Spyware alert

Résolu
anoir08 Messages postés 46 Statut Membre -  
 ep -
aidez moi SVP, j'ai un grand probleme: j'ai un message qui apparait dans chaque 40s environ:

Security warning:
trojan.w32.looksky detected on your machine

apres ce message, le navigateur tente d'ouvrir une fenettre dont l'url est http://www.safewebnavigate.com/index.php?sid=502&aid=223&said=68&pn=3&pid=0

le scan de Avast ne donne rien

que doit je faire?? aisez moi SVP. merci d'avance. je suis debutant et je ne trouve pas de solutions.
merci d'avance.
Configuration: Windows XP
Firefox 2.0.0.7

22 réponses

  • 1
  • 2
  1. ep
     
    bonjour

    Télécharger sur le bureau
    [url=http://www.merijn.org/files/hijackthis.zip]hijackthis.zip[/url]
    = Clic-droit sur Hijackthis
    = Extraire ici ( ou extraire sans confirmation ou tout ou unzip)
    = clic droit sur Hijackthis ( en forme de dynamite) ==> renommer ==> écrire : test.exe ( à la place de hijackthis.exe) <== Important
    =Double-clic dessus
    = Clic Do a system scan and save the log
    =coller le rapport
    si problème voir l'aide
    [url=https://forums.cnetfrance.fr]Aide hijackthis[/url]
    0
  2. anoir08 Messages postés 46 Statut Membre 8
     
    ok, merci, je vais le faire,merci
    0
  3. anoir08 Messages postés 46 Statut Membre 8
     
    voici le rapport:
    Logfile of HijackThis v1.99.1
    Scan saved at 22:45:46, on 19/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software Antivirus\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software Antivirus\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Athan\Athan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Alwil Software Antivirus\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software Antivirus\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\Program Files\Real\RealPlayer\RealPlay.exe
    C:\Documents and Settings\Administrateur\Bureau\hijackthis\test.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: MSVPS System - {ACD85107-9CF9-4C9E-B0B7-39940A0017C0} - C:\WINDOWS\nsduo.dll
    O3 - Toolbar: ie-msn - {AD5AFA9D-A060-4FC4-9871-4D857580E526} - C:\Program Files\Common Files\System\sysiemsn\ie-msn.dll (file missing)
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: msmhost - {D1964C88-B5B0-495B-AF8A-7FF6F0A7F8C7} - C:\WINDOWS\msmhost.dll
    O21 - SSODL: msmdev - {CB78F031-2FF6-41B3-A403-FDE5062EEE00} - C:\WINDOWS\msmdev.dll
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software Antivirus\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software Antivirus\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software Antivirus\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software Antivirus\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe

    qu'est ce que doit faire maintenant? merci .
    0
  4. ep
     
    commencer par ceci
    Télécharge sur le bureau [url=http://siri.urz.free.fr/Fix/SmitfraudFix.zip]SmitfraudFix.zip[/url]
    => Double clic sur SmitfraudFix.zip
    => Extraire tout
    => Double clic sur SmitfraudFix
    => Double Clic sur SmitfraudFix.cmd
    => Choisir Option 1
    => coller le rapport
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. anoir08 Messages postés 46 Statut Membre 8
     
    hey mon ami , j'ai télechargé les mises à jour du logiciel Trojan remover, et le message d'alerte n'apparait plus, tout semble maintenant normal, ce logiciel à detecter un malware que j'ai supprimé.

    voici le rapport que tu as demandé, est ce qu'il ya une chose d'anormale, un grand MERCI pour votre aide.

    SmitFraudFix v2.225

    Rapport fait à 23:12:37,15, 19/09/2007
    Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software Antivirus\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software Antivirus\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Athan\Athan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Alwil Software Antivirus\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software Antivirus\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\main_uninstaller.exe PRESENT !
    C:\WINDOWS\msmhost.dll PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris

    C:\DOCUME~1\ADMINI~1\Favoris\Error Cleaner.url PRESENT !
    C:\DOCUME~1\ADMINI~1\Favoris\Privacy Protector.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Broadcom NetXtreme Gigabit Ethernet for hp - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{5ABF1959-AC2E-431C-8260-2660A9EEC57F}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{5ABF1959-AC2E-431C-8260-2660A9EEC57F}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{5ABF1959-AC2E-431C-8260-2660A9EEC57F}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{5ABF1959-AC2E-431C-8260-2660A9EEC57F}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  7. ep
     
    Redémarre l'ordinateur en mode sans échec
    (tapoter F8 au boot pour obtenir le menu de démarrage ou http://service1.symantec.com/

    Double clique sur smitfraudfix.cmd

    Sélectionne 2 pour supprimer les fichiers responsables de l'infection.

    A la question Voulez-vous nettoyer le registre ? répondre O (oui) afin de débloquer le fond d'écran et supprimer les clés de démarrage automatique de l'infection.

    Le fix déterminera si le fichier wininet.dll est infecté.

    A la question Corriger le fichier infecté ? répondre O (oui) pour remplacer le fichier corrompu.

