Sujet Précédent Sujet Suivant

Microsoft winsdows securitycenter disabled

Résolu
marie450 Messages postés 79 Statut Membre -  
 marie450 -
ja un pc portable ; j ai fait une analyse avec spybot il me detect en rouge security center disabled je le retire a chaque fois et fait une vaccination il revient mais qu est ce que se veut dire ??? je viens de faire un netoyage avec C.CLEANE V1.4O.520 et il a rien detecter !!! aidez moi svp merci
A voir également:

53 réponses

Précédent
Réponse 21 / 53
marie450 Messages postés 79 Statut Membre 2
 
RAPORT NUMERO 2
Rapport clean par Malekal_morte - http://www.malekal.com
Script execute en mode sans echec 03/07/2007 a 20:48:12,81

Microsoft Windows XP [version 5.1.2600]

*** Suppression des fichiers dans C:

*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de "C:\WINDOWS\photos.zip"

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de "C:\WINDOWS\Downloaded Program Files\CONFLICT.1"

*** Suppression des fichiers dans C:\Program Files
tentative de suppression de "C:\Program Files\DivX\Google\Firefox\ffinstaller.exe"
tentative de suppression de "C:\Program Files\Free Offers from Freeze.com"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
0
Réponse 22 / 53
marie450 Messages postés 79 Statut Membre 2
 
MERCI DE TON AIDE
ET CEST T OUT?????? C EST REPARER ? J AI RIEN D AUTRE A FAIRE ?
JE PEUX SUPPRIMER SMITFRAUDFIX ET CLEAN SUR LE BUREAU ??
0
Réponse 23 / 53
marie450 Messages postés 79 Statut Membre 2
 
PS J AI FAIT UN SCAN AVEC SPYBOT ET microsoft winsdows securitycenter disabled EST TOUJOURS EN ROUGE PEUT ETRE QUE SA RISQUE RIEN ????
0
Réponse 24 / 53
rudyrital Messages postés 6233 Statut Membre 131
 
fait un scan ici
https://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.

tuto en image

http://pageperso.aol.fr/rginformatique/mapage/defender.htm

copie/colle le rapport sur le forum

0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 53
marie450 Messages postés 79 Statut Membre 2
 
VOILA LE RAPPORT DE SCAN
BitDefender Online Scanner

Rapport d'analyse généré à: Tue, Jul 03, 2007 - 23:48:45

Voie d'analyse: A:\;C:\;D:\;

Statistiques

Temps
00:52:30

Fichiers
119055

Directoires
3456

Secteurs de boot
2

Archives
4255

Paquets programmes
5631

Résultats

Virus identifiés
2

Fichiers infectés
6

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
6

Info sur les moteurs

Définition virus
636723

Version des moteurs
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Analyse des plugins
14

Archive des plugins
38

Unpack des plugins
6

E-mail plugins
6

Système plugins
1

Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
*;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analysé
Statut

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP156\A0048914.exe
Infecté par: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP156\A0048914.exe
Echec de la désinfection

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP156\A0048914.exe
Supprimé

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP156\A0048915.exe
Infecté par: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP156\A0048915.exe
Echec de la désinfection

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP156\A0048915.exe
Supprimé

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052447.exe
Infecté par: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052447.exe
Echec de la désinfection

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052447.exe
Supprimé

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052448.exe
Infecté par: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052448.exe
Echec de la désinfection

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052448.exe
Supprimé

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052466.exe
Infecté par: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052466.exe
Echec de la désinfection

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052466.exe
Supprimé

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP185\A0053836.exe
Infecté par: Trojan.Downloader.WinFixer.W

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP185\A0053836.exe
Echec de la désinfection

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP185\A0053836.exe
Supprimé
0
Réponse 26 / 53
marie450 Messages postés 79 Statut Membre 2
 
VOILA LE RAPPORT BITDEFENDER
BitDefender Online Scanner

Rapport d'analyse généré à: Tue, Jul 03, 2007 - 23:48:45

Voie d'analyse: A:\;C:\;D:\;

Statistiques

Temps
00:52:30

Fichiers
119055

Directoires
3456

Secteurs de boot
2

Archives
4255

Paquets programmes
5631

Résultats

Virus identifiés
2

Fichiers infectés
6

Fichiers suspects
0

Avertissements
0

Désinfectés
0

Fichiers effacés
6

Info sur les moteurs

Définition virus
636723

Version des moteurs
AVCORE v1.0 (build 2410) (i386) (Jun 12 2007 21:08:27)

Analyse des plugins
14

Archive des plugins
38

Unpack des plugins
6

E-mail plugins
6

Système plugins
1

Paramètres d'analyse

Première action
Désinfecté

Seconde Action
Supprimé

Heuristique
Oui

Acceptez les avertissements
Oui

Extensions analysées
*;

Excludez les extensions

Analyse d'emails
Oui

Analyse des Archives
Oui

Analyser paquets programmes
Oui

Analyse des fichiers
Oui

Analyse de boot
Oui

Fichier analysé
Statut

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP156\A0048914.exe
Infecté par: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP156\A0048914.exe
Echec de la désinfection

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP156\A0048914.exe
Supprimé

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP156\A0048915.exe
Infecté par: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP156\A0048915.exe
Echec de la désinfection

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP156\A0048915.exe
Supprimé

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052447.exe
Infecté par: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052447.exe
Echec de la désinfection

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052447.exe
Supprimé

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052448.exe
Infecté par: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052448.exe
Echec de la désinfection

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052448.exe
Supprimé

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052466.exe
Infecté par: Trojan.FatObfus.Gen

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052466.exe
Echec de la désinfection

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP171\A0052466.exe
Supprimé

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP185\A0053836.exe
Infecté par: Trojan.Downloader.WinFixer.W

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP185\A0053836.exe
Echec de la désinfection

C:\System Volume Information\_restore{692C7171-81F7-4C41-A7C3-5CBD24C818B1}\RP185\A0053836.exe
Supprimé
0
Réponse 27 / 53
marie450 Messages postés 79 Statut Membre 2
 
CE MATIN J AI ENCORE FAIT UN SCAN DE SPYBOT ET MISCROFT WINSDOWS SECURITY ET TOUJOURS EN ROUGE J AI ETE VOIR SUR VOTRE SITE COMMENT SE DEBARRASSER DE TROJAN FAT OBFUS J AI FAIT UN SCAN DE COMBOFIX ET VOILA LE SCAN
"HOYER" - 2007-07-04 9:55:51 - ComboFix 07-07-03.9 - Service Pack 2

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\tmp45.tmp

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_FOPF

((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))

