\SuperCopier2.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O8 - Extra context menu item: Download all links using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Download all videos using BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: Download link using &BitComet - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\FICHIE~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O20 - AppInit_DLLs: ,clkern.dll,wbsys.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Netropa NHK Server (nhksrv) - Unknown owner - C:\Apps\ActivBoard
hksrv.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32
vsvc32.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: WebDrive Service (WebDriveService) - Unknown owner - C:\Program Files\NetDrive\wdService.exe

donc Si ca pe taider, s'est tant mieux

Darkkiller · Answer

Re,

Supprime ce fichier :

C:\Documents and Settings\Administrateur.DREAMCAST\Bureau\EliBaglA.exe

dreamcastman · Answer

Deja fait (Jai bien mis entre parenthese que jai tout supprimer XD)

Torai pas un site possedant des fixs ou des personnes possedant le meme probleme que moi? 

Parce que jai limpression de faire du sur-place la! Ca fait le 100e POST et jai toujours le meme probleme

Darkkiller · Answer

Re,


On recommence tout depuis le début, Qu'as tu comme problème ?

dreamcastman · Answer

Va voir le post uc elevé que jai crée

[Spyware Récalcitrant] Infecté cacu_001.exe - Page 6

Discussions similaires

Newsletters