    Redémarre en mode normal et poste le rapport ici

    N.B.: Cette étape élimine les fichiers infectieux détectés à l'étape #1
    Attention que l'option 2 de l'outil supprime le fond d'écran !

    reposte un nouveau rapport hijackthis à l'issu stp
    0
  8. anoir08 Messages postés 46 Statut Membre 8
     
    salut mon ami, comment le redemarrer en mode sans echec? la touche F8 n'a aucun effet.
    voici le rapport de Torjan remover, lui aussi demande le safe mode, car c'est vrai que le probleme ne soit plus maitenant mais son scan trouve toujours le meme probleme:
    ***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
    19/09/2007 23:34:58: Trojan Remover has been restarted
    Unable to rename C:\WINDOWS\msmdev.dll to C:\WINDOWS\msmdev.dll.ren
    (C:\WINDOWS\msmdev.dll does not appear to exist)
    You may want to run a new scan with Trojan Remover in SAFE mode.
    19/09/2007 23:35:14: Trojan Remover closed
    ************************************************************

    ***** NORMAL SCAN FOR ACTIVE MALWARE *****
    Trojan Remover Ver 6.6.2.2488. For information, email simplysupsupport@aol.com
    [Unregistered version]
    Scan started at: 19/09/2007 23:32:34
    Using Database v6864
    Operating System: Windows XP Professional Service Pack 2 (Build 2600)
    Using data directory: C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
    Logfile directory: C:\Documents and Settings\Administrateur\Mes documents\Simply Super Software\Trojan Remover Logfiles\
    Running with Administrator privileges

    **************************************************
    Checking Registry exefile command for modifications
    Checking Registry comfile command for modifications
    Checking Registry piffile command for modifications
    Checking Registry batfile command for modifications
    Checking Registry regfile command for modifications
    Checking Registry cmdfile command for modifications
    Checking Registry scrfile command for modifications

    **************************************************
    23:32:34: Scanning ----------WIN.INI-----------
    WIN.INI found in C:\WINDOWS

    **************************************************
    23:32:34: Scanning --------SYSTEM.INI---------
    SYSTEM.INI found in C:\WINDOWS

    **************************************************
    23:32:34: ----- SCANNING FOR ROOTKIT SERVICES -----
    No hidden Services were detected.

    **************************************************
    23:32:34: Scanning -----WINDOWS REGISTRY-----
    --------------------
    Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
    This key's "Shell" value calls the following program(s):
    Explorer.exe - this entry has been left in place
    ----------
    This key's "Userinit" value calls the following program(s):
    C:\WINDOWS\system32\userinit.exe - this entry has been left in place
    ----------
    This key's "System" value appears to be blank
    ----------
    This key's "UIHost" value calls the following program:
    logonui.exe - this entry has been left in place
    ----------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    --------------------
    Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value Name = load
    The Data Value for this entry appears to be blank
    --------------------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    This Registry Key attempts to run the following program(s):
    Value Name = NeroFilterCheck
    Value Data = C:\WINDOWS\system32\NeroCheck.exe - this command has been left in place
    --------------------
    Value Name = ISUSScheduler
    Value Data = C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start - this command has been left in

    place
    --------------------
    Value Name = QuickTime Task
    Value Data = C:\WINDOWS\system32\qttask.exe" -atboottime - this command has been left in place
    --------------------
    Value Name = ISUSPM Startup
    Value Data = C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup - this command has been left in place
    --------------------
    Value Name = Tweak UI
    Value Data = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp - this command has been left in place
    --------------------
    Value Name = pviever
    Value Data = C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe" hide - this command has been left in place [file not

    found to scan]
    --------------------
    Value Name = avast!
    Value Data = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - this command has been left in place
    --------------------
    Value Name = SunJavaUpdateSched
    Value Data = C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe - this command has been left in place
    --------------------
    Value Name = TkBellExe
    Value Data = C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot - this command has been left in place
    --------------------
    Value Name = Athan
    Value Data = C:\Program Files\Athan\Athan.exe - this command has been left in place
    --------------------
    Value Name = TrojanScanner
    Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
    --------------------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    This Registry Key appears to be empty
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    This Registry Key appears to be empty
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
    This Registry Key appears to be empty
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    This Registry Key attempts to run the following program(s):
    Value Name = CTFMON.EXE
    Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
    --------------------
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    This Registry Key appears to be empty

    **************************************************
    23:32:35: Scanning -----SHELLEXECUTEHOOKS-----
    ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
    File: shell32.dll - this file is expected and has been left in place
    ----------

    **************************************************
    23:32:35: Scanning -----HIDDEN REGISTRY ENTRIES-----
    Taskdir check completed
    ----------
    No Hidden File-loading Registry Entries found
    ----------

    **************************************************
    23:32:36: Scanning -----ACTIVE SCREENSAVER-----
    ScreenSaver=C:\WINDOWS\system32\logon.scr - this command has been left in place
    --------------------

    **************************************************
    23:32:36: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
    Checking the StubPath calls in the Active Setup\Installed Components registry keys:
    Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
    ----------
    Key=>{26923b43-4d38-484f-9b9e-de460746276c}
    StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
    ----------
    Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
    StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
    ----------
    Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
    StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
    ----------
    Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
    StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
    ----------
    Key={7790769C-0471-11d2-AF11-00C04FA35D02}
    StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
    ----------
    Key={89820200-ECBD-11cf-8B85-00AA005B4340}
    StubPath=regsvr32.exe - this reference has been left in place
    ----------
    Key={89820200-ECBD-11cf-8B85-00AA005B4383}
    StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
    ----------