2007-07-04 09:54 51,200 --a------ C:\WINDOWS\nircmd.exe
2007-07-04 09:51 <REP> d-------- C:\Program Files\Hijackthis Version Fran‡aise
2007-07-03 22:53 <REP> d-------- C:\WINDOWS\BDOSCAN8
2007-07-03 19:46 4,068 --a------ C:\WINDOWS\system32\tmp.reg
2007-07-03 19:27 53,248 --a------ C:\WINDOWS\system32\Process.exe
2007-07-03 19:27 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2007-07-03 19:27 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2007-07-03 11:01 5,242,880 --a------ C:\DOCUME~1\HOYER\ntuser.dat
2007-07-03 10:21 <REP> d-------- C:\Program Files\PC Inspector File Recovery
2007-07-02 11:16 <REP> d-------- C:\Program Files\RegCleaner
2007-07-01 20:34 <REP> d-------- C:\VundoFix Backups
2007-07-01 20:01 <REP> d-------- C:\DOCUME~1\HOYER\APPLIC~1\Thunderbird
2007-07-01 20:00 <REP> d-------- C:\Program Files\Mozilla Thunderbird
2007-07-01 14:31 <REP> d-------- C:\WINDOWS\system32\Panda Software
2007-06-30 19:09 <REP> d-------- C:\WINDOWS\Performance
2007-06-30 19:08 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Microsoft Corporation
2007-06-30 19:07 <REP> d-------- C:\Program Files\Microsoft Windows Vista Upgrade Advisor
2007-06-30 15:40 <REP> d-------- C:\Program Files\Clean Disk Security
2007-06-29 21:15 65,536 --a------ C:\WINDOWS\system32\NeroCo.dll
2007-06-29 21:15 2,031,616 --------- C:\WINDOWS\UNNeroBurnRights.exe
2007-06-29 21:15 <REP> d-------- C:\Program Files\Ahead
2007-06-29 20:51 <REP> d-------- C:\Program Files\Image HTML Integrator
2007-06-29 17:50 <REP> d-------- C:\Program Files\Serif
2007-06-29 16:30 <REP> d-------- C:\Program Files\Fujifilm
2007-06-29 15:49 <REP> d-------- C:\Program Files\VirginMega
2007-06-28 18:22 <REP> d-------- C:\LXKZ55
2007-06-28 14:56 <REP> d-------- C:\Program Files\NCH Swift Sound
2007-06-27 20:30 <REP> d-------- C:\WINDOWS\pss
2007-06-27 10:02 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2007-06-26 20:46 <REP> d-------- C:\Program Files\CCleaner
2007-06-26 19:21 <REP> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2007-06-25 16:11 <REP> d-------- C:\USB_DRV
2007-06-21 16:39 <REP> d-------- C:\DOCUME~1\HOYER\APPLIC~1\Real
2007-06-21 10:46 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Bluetooth
2007-06-21 10:34 54,784 --a------ C:\WINDOWS\system32\drivers\vfwwdm32.dll
2007-06-21 10:33 82,148 --a------ C:\WINDOWS\system32\drivers\VcommMgr.sys
2007-06-21 10:33 77,824 -ra------ C:\WINDOWS\system32\drivers\SioUi2k.dll
2007-06-21 10:33 7,680 --a------ C:\WINDOWS\system32\btinstall.dll
2007-06-21 10:33 63,488 -ra------ C:\WINDOWS\system32\drivers\wssbtr1f.sys
2007-06-21 10:33 61,312 --a------ C:\WINDOWS\system32\drivers\VComm.sys
2007-06-21 10:33 51,169 -ra------ C:\WINDOWS\system32\drivers\OXSER.SYS
2007-06-21 10:33 49,152 --a------ C:\WINDOWS\system32\btfunc.dll
2007-06-21 10:33 48,556 -ra------ C:\WINDOWS\system32\drivers\SktBt2k.sys
2007-06-21 10:33 48,076 -ra------ C:\WINDOWS\system32\drivers\Sio9502k.sys
2007-06-21 10:33 40,960 -ra------ C:\WINDOWS\system32\drivers\SCTray.exe
2007-06-21 10:33 28,271 --a------ C:\WINDOWS\system32\drivers\BTHidMgr.sys
2007-06-21 10:33 23,000 --a------ C:\WINDOWS\system32\drivers\btcusb.sys
2007-06-21 10:33 20,480 --a------ C:\WINDOWS\system32\drivers\blueletaudio.sys
2007-06-21 10:33 148,830 --a------ C:\WINDOWS\system32\drivers\bcbthub.sys
2007-06-21 10:33 13,304 --a------ C:\WINDOWS\system32\drivers\BTNetFilter.sys
2007-06-21 10:33 116,021 --a------ C:\WINDOWS\system32\drivers\fw203x.sys
2007-06-21 10:33 11,860 --a------ C:\WINDOWS\system32\drivers\vbtenum.sys
2007-06-21 10:33 11,736 --a------ C:\WINDOWS\system32\drivers\VHIDMini.sys
2007-06-21 10:33 10,804 --a------ C:\WINDOWS\system32\drivers\BtNetDrv.sys
2007-06-21 10:33 <REP> d-------- C:\Program Files\IVT Corporation
2007-06-21 01:31 <REP> d-------- C:\Program Files\Uniblue
2007-06-20 15:14 89,360 --a------ C:\WINDOWS\system32\VB5DB.DLL
2007-06-20 15:14 6,097 --a------ C:\WINDOWS\system32\drivers\sonyhcb.sys
2007-06-20 15:14 53,248 --a------ C:\WINDOWS\system32\SONYHCY.DLL
2007-06-20 15:14 38,739 --a------ C:\WINDOWS\system32\drivers\sonyhcc.sys
2007-06-20 15:14 3,654 --a------ C:\WINDOWS\system32\drivers\Sonyhcp.dll
2007-06-20 15:14 299,923 --a------ C:\WINDOWS\system32\drivers\sonyhcs.sys
2007-06-20 15:14 102,220 --a------ C:\WINDOWS\system32\drivers\sonypvs1.sys
2007-06-20 15:14 <REP> d-------- C:\Drivers
2007-06-20 15:13 13,567 --------- C:\WINDOWS\system32\drivers\CDRBSDRV.SYS
2007-06-20 15:13 <REP> d-------- C:\Program Files\Sony Corporation
2007-06-18 13:41 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\BVRP Software
2007-06-17 11:58 22,112 -ra------ C:\WINDOWS\system32\drivers\COH_Mon.sys
2007-06-16 21:12 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2007-06-16 20:34 <REP> d-------- C:\Program Files\Panicware
2007-06-16 16:11 <REP> d-------- C:\Program Files\Norton Internet Security
2007-06-16 16:08 48,776 --a------ C:\WINDOWS\system32\S32EVNT1.DLL
2007-06-16 16:08 115,000 --a------ C:\WINDOWS\system32\drivers\SYMEVENT.SYS
2007-06-16 11:56 <REP> d-------- C:\Program Files\VirusGarde
2007-06-15 17:52 <REP> d--hs---- C:\UGA6PV
2007-06-15 17:51 <REP> d-------- C:\DOCUME~1\HOYER\APPLIC~1\VirusGarde
2007-06-15 17:33 <REP> d-------- C:\DOCUME~1\LOCALS~1\APPLIC~1\site cast okay
2007-06-14 21:28 <REP> d-------- C:\Program Files\PopUp Destroy
2007-06-14 21:14 <REP> d-------- C:\WINDOWS\PopUp Killer
2007-06-14 15:23 <REP> d-------- C:\Program Files\Proxomitron Naoko v4.5
2007-06-13 20:36 164 --a------ C:\install.dat
2007-06-12 16:12 <REP> d-------- C:\DOCUME~1\HOYER\APPLIC~1\vlc
2007-06-12 16:10 <REP> d-------- C:\Program Files\VideoLAN
2007-06-12 11:52 <REP> d-------- C:\Program Files\Antipub
2007-06-12 11:49 <REP> d-------- C:\DOCUME~1\HOYER\APPLIC~1\SPAMfighter
2007-06-11 23:20 <REP> d-------- C:\Program Files\Fichiers communs\Motorola Shared
2007-06-11 16:11 <REP> d-------- C:\My Downloads
2007-06-11 15:20 268,015 --a------ C:\WINDOWS\system32\hclgabcwfa_nav.dat
2007-06-11 15:20 1,747 --a------ C:\WINDOWS\system32\hclgabcwfa_navps.dat
2007-06-11 15:19 7,801 --a------ C:\WINDOWS\system32\hclgabcwfa.dat
2007-06-11 14:40 <REP> d-------- C:\Program Files\site cast okay
2007-06-11 14:40 <REP> d-------- C:\DOCUME~1\HOYER\APPLIC~1\site cast okay
2007-06-11 14:40 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Mpeg idle each dent
2007-06-11 14:31 <REP> d-------- C:\Program Files\eMule
2007-06-09 14:20 <REP> dr------- C:\DOCUME~1\LOCALS~1\Favoris
2007-06-05 10:34 1,184,664 --a------ C:\WINDOWS\system32\FreeImage.dll

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-04 07:53:19 -------- d-----w C:\Program Files\Hijackthis Version Française
2007-07-04 07:01:45 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-07-03 08:22:48 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-01 18:13:10 5,543 ----a-w C:\WINDOWS\mozver.dat
2007-07-01 08:21:41 -------- d-----w C:\Program Files\Google
2007-06-30 17:31:02 78,796 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-30 17:31:02 495,340 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-30 12:15:47 -------- d-----w C:\Program Files\Common Files
2007-06-30 12:15:35 -------- d-----w C:\Program Files\Yahoo!
2007-06-29 17:12:49 -------- d-----w C:\Program Files\ArcSoft
2007-06-29 15:58:09 -------- d-----w C:\Program Files\Microsoft Picture It! PhotoPub
2007-06-24 17:40:07 -------- d-----w C:\DOCUME~1\HOYER\APPLIC~1\Canon
2007-06-22 16:28:36 100 ----a-w C:\AUTOEXEC.BAT
2007-06-22 11:20:43 -------- d-----w C:\Program Files\DivX
2007-06-21 18:02:58 -------- d-----w C:\DOCUME~1\HOYER\APPLIC~1\Apple Computer
2007-06-21 15:06:29 -------- d-----w C:\Program Files\Fichiers communs\Real
2007-06-21 14:42:17 -------- d-----w C:\Program Files\Real
2007-06-21 10:04:15 -------- d-----w C:\DOCUME~1\HOYER\APPLIC~1\Uniblue
2007-06-16 14:16:23 -------- d-----w C:\Program Files\Symantec
2007-06-13 14:57:53 -------- d-----w C:\Program Files\Services en ligne
2007-05-28 18:09:07 -------- d-----w C:\Program Files\Alwil Software
2007-05-26 15:35:57 -------- d-----w C:\Program Files\Club-Internet
2007-05-24 10:15:00 -------- d-----w C:\Program Files\FoneSync
2007-05-22 12:34:20 -------- d-----w C:\Program Files\MSN Messenger
2007-05-19 21:13:42 -------- d-----w C:\DOCUME~1\HOYER\APPLIC~1\MSNInstaller
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-13 19:18:36 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-05-13 18:00:12 -------- d-----w C:\DOCUME~1\HOYER\APPLIC~1\Teleca
2007-05-13 17:59:22 -------- d-----w C:\DOCUME~1\HOYER\APPLIC~1\Sony Ericsson
2007-05-13 08:30:19 -------- d-----w C:\Program Files\SM
2007-05-07 17:33:44 -------- d-----w C:\DOCUME~1\HOYER\APPLIC~1\Yahoo!
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-22 12:03:10 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:46:28 1,044,480 ----a-w C:\WINDOWS\system32\Roboex32.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-16 20:17:59 57,344 ----a-w C:\WINDOWS\uneng.exe
2007-04-04 07:30:49 4,572 ----a-w C:\WINDOWS\system32\jmadfbeybe.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 10:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
2007-02-19 19:27 96936 -ra------ C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:56 2436160 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-12 18:07]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 19:22]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-04 08:09]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 18:16]
"StandardInstall"="" []
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38]
"EoEngine"="" []
"EoWeather"="" []
"EoClock"="" []
"EoComputer"="" []
"EoRss"="" []
"EoNet"="" []
"EoSudoku"="" []
"EoPhoto"="" []
"Motive SmartBridge"="C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 08:51]
"OPTENET_GUI"="C:\PROGRA~1\CLUB-I~1\CONTRO~1\bin\OPTGui.exe" [2007-01-08 16:35]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-02-19 19:24]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"CARPService"="carpserv.exe" [2003-05-21 15:35 C:\WINDOWS\system32\carpserv.exe]
"MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" []
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-19 19:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-30 19:49]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"FIND AUDIO"="C:\DOCUME~1\HOYER\APPLIC~1\SITECA~1\FIRST WMA.exe" []
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-07-04 08:00:04 C:\WINDOWS\tasks\A49353C89198C80C.job
2007-06-26 08:02:01 C:\WINDOWS\tasks\Norton Internet Security Online - Analyse système complète - HOYER.job
2007-06-21 00:28:40 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
2007-06-21 00:28:37 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
2007-06-21 09:57:32 C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
2007-06-21 07:23:03 C:\WINDOWS\tasks\Uniblue SpyEraser.job

**************************************************************************

catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-04 10:42:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

Completion time: 2007-07-04 10:51:21 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-04 10:51

--- E O F ---
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\DOCUME~1\ALLUSE~1\APPLIC~1.\TEMP
C:\WINDOWS\system32\nvs2.inf
C:\WINDOWS\system32\tmp45.tmp

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

-------\LEGACY_FOPF

((((((((((((((((((((((((( Files Created from 2007-06-04 to 2007-07-04 )))))))))))))))))))))))))))))))