    **************************************************
    23:32:37: Scanning ----- SERVICEDLL REGISTRY KEYS -----
    Checking DLL files called from the CurrentControlSet\Services Keys:
    --------------------
    Key=Alerter
    ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
    --------------------
    Key=AppMgmt
    ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place
    --------------------
    Key=AudioSrv
    ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
    --------------------
    Key=BITS
    ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place
    --------------------
    Key=Browser
    ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
    --------------------
    Key=CryptSvc
    ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
    --------------------
    Key=DcomLaunch
    ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
    --------------------
    Key=Dhcp
    ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
    --------------------
    Key=dmserver
    ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
    --------------------
    Key=Dnscache
    ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
    --------------------
    Key=ERSvc
    ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
    --------------------
    Key=EventSystem
    ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place
    --------------------
    Key=FastUserSwitchingCompatibility
    ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
    --------------------
    Key=helpsvc
    ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
    --------------------
    Key=HidServ
    ServiceDLL=%SystemRoot%\System32\hidserv.dll - this file is globally excluded (file cannot be found)
    --------------------
    Key=HTTPFilter
    ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
    --------------------
    Key=lanmanserver
    ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
    --------------------
    Key=lanmanworkstation
    ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
    --------------------
    Key=LmHosts
    ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
    --------------------
    Key=Messenger
    ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
    --------------------
    Key=Netman
    ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
    --------------------
    Key=Nla
    ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
    --------------------
    Key=NtmsSvc
    ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
    --------------------
    Key=RasAuto
    ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
    --------------------
    Key=RasMan
    ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
    --------------------
    Key=RemoteAccess
    ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
    --------------------
    Key=RemoteRegistry
    ServiceDLL=%SystemRoot%\system32\regsvc.dll - this reference has been left in place
    --------------------
    Key=RpcSs
    ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
    --------------------
    Key=Schedule
    ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
    --------------------
    Key=seclogon
    ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
    --------------------
    Key=SENS
    ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
    --------------------
    Key=SharedAccess
    ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
    --------------------
    Key=ShellHWDetection
    ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
    --------------------
    Key=srservice
    ServiceDLL=C:\WINDOWS\system32\srsvc.dll - this reference has been left in place
    --------------------
    Key=SSDPSRV
    ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
    --------------------
    Key=stisvc
    ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
    --------------------
    Key=TapiSrv
    ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
    --------------------
    Key=TermService
    ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
    --------------------
    Key=Themes
    ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
    --------------------
    Key=TrkWks
    ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
    --------------------
    Key=upnphost
    ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
    --------------------
    Key=W32Time
    ServiceDLL=C:\WINDOWS\system32\w32time.dll - this reference has been left in place
    --------------------
    Key=WebClient
    ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
    --------------------
    Key=winmgmt
    ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
    --------------------
    Key=WmdmPmSN
    ServiceDLL=C:\WINDOWS\system32\mspmsnsv.dll - this reference has been left in place
    --------------------
    Key=Wmi
    ServiceDLL=%SystemRoot%\System32\advapi32.dll - this reference has been left in place
    --------------------
    Key=wscsvc
    ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
    --------------------
    Key=wuauserv
    ServiceDLL=C:\WINDOWS\system32\wuauserv.dll - this reference has been left in place
    --------------------
    Key=WZCSVC
    ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
    --------------------
    Key=xmlprov
    ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place

    **************************************************
    23:32:41: Scanning ----- SERVICES REGISTRY KEYS -----
    Checking files called from the CurrentControlSet\Services Keys:
    Key=ACPI
    ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place
    ----------
    Key=Adobe LM Service
    ImagePath="C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe" - this reference has been left in

    place
    ----------
    Key=aeaudio
    ImagePath=system32\drivers\aeaudio.sys - this reference has been left in place
    ----------
    Key=aec
    ImagePath=system32\drivers\aec.sys - this reference has been left in place
    ----------
    Key=AFD
    ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
    ----------
    Key=agp440
    ImagePath=system32\DRIVERS\agp440.sys - this reference has been left in place
    ----------
    Key=ALG
    ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
    ----------
    Key=aswUpdSv
    ImagePath="C:\Program Files\Alwil Software Antivirus\Avast4\aswUpdSv.exe" - this reference has been left in place
    ----------
    Key=AsyncMac
    ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
    ----------
    Key=atapi
    ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place
    ----------
    Key=Atmarpc
    ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place
    ----------
    Key=audstub
    ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place
    ----------
    Key=avast! Antivirus
    ImagePath="C:\Program Files\Alwil Software Antivirus\Avast4\ashServ.exe" - this reference has been left in place
    ----------
    Key=avast! Mail Scanner
    ImagePath="C:\Program Files\Alwil Software Antivirus\Avast4\ashMaiSv.exe" /service - this reference has been left in place
    ----------
    Key=avast! Web Scanner
    ImagePath="C:\Program Files\Alwil Software Antivirus\Avast4\ashWebSv.exe" /service - this reference has been left in place
    ----------
    Key=b57w2k
    ImagePath=system32\DRIVERS\b57xp32.sys - this reference has been left in place
    ----------
    Key=Cdrom
    ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
    ----------
    Key=CiSvc
    ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
    ----------
    Key=ClipSrv
    ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
    ----------
    Key=COMSysApp
    ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in

    place
    ----------
    Key=Disk
    ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place
    ----------
    Key=dmadmin
    ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
    ----------
    Key=dmboot
    ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
    ----------
    Key=dmio
    ImagePath=system32\DRIVERS\dmio.sys - this reference has been left in place
    ----------
    Key=DMusic
    ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
    ----------
    Key=drmkaud
    ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
    ----------
    Key=Eventlog
    ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
    ----------
    Key=Fdc
    ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place
    ----------
    Key=Flpydisk
    ImagePath=system32\DRIVERS\flpydisk.sys - this reference has been left in place
    ----------
    Key=FltMgr
    ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place
    ----------
    Key=Ftdisk
    ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place
    ----------
    Key=Gpc
    ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place
    ----------
    Key=HTTP
    ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
    ----------
    Key=i8042prt
    ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
    ----------
    Key=IDriverT
    ImagePath="C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe" - this reference has been left

    in place
    ----------
    Key=Imapi
    ImagePath=system32\DRIVERS\imapi.sys - this reference has been left in place
    ----------
    Key=ImapiService
    ImagePath=C:\WINDOWS\system32\imapi.exe - this reference has been left in place
    ----------
    Key=IntelIde
    ImagePath=system32\DRIVERS\intelide.sys - this reference has been left in place
    ----------
    Key=intelppm
    ImagePath=system32\DRIVERS\intelppm.sys - this reference has been left in place
    ----------
    Key=Ip6Fw
    ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place
    ----------
    Key=IpFilterDriver
    ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
    ----------
    Key=IpInIp
    ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place
    ----------
    Key=IpNat
    ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
    ----------
    Key=IPSec
    ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place
    ----------
    Key=IRENUM
    ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place
    ----------
    Key=isapnp
    ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place
    ----------
    Key=k750bus
    ImagePath=system32\DRIVERS\k750bus.sys - this reference has been left in place
    ----------
    Key=k750mdfl
    ImagePath=system32\DRIVERS\k750mdfl.sys - this reference has been left in place
    ----------
    Key=k750mdm
    ImagePath=system32\DRIVERS\k750mdm.sys - this reference has been left in place
    ----------
    Key=k750mgmt
    ImagePath=system32\DRIVERS\k750mgmt.sys - this reference has been left in place
    ----------
    Key=k750obex
    ImagePath=system32\DRIVERS\k750obex.sys - this reference has been left in place
    ----------
    Key=Kbdclass
    ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
    ----------
    Key=kmixer
    ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
    ----------
    Key=ltmodem5
    ImagePath=system32\DRIVERS\ltmdmnt.sys - this reference has been left in place
    ----------
    Key=MDM
    ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE" - this reference has been left in place
    ----------
    Key=Mouclass
    ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
    ----------
    Key=MRxDAV
    ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place
    ----------
    Key=MRxSmb
    ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
    ----------
    Key=MSDTC
    ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place
    ----------
    Key=MSIServer
    ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
    ----------
    Key=MSKSSRV
    ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
    ----------
    Key=MSPCLOCK
    ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
    ----------
    Key=MSPQM
    ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
    ----------
    Key=mssmbios
    ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
    ----------
    Key=NdisTapi
    ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
    ----------
    Key=Ndisuio
    ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
    ----------
    Key=NdisWan
    ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
    ----------
    Key=NetBIOS
    ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
    ----------
    Key=NetBT
    ImagePath=system32\DRIVERS\netbt.sys - this reference has been left in place
    ----------
    Key=NetDDE
    ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
    ----------
    Key=NetDDEdsdm
    ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
    ----------
    Key=Netlogon
    ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
    ----------
    Key=NtLmSsp
    ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
    ----------
    Key=nv
    ImagePath=system32\DRIVERS\nv4_mini.sys - this reference has been left in place
    ----------
    Key=NwlnkFlt
    ImagePath=system32\DRIVERS\nwlnkflt.sys - this reference has been left in place
    ----------
    Key=NwlnkFwd
    ImagePath=system32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
    ----------
    Key=ose
    ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" - this reference has been left in place
    ----------
    Key=Parport
    ImagePath=system32\DRIVERS\parport.sys - this reference has been left in place
    ----------
    Key=PCI
    ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place
    ----------
    Key=PlugPlay
    ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
    ----------
    Key=PolicyAgent
    ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
    ----------
    Key=PptpMiniport
    ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
    ----------
    Key=ProtectedStorage
    ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
    ----------
    Key=PSched
    ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place
    ----------
    Key=Ptilink
    ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place
    ----------
    Key=PxHelp20
    ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
    ----------
    Key=RasAcd
    ImagePath=system32\DRIVERS\rasacd.sys - this reference has been left in place
    ----------
    Key=Rasl2tp
    ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
    ----------
    Key=RasPppoe
    ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
    ----------
    Key=Raspti
    ImagePath=system32\DRIVERS\raspti.sys - this reference has been left in place
    ----------
    Key=Rdbss
    ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
    ----------
    Key=RDPCDD
    ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
    ----------
    Key=rdpdr
    ImagePath=system32\DRIVERS\rdpdr.sys - this reference has been left in place
    ----------
    Key=RDSessMgr
    ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
    ----------
    Key=redbook
    ImagePath=system32\DRIVERS\redbook.sys - this reference has been left in place
    ----------
    Key=RpcLocator
    ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
    ----------
    Key=RSVP
    ImagePath=%SystemRoot%\system32\rsvp.exe - this reference has been left in place
    ----------
    Key=SamSs
    ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
    ----------
    Key=SCardSvr
    ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
    ----------
    Key=Secdrv
    ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place
    ----------
    Key=serenum
    ImagePath=system32\DRIVERS\serenum.sys - this reference has been left in place
    ----------
    Key=Serial
    ImagePath=system32\DRIVERS\serial.sys - this reference has been left in place
    ----------
    Key=smwdm
    ImagePath=system32\drivers\smwdm.sys - this reference has been left in place
    ----------
    Key=splitter
    ImagePath=system32\drivers\splitter.sys - this reference has been left in place
    ----------
    Key=Spooler
    ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
    ----------
    Key=sr
    ImagePath=system32\DRIVERS\sr.sys - this reference has been left in place
    ----------
    Key=srescan
    ImagePath=system32\ZoneLabs\srescan.sys - this reference has been left in place
    ----------
    Key=Srv
    ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place
    ----------
    Key=swenum
    ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
    ----------
    Key=swmidi
    ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
    ----------
    Key=SwPrv
    ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{9CF00D26-EDAD-4270-9A71-DCEF71CD19AC} - this reference has been left in

    place
    ----------
    Key=sysaudio
    ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
    ----------
    Key=SysmonLog
    ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
    ----------
    Key=Tcpip
    ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
    ----------
    Key=TermDD
    ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
    ----------
    Key=TlntSvr
    ImagePath=C:\WINDOWS\system32\tlntsvr.exe - this reference has been left in place
    ----------
    Key=Update
    ImagePath=system32\DRIVERS\update.sys - this reference has been left in place
    ----------
    Key=UPS
    ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
    ----------
    Key=usbehci
    ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
    ----------
    Key=usbhub
    ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
    ----------
    Key=usbprint
    ImagePath=system32\DRIVERS\usbprint.sys - this reference has been left in place
    ----------
    Key=USBSTOR
    ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
    ----------
    Key=usbuhci
    ImagePath=system32\DRIVERS\usbuhci.sys - this reference has been left in place
    ----------
    Key=usb_rndis
    ImagePath=system32\DRIVERS\usb8023.sys - this reference has been left in place
    ----------
    Key=VgaSave
    ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
    ----------
    Key=vsdatant
    ImagePath=System32\vsdatant.sys - this reference has been left in place
    ----------
    Key=vsmon
    ImagePath=C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service - this file is globally excluded
    ----------
    Key=VSS
    ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
    ----------
    Key=Wanarp
    ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
    ----------
    Key=wdmaud
    ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
    ----------
    Key=WmiApSrv
    ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place
    ----------