No new files created in this timespan

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2007-07-04 07:53:19 -------- d-----w C:\Program Files\Hijackthis Version Française
2007-07-04 07:01:45 -------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2007-07-03 08:22:48 -------- d--h--w C:\Program Files\InstallShield Installation Information
2007-07-01 18:13:10 5,543 ----a-w C:\WINDOWS\mozver.dat
2007-07-01 08:21:41 -------- d-----w C:\Program Files\Google
2007-06-30 17:31:02 78,796 ----a-w C:\WINDOWS\system32\perfc00C.dat
2007-06-30 17:31:02 495,340 ----a-w C:\WINDOWS\system32\perfh00C.dat
2007-06-30 12:15:47 -------- d-----w C:\Program Files\Common Files
2007-06-30 12:15:35 -------- d-----w C:\Program Files\Yahoo!
2007-06-29 17:12:49 -------- d-----w C:\Program Files\ArcSoft
2007-06-29 15:58:09 -------- d-----w C:\Program Files\Microsoft Picture It! PhotoPub
2007-06-24 17:40:07 -------- d-----w C:\DOCUME~1\HOYER\APPLIC~1\Canon
2007-06-22 16:28:36 100 ----a-w C:\AUTOEXEC.BAT
2007-06-22 11:20:43 -------- d-----w C:\Program Files\DivX
2007-06-21 18:02:58 -------- d-----w C:\DOCUME~1\HOYER\APPLIC~1\Apple Computer
2007-06-21 15:06:29 -------- d-----w C:\Program Files\Fichiers communs\Real
2007-06-21 14:42:17 -------- d-----w C:\Program Files\Real
2007-06-21 10:04:15 -------- d-----w C:\DOCUME~1\HOYER\APPLIC~1\Uniblue
2007-06-16 14:16:23 -------- d-----w C:\Program Files\Symantec
2007-06-13 14:57:53 -------- d-----w C:\Program Files\Services en ligne
2007-05-28 18:09:07 -------- d-----w C:\Program Files\Alwil Software
2007-05-26 15:35:57 -------- d-----w C:\Program Files\Club-Internet
2007-05-24 10:15:00 -------- d-----w C:\Program Files\FoneSync
2007-05-22 12:34:20 -------- d-----w C:\Program Files\MSN Messenger
2007-05-19 21:13:42 -------- d-----w C:\DOCUME~1\HOYER\APPLIC~1\MSNInstaller
2007-05-16 15:13:53 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
2007-05-13 19:18:36 22,768 ----a-w C:\WINDOWS\system32\drivers\usbsermpt.sys
2007-05-13 18:00:12 -------- d-----w C:\DOCUME~1\HOYER\APPLIC~1\Teleca
2007-05-13 17:59:22 -------- d-----w C:\DOCUME~1\HOYER\APPLIC~1\Sony Ericsson
2007-05-13 08:30:19 -------- d-----w C:\Program Files\SM
2007-05-07 17:33:44 -------- d-----w C:\DOCUME~1\HOYER\APPLIC~1\Yahoo!
2007-04-25 14:22:35 144,896 ----a-w C:\WINDOWS\system32\schannel.dll
2007-04-22 12:03:10 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2007-04-18 16:14:18 2,854,400 ----a-w C:\WINDOWS\system32\msi.dll
2007-04-16 20:47:36 33,624 ----a-w C:\WINDOWS\system32\wups.dll
2007-04-16 20:46:28 1,044,480 ----a-w C:\WINDOWS\system32\Roboex32.dll
2007-04-16 20:45:54 1,710,936 ----a-w C:\WINDOWS\system32\wuaueng.dll
2007-04-16 20:45:48 549,720 ----a-w C:\WINDOWS\system32\wuapi.dll
2007-04-16 20:45:42 325,976 ----a-w C:\WINDOWS\system32\wucltui.dll
2007-04-16 20:45:36 203,096 ----a-w C:\WINDOWS\system32\wuweb.dll
2007-04-16 20:45:28 92,504 ----a-w C:\WINDOWS\system32\cdm.dll
2007-04-16 20:45:20 53,080 ----a-w C:\WINDOWS\system32\wuauclt.exe
2007-04-16 20:45:20 43,352 ----a-w C:\WINDOWS\system32\wups2.dll
2007-04-16 20:43:40 208,248 ----a-w C:\WINDOWS\system32\muweb.dll
2007-04-16 20:17:59 57,344 ----a-w C:\WINDOWS\uneng.exe
2007-04-04 07:30:49 4,572 ----a-w C:\WINDOWS\system32\jmadfbeybe.dat

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}]
2006-10-26 10:28 440384 --a------ C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1E8A6170-7264-4D0F-BEAE-D42A53123C75}]
2007-02-19 19:27 96936 -ra------ C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
2005-05-31 01:04 853672 --a------ C:\PROGRA~1\SPYBOT~1\SDHelper.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
2007-01-19 23:56 2436160 -ra------ c:\program files\google\googletoolbar2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WorksFUD"="C:\Program Files\Microsoft Works\wkfud.exe" [2000-07-12 18:07]
"Microsoft Works Portfolio"="C:\Program Files\Microsoft Works\WksSb.exe" [2000-07-12 19:22]
"Microsoft Works Update Detection"="C:\Program Files\Microsoft Works\WkDetect.exe" [2000-08-04 08:09]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 18:16]
"StandardInstall"="" []
"Omnipage"="C:\Program Files\ScanSoft\OmniPageSE\opware32.exe" [2002-06-03 12:38]
"EoEngine"="" []
"EoWeather"="" []
"EoClock"="" []
"EoComputer"="" []
"EoRss"="" []
"EoNet"="" []
"EoSudoku"="" []
"EoPhoto"="" []
"Motive SmartBridge"="C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 08:51]
"OPTENET_GUI"="C:\PROGRA~1\CLUB-I~1\CONTRO~1\bin\OPTGui.exe" [2007-01-08 16:35]
"osCheck"="C:\Program Files\Norton Internet Security\osCheck.exe" [2007-02-19 19:24]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2007-03-12 10:22]
"CARPService"="carpserv.exe" [2003-05-21 15:35 C:\WINDOWS\system32\carpserv.exe]
"MsgCenterExe"="C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" []
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-19 19:25]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2006-03-02 14:00]
"Uniblue RegistryBooster2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-06-30 19:49]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55]
"FIND AUDIO"="C:\DOCUME~1\HOYER\APPLIC~1\SITECA~1\FIRST WMA.exe" []
"eMuleAutoStart"="C:\Program Files\eMule\emule.exe" []

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoLowDiskSpaceChecks"=0 (0x0)

*Newly Created Service* - COMHOST

Contents of the 'Scheduled Tasks' folder
2007-07-04 08:00:04 C:\WINDOWS\tasks\A49353C89198C80C.job
2007-06-26 08:02:01 C:\WINDOWS\tasks\Norton Internet Security Online - Analyse système complète - HOYER.job
2007-06-21 00:28:40 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC Nag.job
2007-06-21 00:28:37 C:\WINDOWS\tasks\Uniblue SpeedUpMyPC.job
2007-06-21 09:57:32 C:\WINDOWS\tasks\Uniblue SpyEraser Nag.job
2007-06-21 07:23:03 C:\WINDOWS\tasks\Uniblue SpyEraser.job

**************************************************************************

catchme 0.3.914 W2K/XP/Vista - rootkit detector by Gmer, http://www.gmer.net
Rootkit scan 2007-07-04 10:52:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

**************************************************************************

Completion time: 2007-07-04 10:54:49 - machine was rebooted
C:\ComboFix-quarantined-files.txt ... 2007-07-04 10:54

--- E O F ---
0
Réponse 28 / 53
marie450 Messages postés 79 Statut Membre 2
 
je viens de faire un scan de hijackthis
StartupList report, 2007-07-04, 11:46:04
StartupList version: 1.52.2
Started from : C:\Documents and Settings\HOYER\Bureau\HiJackThis_v2.EXE
Detected: Windows XP SP2 (WinNT 5.01.2600)
Detected: Internet Explorer v7.00 (7.00.6000.16473)
* Using default options
==================================================

Running processes:

C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Microsoft Works\WksSb.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\CLUB-I~1\CONTRO~1\bin\OPTGui.exe
C:\WINDOWS\system32\carpserv.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
C:\Program Files\Club-Internet\Controle Parental\bin\optproxy.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
C:\Program Files\LE COMPAGNON CLUB\bin\mpbtn.exe
C:\WINDOWS\System32\svchost.exe
C:\Documents and Settings\HOYER\Bureau\HiJackThis_v2.exe
C:\Program Files\Internet Explorer\iexplore.exe

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:\Documents and Settings\HOYER\Menu Démarrer\Programmes\Démarrage]
Club Internet.lnk = C:\Program Files\Club-Internet\Lanceur\lanceur.exe

Shell folders Common Startup:
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
BlueSoleil.lnk = ?
LE COMPAGNON CLUB.lnk = C:\Program Files\LE COMPAGNON CLUB\bin\matcli.exe

--------------------------------------------------

Checking Windows NT UserInit:

[HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon]
UserInit = C:\WINDOWS\system32\userinit.exe,

--------------------------------------------------

Autorun entries from Registry:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

WorksFUD = "C:\Program Files\Microsoft Works\wkfud.exe"
Microsoft Works Portfolio = "C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers
Microsoft Works Update Detection = "C:\Program Files\Microsoft Works\WkDetect.exe"
BJCFD = "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
StandardInstall =
Omnipage = "C:\Program Files\ScanSoft\OmniPageSE\opware32.exe"
EoEngine =
EoWeather =
EoClock =
EoComputer =
EoRss =
EoNet =
EoSudoku =
EoPhoto =
Motive SmartBridge = C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe
OPTENET_GUI = C:\PROGRA~1\CLUB-I~1\CONTRO~1\bin\OPTGui.exe
osCheck = "C:\Program Files\Norton Internet Security\osCheck.exe"
Symantec PIF AlertEng = "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
CARPService = carpserv.exe
MsgCenterExe = "C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot
ccApp = "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
Adobe Reader Speed Launcher = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

--------------------------------------------------

Autorun entries from Registry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Run

ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
Uniblue RegistryBooster2 = C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
Uniblue RegistryBooster 2 = C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
swg = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
MsnMsgr = "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
FIND AUDIO = C:\DOCUME~1\HOYER\APPLIC~1\SITECA~1\FIRST WMA.exe
eMuleAutoStart = C:\Program Files\eMule\emule.exe -AutoStart

--------------------------------------------------

Autorun entries in Registry subkeys of:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run

[OptionalComponents]
=

--------------------------------------------------

Shell & screensaver key from C:\WINDOWS\SYSTEM.INI:

Shell=*INI section not found*
SCRNSAVE.EXE=*INI section not found*
drivers=*INI section not found*

Shell & screensaver key from Registry:

Shell=Explorer.exe
SCRNSAVE.EXE=*Registry value not found*
drivers=*Registry value not found*

Policies Shell key:

HKCU\..\Policies: Shell=*Registry value not found*
HKLM\..\Policies: Shell=*Registry value not found*

--------------------------------------------------

Enumerating Browser Helper Objects:

(no name) - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll - {02478D38-C3F9-4EFB-9B51-7695ECA05670}
(no name) - C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll - {1E8A6170-7264-4D0F-BEAE-D42A53123C75}
(no name) - C:\PROGRA~1\SPYBOT~1\SDHelper.dll - {53707962-6F74-2D53-2644-206D7942484F}
(no name) - c:\program files\google\googletoolbar2.dll - {AA58ED58-01DD-4d91-8333-CF10577473F7}

--------------------------------------------------

Enumerating Task Scheduler jobs:

A49353C89198C80C.job
Norton Internet Security Online - Analyse système complète - HOYER.job
Uniblue SpeedUpMyPC Nag.job
Uniblue SpeedUpMyPC.job
Uniblue SpyEraser Nag.job
Uniblue SpyEraser.job

--------------------------------------------------

Enumerating Download Program Files:

[Office Genuine Advantage Validation Tool]
InProcServer32 = C:\WINDOWS\system32\OGACheckControl.DLL
CODEBASE = http://download.microsoft.com/download/e/7/3/e7345c16-80aa-4488-ae10-9ac6be844f99/OGAControl.cab

[Microsoft Genuine Advantage Self Support Tool]
InProcServer32 = C:\WINDOWS\system32\SelfHelpControl.DLL
CODEBASE = http://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab

[YInstStarter Class]
InProcServer32 = C:\PROGRA~1\Yahoo!\Common\yinsthelper.dll
CODEBASE = C:\Program Files\Yahoo!\Common\yinsthelper.dll

[TotalScan Installer Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\CONFLICT.1\ascstubie.dll
CODEBASE = https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan

[BDSCANONLINE Control]
InProcServer32 = C:\WINDOWS\DOWNLO~1\oscan8.ocx
CODEBASE = http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab

[MUWebControl Class]
InProcServer32 = C:\WINDOWS\system32\muweb.dll
CODEBASE = http://www.update.microsoft.com/...

[NanoInstaller Class]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\NanoInst.dll
CODEBASE = https://www.pandasecurity.com/en/homeusers/online-antivirus/?ref=activescan

[{87AF076E-D86D-4E87-ADDD-F05804E1F150}]
CODEBASE = http://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab

[MediaBar]
InProcServer32 = C:\WINDOWS\Downloaded Program Files\MusicManagerPlugin.ocx
CODEBASE = http://sib1.od2.com/common/musicmanager/installation/MusicManagerPlugin.CAB

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

PostBootReminder: C:\WINDOWS\system32\SHELL32.dll
CDBurn: C:\WINDOWS\system32\SHELL32.dll
WebCheck: C:\WINDOWS\system32\webcheck.dll
SysTray: C:\WINDOWS\system32\stobject.dll

--------------------------------------------------
End of report, 8,742 bytes
Report generated in 0.221 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of platform
/history - to list version history only
0
Réponse 29 / 53
marie450 Messages postés 79 Statut Membre 2
 
j ai un petit scan de fixareout j envois le rapport

Fixwareout Last edited 6/27/2007
Post this report in the forums please
...
»»»»»Prerun check

Cache de résolution DNS vidé.

System was rebooted successfully.

»»»»» Postrun check
HKLM\SOFTWARE\~\Winlogon\ "System"=""
....
....
»»»»» Misc files.
....
»»»»» Checking for older varients.
....
»»»»» Current runs (hklm hkcu "run" Keys Only)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
"WorksFUD"="\"C:\\Program Files\\Microsoft Works\\wkfud.exe\""
"Microsoft Works Portfolio"="\"C:\\Program Files\\Microsoft Works\\WksSb.exe\" /AllUsers"
"Microsoft Works Update Detection"="\"C:\\Program Files\\Microsoft Works\\WkDetect.exe\""
"BJCFD"="\"C:\\Program Files\\BroadJump\\Client Foundation\\CFD.exe\""
"StandardInstall"=""
"Omnipage"="\"C:\\Program Files\\ScanSoft\\OmniPageSE\\opware32.exe\""
"EoEngine"=""
"EoWeather"=""
"EoClock"=""
"EoComputer"=""
"EoRss"=""
"EoNet"=""
"EoSudoku"=""
"EoPhoto"=""
"Motive SmartBridge"="C:\\PROGRA~1\\LECOMP~1\\SMARTB~1\\MotiveSB.exe"
"osCheck"="\"C:\\Program Files\\Norton Internet Security\\osCheck.exe\""
"Symantec PIF AlertEng"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\PIFSvc.exe\" /a /m \"C:\\Program Files\\Fichiers communs\\Symantec Shared\\PIF\\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\\AlertEng.dll\""
"CARPService"="carpserv.exe"
"MsgCenterExe"="\"C:\\Program Files\\Fichiers communs\\Real\\Update_OB\\RealOneMessageCenter.exe\" -osboot"
"ccApp"="\"C:\\Program Files\\Fichiers communs\\Symantec Shared\\ccApp.exe\""
"Adobe Reader Speed Launcher"="\"C:\\Program Files\\Adobe\\Reader 8.0\\Reader\\Reader_sl.exe\""

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"Uniblue RegistryBooster2"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S"
"Uniblue RegistryBooster 2"="C:\\Program Files\\Uniblue\\RegistryBooster 2\\RegistryBooster.exe /S"
"swg"="C:\\Program Files\\Google\\GoogleToolbarNotifier\\1.2.1128.5462\\GoogleToolbarNotifier.exe"
"MsnMsgr"="\"C:\\Program Files\\MSN Messenger\\MsnMsgr.Exe\" /background"
"FIND AUDIO"="C:\\DOCUME~1\\HOYER\\APPLIC~1\\SITECA~1\\FIRST WMA.exe"
"eMuleAutoStart"="C:\\Program Files\\eMule\\emule.exe -AutoStart"
....
Hosts file was reset, If you use a custom hosts file please replace it
»»»»» End report »»»»»
0
Réponse 30 / 53
marie450 Messages postés 79 Statut Membre 2
 
SOS je vais pas que faire des scan !!!!j aimerai bien qu on me donne un anti virus j viens de scaner ad adware
et il detecter plein de chose en rouge trojan et adware tres dangereuxx peut me conseiller me les faire retirer car apparement norton ne fait pas son boulot !!!!
0
Réponse 31 / 53
marie450 Messages postés 79 Statut Membre 2
 
je viens de faire un scan de ad aware en voici le contenu mais je sais pas quoi faire pour les detruire
Ad-Aware SE Build 1.06r1
Logfile Created on:2007-07-05 10:20:54
Created with Ad-Aware SE Personal, free for private use.
Using definitions file:SE1R178 29.06.2007
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

References detected during the scan:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Tracking Cookie(TAC index:3):15 total references
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Ad-Aware SE Settings
===========================
Set : Search for negligible risk entries
Set : Safe mode (always request confirmation)
Set : Scan active processes
Set : Scan registry
Set : Deep-scan registry
Set : Scan my IE Favorites for banned URLs
Set : Scan my Hosts file

Extended Ad-Aware SE Settings
===========================
Set : Unload recognized processes & modules during scan
Set : Scan registry for all users instead of current user only
Set : Always try to unload modules before deletion
Set : During removal, unload Explorer and IE if necessary
Set : Let Windows remove files in use at next reboot
Set : Delete quarantined objects after restoring
Set : Include basic Ad-Aware settings in log file
Set : Include additional Ad-Aware settings in log file
Set : Include reference summary in log file
Set : Include alternate data stream details in log file
Set : Play sound at scan completion if scan locates critical objects

2007-07-05 10:20:54 - Scan started. (Full System Scan)

Listing running processes
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

#:1 [smss.exe]
FilePath : \SystemRoot\System32\
ProcessID : 888
ThreadCreationTime : 2007-07-05 08:04:35
BasePriority : Normal

#:2 [csrss.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 960
ThreadCreationTime : 2007-07-05 08:04:39
BasePriority : Normal

#:3 [winlogon.exe]
FilePath : \??\C:\WINDOWS\system32\
ProcessID : 1004
ThreadCreationTime : 2007-07-05 08:04:52
BasePriority : High

#:4 [services.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1052
ThreadCreationTime : 2007-07-05 08:04:55
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Applications Services et Contrôleur
InternalName : services.exe
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : services.exe

#:5 [lsass.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1064
ThreadCreationTime : 2007-07-05 08:04:56
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : LSA Shell (Export Version)
InternalName : lsass.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : lsass.exe

#:6 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1216
ThreadCreationTime : 2007-07-05 08:05:02
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:7 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1300
ThreadCreationTime : 2007-07-05 08:05:05
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:8 [svchost.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1352
ThreadCreationTime : 2007-07-05 08:05:06
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:9 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1484
ThreadCreationTime : 2007-07-05 08:05:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:10 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1584
ThreadCreationTime : 2007-07-05 08:05:09
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:11 [ccsvchst.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 1876
ThreadCreationTime : 2007-07-05 08:05:11
BasePriority : Normal
FileVersion : 106.2.0.21
ProductVersion : 106.2.0.21
ProductName : Symantec Security Technologies
CompanyName : Symantec Corporation
FileDescription : Symantec Service Framework
InternalName : ccSvcHst
LegalCopyright : Copyright (c) 2000-2006 Symantec Corporation. All rights reserved.
OriginalFilename : ccSvcHst.exe

#:12 [appsvc32.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\AppCore\
ProcessID : 180
ThreadCreationTime : 2007-07-05 08:05:15
BasePriority : Normal
FileVersion : 1.1.1.2
ProductVersion : 1.1
ProductName : Symantec Application Core
CompanyName : Symantec Corporation
FileDescription : Symantec Application Core Service
InternalName : AppSvc32
LegalCopyright : Copyright (c) 1997-2007 Symantec Corporation
OriginalFilename : AppSvc32.exe

#:13 [lexbces.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 556
ThreadCreationTime : 2007-07-05 08:05:17
BasePriority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LexBce Service
InternalName : LexBce Service
LegalCopyright : (C) 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LexBceS.exe

#:14 [spoolsv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 592
ThreadCreationTime : 2007-07-05 08:05:17
BasePriority : Normal
FileVersion : 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
ProductVersion : 5.1.2600.2696
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Spooler SubSystem App
InternalName : spoolsv.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : spoolsv.exe

#:15 [lexpps.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 648
ThreadCreationTime : 2007-07-05 08:05:17
BasePriority : Normal
FileVersion : 7.4
ProductVersion : 7.4
ProductName : MarkVision for Windows (32 bit)
CompanyName : Lexmark International, Inc.
FileDescription : LEXPPS.EXE
InternalName : LEXPPS
LegalCopyright : (C) 1993 - 2002 Lexmark International, Inc.
OriginalFilename : LEXPPS.EXE
Comments : MarkVision for Windows '95 New P2P Server (32-bit)