    **************************************************
    23:32:56: Scanning -----VXD ENTRIES-----
    Checking VMM32 VxD files being loaded

    **************************************************
    23:32:56: Scanning ----- WINLOGON\NOTIFY DLLS -----
    Checking DLLs called from the Winlogon\Notify key:
    Key=crypt32chain
    DLLName=crypt32.dll - this reference has been left in place
    ----------
    Key=cryptnet
    DLLName=cryptnet.dll - this reference has been left in place
    ----------
    Key=cscdll
    DLLName=cscdll.dll - this reference has been left in place
    ----------
    Key=ScCertProp
    DLLName=wlnotify.dll - this reference has been left in place
    ----------
    Key=Schedule
    DLLName=wlnotify.dll - this reference has been left in place
    ----------
    Key=sclgntfy
    DLLName=sclgntfy.dll - this reference has been left in place
    ----------
    Key=SensLogn
    DLLName=WlNotify.dll - this reference has been left in place
    ----------
    Key=termsrv
    DLLName=wlnotify.dll - this reference has been left in place
    ----------
    Key=wlballoon
    DLLName=wlnotify.dll - this reference has been left in place
    ----------

    **************************************************
    23:32:56: Scanning ----- CONTEXTMENUHANDLERS -----
    Key = avast
    CLSID = {472083B0-C522-11CF-8763-00608CC02F24}
    C:\Program Files\Alwil Software Antivirus\Avast4\ashShell.dll - this ContextMenuHandler has been left in place
    ----------
    Key = Fichiers hors connexion
    CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
    %SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
    ----------
    Key = Open With
    CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
    %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
    ----------
    Key = Open With EncryptionMenu
    CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
    %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
    ----------
    Key = Trojan Remover
    CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
    C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
    ----------
    Key = WinRAR
    CLSID = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
    C:\Program Files\WinRAR\rarext.dll - this ContextMenuHandler has been left in place
    ----------
    Key = ZLAVShExt
    CLSID = {D9872D13-7651-4471-9EEE-F0A00218BEBB}
    C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll - this ContextMenuHandler has been left in place
    ----------
    Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
    ----------

    **************************************************
    23:32:57: Scanning ----- FOLDER\COLUMNHANDLERS -----
    Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
    %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
    ----------
    Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
    %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
    ----------
    Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
    %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
    ----------
    Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
    %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
    ----------
    Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
    C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
    ----------

    **************************************************
    23:32:57: Scanning ----- BROWSER HELPER OBJECTS -----
    Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place
    ----------
    Key = {53707962-6F74-2D53-2644-206D7942484F}
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll - this Browser Helper Object has been left in place
    ----------
    Key = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - this Browser Helper Object has been left in place
    ----------

    **************************************************
    23:32:57: Scanning ----- SHELLSERVICEOBJECTS -----
    Key = PostBootReminder
    CLSID = {7849596a-48ea-486e-8937-a2a3009f31a9}
    %SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
    ----------
    Key = CDBurn
    CLSID = {fbeb8a05-beee-4442-804e-409d6c4515e9}
    %SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
    ----------
    Key = WebCheck
    CLSID = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    %SystemRoot%\system32\webcheck.dll - this ShellServiceObject has been left in place
    ----------
    Key = SysTray
    CLSID = {35CEC8A3-2BE6-11D2-8773-92E220524153}
    C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place
    ----------
    Key = msmdev
    CLSID = {3CD80B16-2860-471A-BDFB-29FED60402D8}
    C:\WINDOWS\msmdev.dll - appears to contain ADWARE.AGENT
    C:\WINDOWS\msmdev.dll - this ShellServiceObject was being loaded by the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"msmdev" - this key has been removed
    C:\WINDOWS\msmdev.dll - this ShellServiceObject was referenced by the following key:
    HKEY_CLASSES_ROOT\CLSID\{3CD80B16-2860-471A-BDFB-29FED60402D8} - this key has been removed
    C:\WINDOWS\msmdev.dll - unable to take ownsership/change permissions
    C:\WINDOWS\msmdev.dll has been marked for renaming when the PC is restarted (if it exists)
    ----------
    Key = msmhost
    CLSID = {0D199672-E4C6-4CCA-BADA-43E3E4D4A3D7}
    C:\WINDOWS\msmhost.dll - appears to contain ADWARE.AGENT
    C:\WINDOWS\msmhost.dll - this ShellServiceObject was being loaded by the following key:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"msmhost" - this key has been

    removed
    C:\WINDOWS\msmhost.dll - this ShellServiceObject was referenced by the following key:
    HKEY_CLASSES_ROOT\CLSID\{0D199672-E4C6-4CCA-BADA-43E3E4D4A3D7} - this key has been removed
    C:\WINDOWS\msmhost.dll has been renamed to: C:\WINDOWS\msmhost.dll.ren
    ----------

    **************************************************
    23:33:27: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
    Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
    Comment = Pré-chargeur Browseui
    File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
    ----------
    Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
    Comment = Démon de cache des catégories de composant
    File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
    ----------

    **************************************************
    23:33:28: Scanning ----- IMAGEFILE DEBUGGERS -----
    No "Debugger" entries found.

    **************************************************
    23:33:28: Scanning ----- APPINIT_DLLS -----
    The AppInit_DLLs value is blank

    **************************************************
    23:33:28: Scanning ----- SECURITY PROVIDER DLLS -----
    msapsspc.dll - this entry has been left in place
    ----------
    schannel.dll - this entry has been left in place
    ----------
    digest.dll - this entry has been left in place
    ----------
    msnsspc.dll - this entry has been left in place
    ----------

    **************************************************
    23:33:28: Scanning ------ COMMON STARTUP GROUP ------
    [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
    The Common Startup Group attempts to load the following file(s) at boot time:
    desktop.ini - this file has been left in place
    --------------------

    **************************************************
    No User Startup Groups were located to check

    **************************************************
    23:33:28: Scanning ----- SCHEDULED TASKS -----
    No Scheduled Tasks found to scan

    **************************************************
    23:33:28: ----- ADDITIONAL CHECKS -----
    PE386 rootkit checks completed
    ----------
    Winlogon registry rootkit checks completed
    ----------
    Heuristic checks for hidden files/drivers completed
    ----------

    **************************************************
    23:33:28: Scanning ------ DOWNLOADED PROGRAM FILES ------
    The following files are located in the DOWNLOADED PROGRAM FILES directory:
    C:\WINDOWS\Downloaded Program Files\desktop.ini - this file has been left in place
    C:\WINDOWS\Downloaded Program Files\dwusplay.dll - this file has been left in place
    C:\WINDOWS\Downloaded Program Files\dwusplay.exe - this file has been left in place
    C:\WINDOWS\Downloaded Program Files\isusweb.dll - this file has been left in place

    **************************************************
    23:33:29: Scanning ----- RUNNING PROCESSES -----
    [Only loaded modules not scanned already
    during this scan will be scanned here]

    C:\WINDOWS\System32\smss.exe
    [1 loaded module]
    --------------------
    C:\WINDOWS\system32\csrss.exe
    [13 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\winlogon.exe
    [62 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\services.exe
    [36 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\lsass.exe
    [58 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\svchost.exe
    [53 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\svchost.exe
    [39 loaded modules in total]
    --------------------
    C:\WINDOWS\System32\svchost.exe
    [154 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\svchost.exe
    [30 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\svchost.exe
    [38 loaded modules in total]
    --------------------
    C:\WINDOWS\Explorer.EXE
    [82 loaded modules in total]
    --------------------
    C:\Program Files\Alwil Software Antivirus\Avast4\aswUpdSv.exe
    [17 loaded modules in total]
    --------------------
    C:\Program Files\Alwil Software Antivirus\Avast4\ashServ.exe
    [56 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\spoolsv.exe
    [56 loaded modules in total]
    --------------------
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    [10 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\qttask.exe
    [16 loaded modules in total]
    --------------------
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    [46 loaded modules in total]
    --------------------
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    [19 loaded modules in total]
    --------------------
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    [25 loaded modules in total]
    --------------------
    C:\Program Files\Athan\Athan.exe
    [77 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\ctfmon.exe
    [23 loaded modules in total]
    --------------------
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    [21 loaded modules in total]
    --------------------
    C:\Program Files\Alwil Software Antivirus\Avast4\ashMaiSv.exe
    [49 loaded modules in total]
    --------------------
    C:\Program Files\Alwil Software Antivirus\Avast4\ashWebSv.exe
    [43 loaded modules in total]
    --------------------
    C:\WINDOWS\System32\alg.exe
    [32 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\wuauclt.exe
    [41 loaded modules in total]
    --------------------
    C:\WINDOWS\system32\wuauclt.exe
    [33 loaded modules in total]
    --------------------
    C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\hie33.exe
    FileSize: 2 015 808
    [This is a Trojan Remover component]
    [23 loaded modules in total]
    --------------------

    **************************************************
    23:33:54: Checking AUTOEXEC.BAT file
    AUTOEXEC.BAT found in C:\
    No malicious entries were found in the AUTOEXEC.BAT file

    **************************************************
    23:33:54: Checking AUTOEXEC.NT file
    AUTOEXEC.NT found in C:\WINDOWS\system32
    No malicious entries were found in the AUTOEXEC.NT file

    **************************************************
    23:33:54: Checking HOSTS file
    No malicious entries were found in the HOSTS file

    **************************************************
    ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
    http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
    %SystemRoot%\system32\blank.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
    http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
    https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
    HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
    https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
    http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
    C:\WINDOWS\system32\blank.htm
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
    http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

    **************************************************
    === CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
    === ONE OR MORE FILES WERE RENAMED OR REMOVED ===
    Scan completed at: 19/09/2007 23:33:54
    -------------------------------------------------------------------------
    One or more files could not be moved or renamed as requested.
    They may be in use by Windows, so Trojan Remover needs
    to restart the system in order to deal with these files.
    19/09/2007 23:34:04: restart commenced
    ************************************************************

    ***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
    19/09/2007 23:07:25: Trojan Remover has been restarted
    19/09/2007 23:07:25: Trojan Remover closed
    ************************************************************

    ***** NORMAL SCAN FOR ACTIVE MALWARE *****
    Trojan Remover Ver 6.6.2.2488. For information, email simplysupsupport@aol.com
    [Unregistered version]
    Scan started at: 19/09/2007 23:02:34
    Using Database v6864
    Operating System: Windows XP Professional Service Pack 2 (Build 2600)
    Using data directory: C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
    Logfile directory: C:\Documents and Settings\Administrateur\Mes documents\Simply Super Software\Trojan Remover Logfiles\
    Running with Administrator privileges

    **************************************************
    Checking Registry exefile command for modifications
    Checking Registry comfile command for modifications
    Checking Registry piffile command for modifications
    Checking Registry batfile command for modifications
    Checking Registry regfile command for modifications
    Checking Registry cmdfile command for modifications
    Checking Registry scrfile command for modifications

    **************************************************
    23:02:34: Scanning ----------WIN.INI-----------
    WIN.INI found in C:\WINDOWS

    **************************************************
    23:02:34: Scanning --------SYSTEM.INI---------
    SYSTEM.INI found in C:\WINDOWS

    **************************************************
    23:02:34: ----- SCANNING FOR ROOTKIT SERVICES -----
    No hidden Services were detected.