#:16 [btntservice.exe]
FilePath : C:\Program Files\IVT Corporation\BlueSoleil\
ProcessID : 952
ThreadCreationTime : 2007-07-05 08:05:24
BasePriority : Normal

#:17 [cdac11ba.exe]
FilePath : C:\WINDOWS\system32\drivers\
ProcessID : 1156
ThreadCreationTime : 2007-07-05 08:05:24
BasePriority : Normal
FileVersion : 4.20.0
ProductVersion : 4.20.0 Windows NT 2002/07/15
ProductName : SafeCast Windows NT
CompanyName : Macrovision
FileDescription : Macrovision RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright (c) 1998-2002 Macrovision Corp.
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:18 [cdantsrv.exe]
FilePath : C:\WINDOWS\system32\DRIVERS\
ProcessID : 1524
ThreadCreationTime : 2007-07-05 08:05:25
BasePriority : Normal
FileVersion : 3.24.010
ProductVersion : 3.24.010 Windows NT 2001/10/10
ProductName : CD-Secure/CD-Compress Windows NT
CompanyName : C-Dilla Ltd
FileDescription : C-Dilla RTS Service
InternalName : CDANTSRV
LegalCopyright : Copyright (c) Macrovision 1993-2001
OriginalFilename : CDANTSRV.EXE
Comments : StringFileInfo: U.S. English

#:19 [ccsvchst.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 1548
ThreadCreationTime : 2007-07-05 08:05:25
BasePriority : Normal
FileVersion : 106.2.0.21
ProductVersion : 106.2.0.21
ProductName : Symantec Security Technologies
CompanyName : Symantec Corporation
FileDescription : Symantec Service Framework
InternalName : ccSvcHst
LegalCopyright : Copyright (c) 2000-2006 Symantec Corporation. All rights reserved.
OriginalFilename : ccSvcHst.exe

#:20 [aluschedulersvc.exe]
FilePath : C:\Program Files\Symantec\LiveUpdate\
ProcessID : 1716
ThreadCreationTime : 2007-07-05 08:05:26
BasePriority : Normal
FileVersion : 3.2.0.41
ProductVersion : 3.2.0.41
ProductName : LiveUpdate
CompanyName : Symantec Corporation
FileDescription : Automatic LiveUpdate Scheduler Service
InternalName : Automatic LiveUpdate Scheduler Service
LegalCopyright : Copyright © 1996-2007 Symantec Corporation
OriginalFilename : ALUSchedulerSvc.exe

#:21 [svchost.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 1944
ThreadCreationTime : 2007-07-05 08:05:28
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Generic Host Process for Win32 Services
InternalName : svchost.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : svchost.exe

#:22 [explorer.exe]
FilePath : C:\WINDOWS\
ProcessID : 908
ThreadCreationTime : 2007-07-05 08:05:33
BasePriority : Normal
FileVersion : 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 6.00.2900.2180
ProductName : Système d'exploitation Microsoft® Windows®
CompanyName : Microsoft Corporation
FileDescription : Explorateur Windows
InternalName : explorer
LegalCopyright : © Microsoft Corporation. Tous droits réservés.
OriginalFilename : EXPLORER.EXE

#:23 [wkssb.exe]
FilePath : C:\Program Files\Microsoft Works\
ProcessID : 128
ThreadCreationTime : 2007-07-05 08:05:35
BasePriority : Normal
FileVersion : 6.00.1911.0
ProductVersion : 6.00.1911.0
ProductName : Microsoft® Works 6.0
CompanyName : Microsoft® Corporation
FileDescription : Microsoft® Works PortFolio
InternalName : WKSPF
LegalCopyright : Copyright © Microsoft Corporation 1987-2000. All rights reserved.
OriginalFilename : WksSb.exe

#:24 [cfd.exe]
FilePath : C:\Program Files\BroadJump\Client Foundation\
ProcessID : 376
ThreadCreationTime : 2007-07-05 08:05:35
BasePriority : Normal

#:25 [opware32.exe]
FilePath : C:\Program Files\ScanSoft\OmniPageSE\
ProcessID : 408
ThreadCreationTime : 2007-07-05 08:05:35
BasePriority : Normal
FileVersion : 11.0
ProductVersion : 11.0
ProductName : OmniPage SE
CompanyName : ScanSoft, Inc
FileDescription : OCR Aware (32-bit)
InternalName : Opware32.exe
LegalCopyright : Copyright © 1995-2000 ScanSoft, Inc
OriginalFilename : Opware32.exe

#:26 [motivesb.exe]
FilePath : C:\PROGRA~1\LECOMP~1\SMARTB~1\
ProcessID : 328
ThreadCreationTime : 2007-07-05 08:05:35
BasePriority : Normal
FileVersion : 5.8.18.asst_classic.smartbridge.20050824_144000
ProductVersion : 5.8.18.asst_classic.smartbridge
ProductName : Motive System
CompanyName : Motive Communications, Inc.
FileDescription : Motive SmartBridge
InternalName : version
LegalCopyright : Copyright 1998-2003
OriginalFilename : version

#:27 [carpserv.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 716
ThreadCreationTime : 2007-07-05 08:05:35
BasePriority : Normal
FileVersion : 6.02.05
ProductVersion : 6.02.05
ProductName : SoftK56 Modem Driver
CompanyName : Conexant Systems, Inc.
FileDescription : carpserv
InternalName : carpserv
LegalCopyright : Copyright© Conexant Systems, Inc. 2003
OriginalFilename : carpserv.exe

#:28 [ccapp.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\
ProcessID : 1520
ThreadCreationTime : 2007-07-05 08:05:35
BasePriority : Normal
FileVersion : 106.2.0.21
ProductVersion : 106.2.0.21
ProductName : Symantec Security Technologies
CompanyName : Symantec Corporation
FileDescription : Symantec User Session
InternalName : ccApp
LegalCopyright : Copyright (c) 2000-2006 Symantec Corporation. All rights reserved.
OriginalFilename : ccApp.exe

#:29 [apdproxy.exe]
FilePath : C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\
ProcessID : 2612
ThreadCreationTime : 2007-07-05 08:05:52
BasePriority : Normal

#:30 [ctfmon.exe]
FilePath : C:\WINDOWS\system32\
ProcessID : 2624
ThreadCreationTime : 2007-07-05 08:05:52
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : CTF Loader
InternalName : CTFMON
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : CTFMON.EXE

#:31 [googletoolbarnotifier.exe]
FilePath : C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\
ProcessID : 2636
ThreadCreationTime : 2007-07-05 08:05:53
BasePriority : Normal
FileVersion : 1, 2, 1128, 5462
ProductVersion : 1, 2, 1128, 5462
ProductName : GoogleToolbarNotifier
CompanyName : Google Inc.
FileDescription : GoogleToolbarNotifier
LegalCopyright : Copyright © 2005-2006
OriginalFilename : GoogleToolbarNotifier.exe

#:32 [msnmsgr.exe]
FilePath : C:\Program Files\MSN Messenger\
ProcessID : 2696
ThreadCreationTime : 2007-07-05 08:05:54
BasePriority : Normal
FileVersion : 8.1.0178.00
ProductVersion : 8.1.0178
ProductName : Messenger
CompanyName : Microsoft Corporation
FileDescription : Messenger
InternalName : msnmsgr.exe
LegalCopyright : Copyright (c) Microsoft Corporation. All rights reserved.
OriginalFilename : msnmsgr.exe

#:33 [bluesoleil.exe]
FilePath : C:\Program Files\IVT Corporation\BlueSoleil\
ProcessID : 3476
ThreadCreationTime : 2007-07-05 08:06:13
BasePriority : Normal
FileVersion : 1, 6, 1, 4
ProductVersion : 1, 6, 1, 4
ProductName : BlueSoleil
CompanyName : IVT Corporation
FileDescription : Bluetooth Application
InternalName : BlueSoleil
LegalCopyright : Copyright (C) 2000-2004
LegalTrademarks : BlueSoleil
OriginalFilename : BlueSol.exe

#:34 [alg.exe]
FilePath : C:\WINDOWS\System32\
ProcessID : 1964
ThreadCreationTime : 2007-07-05 08:06:30
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : Application Layer Gateway Service
InternalName : ALG.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : ALG.exe

#:35 [lanceur.exe]
FilePath : C:\Program Files\Club-Internet\Lanceur\
ProcessID : 2796
ThreadCreationTime : 2007-07-05 08:06:46
BasePriority : Normal
FileVersion : 6, 0, 0, 9
ProductVersion : 6, 0, 0, 9
ProductName : Lanceur V6.0.0.9
CompanyName : T-ONLINE France
FileDescription : Lanceur V6.0.0.9
InternalName : Lanceur V6.0.0.9
LegalCopyright : Copyright (C) T-Online France 2002 - 2005
OriginalFilename : lanceur.exe

#:36 [mpbtn.exe]
FilePath : C:\Program Files\LE COMPAGNON CLUB\bin\
ProcessID : 3092
ThreadCreationTime : 2007-07-05 08:07:52
BasePriority : Normal

#:37 [symlcsvc.exe]
FilePath : C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\
ProcessID : 2360
ThreadCreationTime : 2007-07-05 08:11:23
BasePriority : Normal
FileVersion : 1.9.1.1088
ProductVersion : 1.9.1.1088
ProductName : Symantec Core Component
CompanyName : Symantec Corporation
FileDescription : Symantec Core Component
InternalName : symlcsvc
LegalCopyright : Copyright (C) 2003
OriginalFilename : symlcsvc.exe

#:38 [iexplore.exe]
FilePath : C:\Program Files\Internet Explorer\
ProcessID : 2268
ThreadCreationTime : 2007-07-05 08:13:19
BasePriority : Normal
FileVersion : 7.00.6000.16473 (vista_gdr.070420-1500)
ProductVersion : 7.00.6000.16473
ProductName : Windows® Internet Explorer
CompanyName : Microsoft Corporation
FileDescription : Internet Explorer
InternalName : iexplore
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : IEXPLORE.EXE

#:39 [wmiprvse.exe]
FilePath : C:\WINDOWS\system32\wbem\
ProcessID : 2452
ThreadCreationTime : 2007-07-05 08:14:40
BasePriority : Normal
FileVersion : 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
ProductVersion : 5.1.2600.2180
ProductName : Microsoft® Windows® Operating System
CompanyName : Microsoft Corporation
FileDescription : WMI
InternalName : Wmiprvse.exe
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : Wmiprvse.exe