    **************************************************
    23:02:34: Scanning -----WINDOWS REGISTRY-----
    --------------------
    Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
    This key's "Shell" value calls the following program(s):
    Explorer.exe - this entry has been left in place
    ----------
    This key's "Userinit" value calls the following program(s):
    C:\WINDOWS\system32\userinit.exe - this entry has been left in place
    ----------
    This key's "System" value appears to be blank
    ----------
    This key's "UIHost" value calls the following program:
    logonui.exe - this entry has been left in place
    ----------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    --------------------
    Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value Name = load
    The Data Value for this entry appears to be blank
    --------------------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    This Registry Key attempts to run the following program(s):
    Value Name = NeroFilterCheck
    Value Data = C:\WINDOWS\system32\NeroCheck.exe - this command has been left in place
    --------------------
    Value Name = ISUSScheduler
    Value Data = C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start - this command has been left in

    place
    --------------------
    Value Name = QuickTime Task
    Value Data = C:\WINDOWS\system32\qttask.exe" -atboottime - this command has been left in place
    --------------------
    Value Name = ISUSPM Startup
    Value Data = C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup - this command has been left in place
    --------------------
    Value Name = Tweak UI
    Value Data = RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp - this command has been left in place
    --------------------
    Value Name = pviever
    Value Data = C:\Program Files\Gay-Lesbian-Photo\Gay-Lesbian-Photo.exe" hide - this command has been left in place [file not

    found to scan]
    --------------------
    Value Name = avast!
    Value Data = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - this command has been left in place
    --------------------
    Value Name = SunJavaUpdateSched
    Value Data = C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe - this command has been left in place
    --------------------
    Value Name = TkBellExe
    Value Data = C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot - this command has been left in place
    --------------------
    Value Name = Athan
    Value Data = C:\Program Files\Athan\Athan.exe - this command has been left in place
    --------------------
    Value Name = TrojanScanner
    Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
    --------------------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    This Registry Key appears to be empty
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    This Registry Key appears to be empty
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
    This Registry Key appears to be empty
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    This Registry Key attempts to run the following program(s):
    Value Name = CTFMON.EXE
    Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
    --------------------
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
    This Registry Key appears to be empty

    **************************************************
    23:02:35: Scanning -----SHELLEXECUTEHOOKS-----
    ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
    File: shell32.dll - this file is expected and has been left in place
    ----------

    **************************************************
    23:02:35: Scanning -----HIDDEN REGISTRY ENTRIES-----
    Taskdir check completed
    ----------
    No Hidden File-loading Registry Entries found
    ----------

    **************************************************
    23:02:36: Scanning -----ACTIVE SCREENSAVER-----
    ScreenSaver=C:\WINDOWS\system32\logon.scr - this command has been left in place
    --------------------

    **************************************************
    23:02:36: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
    Checking the StubPath calls in the Active Setup\Installed Components registry keys:
    Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
    ----------
    Key=>{26923b43-4d38-484f-9b9e-de460746276c}
    StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
    ----------
    Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
    StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
    ----------
    Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
    StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
    ----------
    Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
    StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
    ----------
    Key={7790769C-0471-11d2-AF11-00C04FA35D02}
    StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
    ----------
    Key={89820200-ECBD-11cf-8B85-00AA005B4340}
    StubPath=regsvr32.exe - this reference has been left in place
    ----------
    Key={89820200-ECBD-11cf-8B85-00AA005B4383}
    StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
    ----------