#:40 [ad-aware.exe]
FilePath : C:\PROGRA~1\Lavasoft\AD-AWA~1\
ProcessID : 3732
ThreadCreationTime : 2007-07-05 08:20:21
BasePriority : Normal
FileVersion : 6.2.0.236
ProductVersion : SE 106
ProductName : Lavasoft Ad-Aware SE
CompanyName : Lavasoft Sweden
FileDescription : Ad-Aware SE Core application
InternalName : Ad-Aware.exe
LegalCopyright : Copyright © Lavasoft AB Sweden
OriginalFilename : Ad-Aware.exe
Comments : All Rights Reserved

#:41 [hh.exe]
FilePath : C:\WINDOWS\
ProcessID : 3652
ThreadCreationTime : 2007-07-05 08:20:22
BasePriority : Normal
FileVersion : 5.2.3790.2453 (srv03_sp1_gdr.050525-1542)
ProductVersion : 5.2.3790.2453
ProductName : HTML Help
CompanyName : Microsoft Corporation
FileDescription : Microsoft® HTML Help Executable
InternalName : HH 1.41
LegalCopyright : © Microsoft Corporation. All rights reserved.
OriginalFilename : HH.exe

Memory scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Registry Scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started deep registry scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Deep registry scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 0

Started Tracking Cookie scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hoyer@bs.serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:hoyer@bs.serving-sys.com/
Expires : 2038-01-01
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hoyer@adserver.toptenreviews[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:hoyer@adserver.toptenreviews.com/
Expires : 2008-07-03 21:36:42
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hoyer@serving-sys[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:10
Value : Cookie:hoyer@serving-sys.com/
Expires : 2038-01-01
LastSync : Hits:10
UseCount : 0
Hits : 10

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hoyer@server.iad.liveperson[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:4
Value : Cookie:hoyer@server.iad.liveperson.net/
Expires : 2008-07-03 20:47:24
LastSync : Hits:4
UseCount : 0
Hits : 4

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hoyer@www.cibleclick[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:hoyer@www.cibleclick.com/
Expires : 2037-09-27 02:00:00
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hoyer@2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:9
Value : Cookie:hoyer@2o7.net/
Expires : 2012-07-02 21:51:28
LastSync : Hits:9
UseCount : 0
Hits : 9

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hoyer@amznshopbop.122.2o7[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:hoyer@amznshopbop.122.2o7.net/
Expires : 2012-07-01 14:51:40
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hoyer@tribalfusion[1].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:1
Value : Cookie:hoyer@tribalfusion.com/
Expires : 2008-07-03 20:38:06
LastSync : Hits:1
UseCount : 0
Hits : 1

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hoyer@server.iad.liveperson[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:hoyer@server.iad.liveperson.net/hc/90594700
Expires : 2008-07-03 20:47:32
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hoyer@estat[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:118
Value : Cookie:hoyer@estat.com/
Expires : 2017-06-28 19:20:48
LastSync : Hits:118
UseCount : 0
Hits : 118

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hoyer@weborama[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:13
Value : Cookie:hoyer@weborama.fr/
Expires : 2007-12-29 02:03:16
LastSync : Hits:13
UseCount : 0
Hits : 13

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hoyer@questionmarket[2].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:2
Value : Cookie:hoyer@questionmarket.com/
Expires : 2008-08-24 12:02:02
LastSync : Hits:2
UseCount : 0
Hits : 2

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hoyer@www.smartadserver[3].txt
TAC Rating : 3
Category : Data Miner
Comment : Hits:487
Value : Cookie:hoyer@www.smartadserver.com/
Expires : 2027-06-30 10:17:30
LastSync : Hits:487
UseCount : 0
Hits : 487

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hoyer@estat[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\HOYER\Cookies\hoyer@estat[1].txt

Tracking Cookie Object Recognized!
Type : IECache Entry
Data : hoyer@www.smartadserver[1].txt
TAC Rating : 3
Category : Data Miner
Comment :
Value : C:\Documents and Settings\HOYER\Cookies\hoyer@www.smartadserver[1].txt

Tracking cookie scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 15
Objects found so far: 15

Deep scanning and examining files (C:)
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Disk Scan Result for C:\
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

Scanning Hosts file......
Hosts file location:"C:\WINDOWS\system32\drivers\etc\hosts".
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Hosts file scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
1 entries scanned.
New critical objects:0
Objects found so far: 15

Performing conditional scans...
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»

Conditional scan result:
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
New critical objects: 0
Objects found so far: 15

10:39:10 Scan Complete

Summary Of This Scan
»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»»
Total scanning time:00:18:15.896
Objects scanned:137585
Objects identified:15
Objects ignored:0
New critical objects:15
0
Réponse 32 / 53
marie450 Messages postés 79 Statut Membre 2
 
METTRE EN QUARANTINE NE RESOLU PAS LA DETRUITION DE MAS BEBETTE!!!! malgres tout le netoyage que j ai fait hier il sont toujours la j ai fait un scan de trojan remover
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.5.9, Build 2457. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 2007-07-05 11:39:43
Using Database v6759
Operating System: Windows XP Home Edition Service Pack 2 (Build 2600)
Using data directory: C:\Documents and Settings\HOYER\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\HOYER\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges

**************************************************
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

******************************
11:39:43: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

******************************
11:39:43: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

******************************
11:39:43: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

******************************
11:39:43: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = WorksFUD
Value Data = C:\Program Files\Microsoft Works\wkfud.exe - this command has been left in place
--------------------
Value Name = Microsoft Works Portfolio
Value Data = C:\Program Files\Microsoft Works\WksSb.exe" /AllUsers - this command has been left in place
--------------------
Value Name = Microsoft Works Update Detection
Value Data = C:\Program Files\Microsoft Works\WkDetect.exe - this command has been left in place
--------------------
Value Name = BJCFD
Value Data = C:\Program Files\BroadJump\Client Foundation\CFD.exe - this command has been left in place
--------------------
Value Name = StandardInstall
The Value Data for this entry appears to be blank
--------------------
Value Name = Omnipage
Value Data = C:\Program Files\ScanSoft\OmniPageSE\opware32.exe - this command has been left in place
--------------------
Value Name = EoEngine
The Value Data for this entry appears to be blank
--------------------
Value Name = EoWeather
The Value Data for this entry appears to be blank
--------------------
Value Name = EoClock
The Value Data for this entry appears to be blank
--------------------
Value Name = EoComputer
The Value Data for this entry appears to be blank
--------------------
Value Name = EoRss
The Value Data for this entry appears to be blank
--------------------
Value Name = EoNet
The Value Data for this entry appears to be blank
--------------------
Value Name = EoSudoku
The Value Data for this entry appears to be blank
--------------------
Value Name = EoPhoto
The Value Data for this entry appears to be blank
--------------------
Value Name = Motive SmartBridge
Value Data = C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe - this command has been left in place
--------------------
Value Name = osCheck
Value Data = C:\Program Files\Norton Internet Security\osCheck.exe - this command has been left in place
--------------------
Value Name = Symantec PIF AlertEng
Value Data = C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll - this command has been left in place
--------------------
Value Name = CARPService
Value Data = carpserv.exe - this command has been left in place
--------------------
Value Name = MsgCenterExe
Value Data = C:\Program Files\Fichiers communs\Real\Update_OB\RealOneMessageCenter.exe" -osboot - this command has been left in place [file not found to scan]
--------------------
Value Name = ccApp
Value Data = C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe - this command has been left in place
--------------------
Value Name = Adobe Reader Speed Launcher
Value Data = C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe - this command has been left in place
--------------------
Value Name = Adobe Photo Downloader
Value Data = C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = ctfmon.exe
Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
--------------------
Value Name = Uniblue RegistryBooster2
Value Data = C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S - this command has been left in place [file not found to scan]
--------------------
Value Name = Uniblue RegistryBooster 2
Value Data = C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S - this command has been left in place [file not found to scan]
--------------------
Value Name = swg
Value Data = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe - this command has been left in place
--------------------
Value Name = MsnMsgr
Value Data = C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background - this command has been left in place
--------------------
Value Name = FIND AUDIO
Value Data = C:\DOCUME~1\HOYER\APPLIC~1\SITECA~1\FIRST WMA.exe - this command has been left in place [file not found to scan]
--------------------
Value Name = eMuleAutoStart
Value Data = C:\Program Files\eMule\emule.exe -AutoStart - this command has been left in place [file not found to scan]
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

******************************
11:39:45: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

******************************
11:39:45: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Registry Run Keys Hidden Entries found
----------

******************************
11:39:46: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

******************************
11:39:46: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
StubPath=C:\WINDOWS\system32\ieudinit.exe - this reference has been left in place
----------
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------

******************************
11:39:47: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this file is globally excluded (file cannot be found)
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this file is globally excluded (file cannot be found)
--------------------
Key=HTTPFilter
ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
--------------------
Key=Irmon
ServiceDLL=%SystemRoot%\System32\irmon.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\System32\rpcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\system32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\system32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSN
ServiceDLL=C:\WINDOWS\system32\MsPMSNSv.dll - this reference has been left in place
--------------------
Key=wscsvc
ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\WINDOWS\system32\wuauserv.dll - this reference has been left in place
--------------------
Key=WudfSvc
ServiceDLL=%SystemRoot%\System32\WUDFSvc.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
--------------------
Key=xmlprov
ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place

******************************
11:39:52: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=ACPI
ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=ACPIEC
ImagePath=system32\DRIVERS\ACPIEC.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=ALCXWDM
ImagePath=system32\drivers\ALCXWDM.SYS - this reference has been left in place [file not found to scan]
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=aliadwdm
ImagePath=system32\drivers\ac97ali.sys - this reference has been left in place
----------
Key=AliIde
ImagePath=system32\DRIVERS\aliide.sys - this reference has been left in place
----------
Key=ALiIRDA
ImagePath=system32\DRIVERS\alifir.sys - this reference has been left in place
----------
Key=Arp1394
ImagePath=system32\DRIVERS\arp1394.sys - this reference has been left in place
----------
Key=aspnet_state
ImagePath=%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - this reference has been left in place
----------
Key=AsyncMac
ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=ati2mtag
ImagePath=system32\DRIVERS\ati2mtag.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=BCM43XX
ImagePath=system32\DRIVERS\bcmwl5.sys - this reference has been left in place
----------
Key=BlueletAudio
ImagePath=system32\DRIVERS\blueletaudio.sys - this reference has been left in place
----------
Key=BlueSoleil Hid Service
ImagePath=C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe - this reference has been left in place
----------
Key=Boonty Games
ImagePath="C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe" - this reference has been left in place
----------
Key=BT
ImagePath=system32\DRIVERS\btnetdrv.sys - this reference has been left in place
----------
Key=Btcsrusb
ImagePath=System32\Drivers\btcusb.sys - this reference has been left in place
----------
Key=BTHidEnum
ImagePath=system32\DRIVERS\vbtenum.sys - this reference has been left in place
----------
Key=BTHidMgr
ImagePath=System32\Drivers\BTHidMgr.sys - this reference has been left in place
----------
Key=BTNetFilter
ImagePath=\??\C:\WINDOWS\system32\drivers\BTNetFilter.sys - this reference has been left in place
----------
Key=C-Dilla
ImagePath=\??\C:\WINDOWS\system32\drivers\CDANT.SYS - this reference has been left in place
----------
Key=C-DillaCdaC11BA
ImagePath=C:\WINDOWS\system32\drivers\CDAC11BA.EXE - this reference has been left in place
----------
Key=C-DillaSrv
ImagePath=C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE - this reference has been left in place
----------
Key=CALIAUD
ImagePath=system32\drivers\caliaud.sys - this reference has been left in place
----------
Key=CALIHALA
ImagePath=system32\drivers\calihal.sys - this reference has been left in place
----------
Key=ccEvtMgr
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon - this reference has been left in place
----------
Key=ccSetMgr
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon - this reference has been left in place
----------
Key=CdaC15BA
ImagePath=\??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS - this reference has been left in place
----------
Key=Cdrom
ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=CiSvc
ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=clr_optimization_v2.0.50727_32
ImagePath=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - this reference has been left in place
----------
Key=CLTNetCnService
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h cltCommon - this reference has been left in place
----------
Key=CmBatt
ImagePath=system32\DRIVERS\CmBatt.sys - this reference has been left in place
----------
Key=comHost
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe" - this reference has been left in place
----------
Key=Compbatt
ImagePath=system32\DRIVERS\compbatt.sys - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=Disk
ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=DP83815
ImagePath=system32\DRIVERS\DP83815.SYS - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=eeCtrl
ImagePath=\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys - this reference has been left in place
----------
Key=EraserUtilRebootDrv
ImagePath=\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=FA312
ImagePath=system32\DRIVERS\FA312nd5.sys - this reference has been left in place
----------
Key=Fdc
ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=Flpydisk
ImagePath=system32\DRIVERS\flpydisk.sys - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place
----------
Key=FontCache3.0.0.0
ImagePath=c:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe - this reference has been left in place
----------
Key=Ftdisk
ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=Gpc
ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=gusvc
ImagePath="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
----------
Key=HidUsb
ImagePath=system32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=HSFHWALI
ImagePath=system32\DRIVERS\HSFHWALI.sys - this reference has been left in place
----------
Key=HSF_DP
ImagePath=system32\DRIVERS\HSF_DP.sys - this reference has been left in place
----------
Key=HTTP
ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=IDriverT
ImagePath="C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" - this reference has been left in place
----------
Key=idsvc
ImagePath="C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" - this reference has been left in place
----------
Key=Imapi
ImagePath=system32\drivers\Imapi.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\system32\Imapi.exe - this reference has been left in place
----------
Key=intelppm
ImagePath=system32\DRIVERS\intelppm.sys - this reference has been left in place
----------
Key=Ip6Fw
ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=iPod Service
ImagePath="C:\Program Files\iPod\bin\iPodService.exe" - this reference has been left in place [file not found to scan]
----------
Key=IPSec
ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=irda
ImagePath=system32\DRIVERS\irda.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=ISPwdSvc
ImagePath="C:\Program Files\Norton Internet Security\isPwdSvc.exe" - this reference has been left in place
----------
Key=Kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=LexBceS
ImagePath=C:\WINDOWS\system32\LEXBCES.EXE - this reference has been left in place
----------
Key=LiveUpdate
ImagePath="C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" - this reference has been left in place
----------
Key=LiveUpdate Notice Ex
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon - this reference has been left in place
----------
Key=LiveUpdate Notice Service
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" - this reference has been left in place
----------
Key=mdmxsdk
ImagePath=system32\DRIVERS\mdmxsdk.sys - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place
----------
Key=MODEMCSA
ImagePath=system32\drivers\MODEMCSA.sys - this reference has been left in place
----------
Key=Mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=system32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=MRENDIS5
ImagePath=\??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS - this reference has been left in place
----------
Key=MRxDAV
ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=Mtlmnt5
ImagePath=system32\DRIVERS\SLDRV\Mtlmnt5.sys - this reference has been left in place
----------
Key=Mtlstrm
ImagePath=system32\DRIVERS\SLDRV\Mtlstrm.sys - this reference has been left in place
----------
Key=NAVENG
ImagePath=\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20070704.024\NAVENG.SYS - this reference has been left in place
----------
Key=NAVEX15
ImagePath=\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20070704.024\NAVEX15.SYS - this reference has been left in place
----------
Key=NdisTapi
ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=system32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NIC1394
ImagePath=system32\DRIVERS\nic1394.sys - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=system32\DRIVERS\nwlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=system32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
----------
Key=ohci1394
ImagePath=system32\DRIVERS\ohci1394.sys - this reference has been left in place
----------
Key=Parport
ImagePath=system32\DRIVERS\parport.sys - this reference has been left in place
----------
Key=PCI
ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=Pcmcia
ImagePath=system32\DRIVERS\pcmcia.sys - this reference has been left in place
----------
Key=pfsvgae
ImagePath=\??\C:\DOCUME~1\HOYER\LOCALS~1\Temp\pfsvgae.sys - this reference has been left in place [file not found to scan]
----------
Key=Planificateur LiveUpdate automatique
ImagePath="C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=system32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasirda
ImagePath=system32\DRIVERS\rasirda.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=system32\DRIVERS\raspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=RecAgent
ImagePath=system32\DRIVERS\SLDRV\RecAgent.sys - this reference has been left in place
----------
Key=redbook
ImagePath=system32\DRIVERS\redbook.sys - this reference has been left in place
----------
Key=ROOTMODEM
ImagePath=System32\Drivers\RootMdm.sys - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\system32\rsvp.exe - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=Secdrv
ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=Serenum
ImagePath=system32\DRIVERS\serenum.sys - this reference has been left in place
----------
Key=Slntamr
ImagePath=system32\DRIVERS\SLDRV\slntamr.sys - this reference has been left in place
----------
Key=SlNtHal
ImagePath=system32\DRIVERS\SLDRV\Slnthal.sys - this reference has been left in place
----------
Key=SlWdmSup
ImagePath=system32\DRIVERS\SLDRV\SlWdmSup.sys - this reference has been left in place
----------
Key=SPBBCDrv
ImagePath=\??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=sr
ImagePath=system32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=SRTSP
ImagePath=System32\Drivers\SRTSP.SYS - this reference has been left in place
----------
Key=SRTSPL
ImagePath=System32\Drivers\SRTSPL.SYS - this reference has been left in place
----------
Key=SRTSPX
ImagePath=System32\Drivers\SRTSPX.SYS - this reference has been left in place
----------
Key=Srv
ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=StillCam
ImagePath=system32\DRIVERS\serscan.sys - this reference has been left in place
----------
Key=StreamDispatcher
ImagePath=system32\DRIVERS\strmdisp.sys - this reference has been left in place
----------
Key=swenum
ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{CF219B23-B2A0-4A65-99D1-E3D3E8072E98} - this reference has been left in place
----------
Key=Symantec Core LC
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe" - this reference has been left in place
----------
Key=SymAppCore
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe" - this reference has been left in place
----------
Key=SYMDNS
ImagePath=\SystemRoot\System32\Drivers\SYMDNS.SYS - this reference has been left in place
----------
Key=SymEvent
ImagePath=\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - this reference has been left in place
----------
Key=SYMFW
ImagePath=\SystemRoot\System32\Drivers\SYMFW.SYS - this reference has been left in place
----------
Key=SYMIDS
ImagePath=\SystemRoot\System32\Drivers\SYMIDS.SYS - this reference has been left in place
----------
Key=SYMIDSCO
ImagePath=\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20070628.003\SymIDSCo.sys - this reference has been left in place
----------
Key=SYMNDIS
ImagePath=\SystemRoot\System32\Drivers\SYMNDIS.SYS - this reference has been left in place
----------
Key=SYMREDRV
ImagePath=\SystemRoot\System32\Drivers\SYMREDRV.SYS - this reference has been left in place
----------
Key=SYMTDI
ImagePath=\SystemRoot\System32\Drivers\SYMTDI.SYS - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=Tcpip
ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=Update
ImagePath=system32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbccgp
ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbehci
ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbscan
ImagePath=system32\DRIVERS\usbscan.sys - this reference has been left in place
----------
Key=usbser
ImagePath=system32\DRIVERS\usbser.sys - this reference has been left in place
----------
Key=usbsermpt
ImagePath=system32\DRIVERS\usbsermpt.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usbuhci
ImagePath=system32\DRIVERS\usbuhci.sys - this reference has been left in place
----------
Key=usnjsvc
ImagePath="C:\Program Files\MSN Messenger\usnsvc.exe" - this reference has been left in place
----------
Key=VComm
ImagePath=system32\DRIVERS\VComm.sys - this reference has been left in place
----------
Key=VcommMgr
ImagePath=System32\Drivers\VcommMgr.sys - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=w200bus
ImagePath=system32\DRIVERS\w200bus.sys - this reference has been left in place
----------
Key=w200mdfl
ImagePath=system32\DRIVERS\w200mdfl.sys - this reference has been left in place
----------
Key=w200mdm
ImagePath=system32\DRIVERS\w200mdm.sys - this reference has been left in place
----------
Key=w200mgmt
ImagePath=system32\DRIVERS\w200mgmt.sys - this reference has been left in place
----------
Key=w200obex
ImagePath=system32\DRIVERS\w200obex.sys - this reference has been left in place
----------
Key=Wanarp
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=winachsf
ImagePath=system32\DRIVERS\HSF_CNXT.sys - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place
----------
Key=WMPNetworkSvc
ImagePath="C:\Program Files\Windows Media Player\WMPNetwk.exe" - this reference has been left in place
----------
Key=WS2IFSL
ImagePath=\SystemRoot\System32\drivers\ws2ifsl.sys - this reference has been left in place
----------
Key=WudfPf
ImagePath=system32\DRIVERS\WudfPf.sys - this reference has been left in place
----------
Key=WudfRd
ImagePath=system32\DRIVERS\wudfrd.sys - this reference has been left in place
----------

******************************
11:40:24: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
VxD Key = JAVASUP
Vxd = JAVASUP.VXD - this command has been left in place
---------
Checking VMM32 VxD files being loaded

******************************
11:40:24: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=WgaLogon
DLLName=WgaLogon.dll - this reference has been left in place
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------

******************************
11:40:25: Scanning ----- CONTEXTMENUHANDLERS -----
Key = Eraseex
CLSID = {ECDF2E20-C829-11D1-8233-0030AF3E97A8}
C:\Program Files\Clean Disk Security\eraseex.dll - this ContextMenuHandler has been left in place
----------
Key = Fichiers hors connexion
CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
%SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Symantec.Norton.Antivirus.IEContextMenu
CLSID = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------

******************************
11:40:26: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
----------

******************************
11:40:26: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {02478D38-C3F9-4EFB-9B51-7695ECA05670}
C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll - this Browser Helper Object has been left in place
----------
Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place
----------
Key = {1E8A6170-7264-4D0F-BEAE-D42A53123C75}
C:\Program Files\Fichiers communs\Symantec Shared\coShared\Browser\1.5\NppBho.dll - this Browser Helper Object has been left in place
----------
Key = {53707962-6F74-2D53-2644-206D7942484F}
C:\PROGRA~1\SPYBOT~1\SDHelper.dll - this Browser Helper Object has been left in place
----------
Key = {AA58ED58-01DD-4d91-8333-CF10577473F7}
c:\program files\google\googletoolbar2.dll - this Browser Helper Object has been left in place
----------

******************************
11:40:26: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
C:\WINDOWS\system32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place
----------

******************************
11:40:26: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment = Pré-chargeur Browseui
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------
Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment = Démon de cache des catégories de composant
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------

******************************
11:40:27: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

******************************
11:40:27: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

******************************
11:40:27: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
BlueSoleil.lnk - this links to C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe and has been left in place
--------------------
desktop.ini - this file is expected and has been left in place
--------------------
LE COMPAGNON CLUB.lnk - this links to C:\Program Files\LE COMPAGNON CLUB\bin\matcli.exe and has been left in place
--------------------

******************************
No User Startup Groups were located to check

******************************
11:40:27: Scanning ----- SCHEDULED TASKS -----

******************************
11:40:27: ----- EXTRA CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------

******************************
11:40:27: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\altavista.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\bdcore.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\bdupd.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\catalog.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
C:\WINDOWS\Downloaded Program Files\ecbootil.vxd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\erma.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\gp.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ipsupd.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\lang.ini - this file has been left in place
C:\WINDOWS\Downloaded Program Files\LibComm.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\libfn.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\live.ini - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MusicManager.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MusicManagerInstaller.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MusicManagerLib.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MusicManagerPlaylist.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MusicManagerPlugin.ocx - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MusicManagerUnInstaller.exe - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MusicManagerUnInstaller.od2 - this file has been left in place
C:\WINDOWS\Downloaded Program Files\muweb.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\NanoInst.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\nanoinst.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\navapi.vxd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\navapi32.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\naveng32.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\navex32a.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\OD2hpb.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\OGAControl.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\oscan8.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\oscan8.ocx - this file has been left in place
C:\WINDOWS\Downloaded Program Files\oscan81.ocx_x - this file has been left in place
C:\WINDOWS\Downloaded Program Files\PSComm.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\PSNAdbrk.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\scanoptions.tsi - this file has been left in place
C:\WINDOWS\Downloaded Program Files\scrauth.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Selfhelpcontrol.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\setup.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\symaveng.cat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\symaveng.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tcdefs.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tcscan7.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tcscan8.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tcscan9.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tinf.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tinfidx.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tinfl.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tscan1.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tscan1hd.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\v.grd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\v.sig - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan1.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan2.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan3.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan4.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan5.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan6.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan7.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan8.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan9.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscant.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\zdone.dat - this file has been left in place

******************************
11:40:38: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
--------------------
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
--------------------
C:\WINDOWS\system32\LEXBCES.EXE
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\system32\LEXPPS.EXE
--------------------
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
--------------------
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
--------------------
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
--------------------
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
--------------------
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\Program Files\Microsoft Works\WksSb.exe
--------------------
C:\Program Files\BroadJump\Client Foundation\CFD.exe
--------------------
C:\Program Files\ScanSoft\OmniPageSE\opware32.exe
--------------------
C:\PROGRA~1\LECOMP~1\SMARTB~1\MotiveSB.exe
--------------------
C:\WINDOWS\system32\carpserv.exe
--------------------
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
--------------------
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
--------------------
C:\Program Files\MSN Messenger\MsnMsgr.Exe
--------------------
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\Program Files\Club-Internet\Lanceur\lanceur.exe
--------------------
C:\Program Files\LE COMPAGNON CLUB\bin\mpbtn.exe
--------------------
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\WINDOWS\NOTEPAD.EXE
--------------------
C:\Documents and Settings\HOYER\Application Data\Simply Super Software\Trojan Remover\itk2A.exe
FileSize: 1,782,336
[This is a Trojan Remover component]
--------------------

******************************
11:40:43: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

******************************
11:40:44: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

******************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://actus.sfr.fr
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

******************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 2007-07-05 11:40:44
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.5.9, Build 2457. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 2007-07-05 11:36:14
Using Database v6759
Operating System: Windows XP Home Edition Service Pack 2 (Build 2600)
Using data directory: C:\Documents and Settings\HOYER\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\HOYER\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges

**************************************************
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

******************************
11:36:14: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

******************************
11:36:14: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

******************************
11:36:14: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services w
0
Réponse 33 / 53
Impatient?
 
Il faut revérifier les protections en plus de désinfecter, des conseils là:
securite outils pour securiser windows xp et autres

Emule est connu pour télécharger de mauvaises choses ( pratique a risque, il faut choisir mais chacun est libre, heureusement)

Les trojans téléchargent d' autres infections, c' est pour ça que c' est pas facile de nettoyer complètement.
Tant qu' il en reste un, il essaie d' en rajouter d' autres.

C' est expliqué là à propos d' un de tes trojans:

" Trojan.Fatobfus it’s an automated obfuscated file that acts like a downloader. Most of the time, it downloads different version of the Swizzor Trojan. Also a QHost Trojan is created sometimes. If it downloads the swizzor Trojan, the following files might appear in your computer:
* some random name files (like 64a892.exe) in your temp directory (usually C:\Documents and Settings\Administrator\Local Settings\Temp)
* Application Data directory may contain some directories formed by three or two word (like “time more” or “Tool meow bar”)
* %systemdir%/drivers/host is modified.
Also, some registry key might be added in order to ensure that these processes are run when Windows starts. "

En gros c' est une vraie peste!

Bon courage.
0
Réponse 34 / 53
Impatient?
 
Une autre adresse de conseils pour la protection:
se premunir des virus et autres saletes pas si complique
(pas compliqué...peut-être pour lui)
0
Réponse 35 / 53
Impatient?
 
Une autre adresse pour la protection, où on peut lire que le pare-feu a pu être désactivé depuis l' extérieur ou par un des virus, à vérifier donc:

securite proteger un ordinateur contre les malwares d internet
0
marie 450
 
ok merci pour tes conseil j ai mis docteur spyware hier j ai tout scaner il m en a retirer mais j ai toujours
disabled en rouge qui a detecter spybot j ai aussi mis counterspy et netoyer avec smifraudix mais je peux pas mettre avast en meme temps avec norton il ont les meme pare feu !!! que faire le retirer ???
ET EN METTRE UN PLUS FORT MAIS LE QUEL ???
0
Réponse 36 / 53
Impatient?
 
bon essayer ça:
* ouvrir le panneau de configuration
*ouvrir le centre de sécurité Windows
*cliquer à gauche en bas sur:"modifier la façon dont le centre de sécurité me prévient"
*dans la fenêtre qui s' ouvre, cocher les 3 cases.
*cliquer sur ok
vérifier si spybot indique toujours la même chose.
0
marie450
 
je ne peux pas ateindre la fene tre de modif. elle est pas en caractere gras ! mais hier j ai fait un netoyage complet et defagmenter le disque avec microsoft et je vientde faire un scan de spybot il a detecter spyware secure +security +trade doubler+fast click tout ca rouge !!!! je l ai fait corriger mais security disabled refait toujours
0
marie450
 
je ne peux pas ateindre la fene tre de modif. elle est pas en caractere gras ! mais hier j ai fait un netoyage complet et defagmenter le disque avec microsoft et je vientde faire un scan de spybot il a detecter spyware secure +security +trade doubler+fast click tout ca rouge !!!! je l ai fait corriger mais security disabled revient toujours
__________________________________________________
0
Réponse 37 / 53
crac
 
Le test (Merci à Sebsauvage)

Si vous avez des doutes sur le fait que votre antivirus soit actif, il vous suffit de télécharger le fichier suivant:

https://www.eicar.org/download/eicar_com.zip

* Si votre antivirus bloque le téléchargement et vous affiche une alerte, tout va bien. Votre antivirus est actif.
* Si votre antivirus vous laisse télécharger et décompresser ce fichier zip sans broncher, alors vous avez un problème: l'antivirus n'est pas actif.

Le fichier EICAR est un fichier de test inoffensif que tous les antivirus reconnaissent.
Il est conçu justement pour tester le bon fonctionnement des antivirus.
Note

Avoir un antivirus actif ne suffit pas, il est impératif de s'assurer aussi qu'il est à jour.
Allez dans la fenêtre "A propos" de votre antivirus et vérifiez la date des signatures: elle ne doit pas dater de plus d'une semaine.

firewall installation et configuration du pare feu zonealarm
0
marie450
 
c est ok pour antivirus il a ete bloque je telecharg ence moment le teste du pare feu merci
0
Réponse 38 / 53
crac
 
tester son pare feu
0
Réponse 39 / 53
crac
 
quel est le résultat des 2 tests?
*1 antivirus actif oui non
*2 parefeu actif oui non
0
Réponse 40 / 53
crac
 
Norton protection center est une espèce de page de démarrage qui t'indique quels sont les éléments de protection dont tu disposes.

Lorsque tu cliques sur "ouvrir la fenêtre d'état", tu obtiens les différents éléments accompagnés de la mention "complet", "limité" ou "aucun".
0
marie450
 
le teste du pare feu ne fonctionne pas ca fait une et demi que j attends et rien
0