    **************************************************
    23:02:37: Scanning ----- SERVICEDLL REGISTRY KEYS -----
    Checking DLL files called from the CurrentControlSet\Services Keys:
    --------------------
    Key=Alerter
    ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
    --------------------
    Key=AppMgmt
    ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place
    --------------------
    Key=AudioSrv
    ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
    --------------------
    Key=BITS
    ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place
    --------------------
    Key=Browser
    ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
    --------------------
    Key=CryptSvc
    ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
    --------------------
    Key=DcomLaunch
    ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
    --------------------
    Key=Dhcp
    ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
    --------------------
    Key=dmserver
    ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
    --------------------
    Key=Dnscache
    ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
    --------------------
    Key=ERSvc
    ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
    --------------------
    Key=EventSystem
    ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place
    --------------------
    Key=FastUserSwitchingCompatibility
    ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
    --------------------
    Key=helpsvc
    ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
    --------------------
    Key=HidServ
    ServiceDLL=%SystemRoot%\System32\hidserv.dll - this file is globally excluded (file cannot be found)
    --------------------
    Key=HTTPFilter
    ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
    --------------------
    Key=lanmanserver
    ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
    --------------------
    Key=lanmanworkstation
    ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
    --------------------
    Key=LmHosts
    ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
    --------------------
    Key=Messenger
    ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
    --------------------
    Key=Netman
    ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
    --------------------
    Key=Nla
    ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
    --------------------
    Key=NtmsSvc
    ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
    --------------------
    Key=RasAuto
    ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
    --------------------
    Key=RasMan
    ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
    --------------------
    Key=RemoteAccess
    ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
    --------------------
    Key=RemoteRegistry
    ServiceDLL=%SystemRoot%\system32\regsvc.dll - this reference has been left in place
    --------------------
    Key=RpcSs
    ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
    --------------------
    Key=Schedule
    ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
    --------------------
    Key=seclogon
    ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
    --------------------
    Key=SENS
    ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
    --------------------
    Key=SharedAccess
    ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
    --------------------
    Key=ShellHWDetection
    ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
    --------------------
    Key=srservice
    ServiceDLL=C:\WINDOWS\system32\srsvc.dll - this reference has been left in place
    --------------------
    Key=SSDPSRV
    ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
    --------------------
    Key=stisvc
    ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
    --------------------
    Key=TapiSrv
    ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
    --------------------
    Key=TermService
    ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
    --------------------
    Key=Themes
    ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
    --------------------
    Key=TrkWks
    ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
    --------------------
    Key=upnphost
    ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
    --------------------
    Key=W32Time
    ServiceDLL=C:\WINDOWS\system32\w32time.dll - this reference has been left in place
    --------------------
    Key=WebClient
    ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
    --------------------
    Key=winmgmt
    ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
    --------------------
    Key=WmdmPmSN
    ServiceDLL=C:\WINDOWS\system32\mspmsnsv.dll - this reference has been left in place
    --------------------
    Key=Wmi
    ServiceDLL=%SystemRoot%\System32\advapi32.dll - this reference has been left in place
    --------------------
    Key=wscsvc
    ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
    --------------------
    Key=wuauserv
    ServiceDLL=C:\WINDOWS\system32\wuauserv.dll - this reference has been left in place
    --------------------
    Key=WZCSVC
    ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
    --------------------
    Key=xmlprov
    ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place

    **************************************************
    23:02:42: Scanning ----- SERVICES REGISTRY KEYS -----
    Checking files called from the CurrentControlSet\Services Keys:
    Key=ACPI
    ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place
    ----------
    Key=Adobe LM Service
    ImagePath="C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe" - this reference has been left in

    place
    ----------
    Key=aeaudio
    ImagePath=system32\drivers\aeaudio.sys - this reference has been left in place
    ----------
    Key=aec
    ImagePath=system32\drivers\aec.sys - this reference has been left in place
    ----------
    Key=AFD
    ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
    ----------
    Key=agp440
    ImagePath=system32\DRIVERS\agp440.sys - this reference has been left in place
    ----------
    Key=ALG
    ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
    ----------
    Key=aswUpdSv
    ImagePath="C:\Program Files\Alwil Software Antivirus\Avast4\aswUpdSv.exe" - this reference has been left in place
    ----------
    Key=AsyncMac
    ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
    ----------
    Key=atapi
    ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place
    ----------
    Key=Atmarpc
    ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place
    ----------
    Key=audstub
    ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place
    ----------
    Key=avast! Antivirus
    ImagePath="C:\Program Files\Alwil Software Antivirus\Avast4\ashServ.exe" - this reference has been left in place
    ----------
    Key=avast! Mail Scanner
    ImagePath="C:\Program Files\Alwil Software Antivirus\Avast4\ashMaiSv.exe" /service - this reference has been left in place
    ----------
    Key=av
    0
  9. anoir08 Messages postés 46 Statut Membre 8
     
    voici ce que torjan remover propose:
    the window registry loads the following shell device object:
    C:\WINDOWS\msmhost.dll

    a file with this nama has not been found (it may be hidden)

    this program called from the following registry key:
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\"{58E0CD42-DAC1-4BC5-9D5C-6E12D1FBF250}"

    this file is a known Malware file name.

    est ce que une installation mise à jour du systeme d'exploitation corrigera ce probleme?

    c'est vraiment une casse-tete!
    0
  10. anoir08 Messages postés 46 Statut Membre 8
     
    je m'excuse je viens de voir ton message, voici le rapport:

    Logfile of HijackThis v1.99.1
    Scan saved at 00:04:50, on 20/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software Antivirus\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software Antivirus\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Athan\Athan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Alwil Software Antivirus\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software Antivirus\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrateur\Bureau\hijackthis\test.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: ie-msn - {AD5AFA9D-A060-4FC4-9871-4D857580E526} - C:\Program Files\Common Files\System\sysiemsn\ie-msn.dll (file missing)
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: msmhost - {58E0CD42-DAC1-4BC5-9D5C-6E12D1FBF250} - C:\WINDOWS\msmhost.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software Antivirus\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software Antivirus\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software Antivirus\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software Antivirus\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  11. ep
     
    j'en suis pas sur

    par contre fait ceci

    Télécharger sur le bureau : [url=http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe]navilog.exe[/url]

    = Double-Clic navilog1.zip
    = Extraire tout ( ou extraire sans confirmation ou unzip)
    = Double-Clic navilog1 qui est sur le bureau
    = Appuyer sur une touche jusqu' arriver aux options
    = Choisir option 1 ( = taper 1 )
    ne pas utiliser les autres sans avis , il peut y avoir des processus légitimes

    le rapport se trouve dans c: fixnavi.txt

    tu postes ce rapport.

    ---------------------
    2°) Télecharger [url=http://www.malekal.com/download/clean.zip]clean.zip[/url] sur le bureau
    Dézipper sur le bureau.
    = ouvrir le dossier clean
    = cliquer sur le symbole roue dentée avec le nom clean
    = choisir l'option 1 et laisser clean travailler jusqu'à l'apparition du texte "appuyer sur une touche pour continuer"
    = copier et coller également le rapport dans la réponse
    0
  12. anoir08 Messages postés 46 Statut Membre 8
     
    voici le 1er rapport:
    SmitFraudFix v2.225

    Rapport fait à 23:12:37,15, 19/09/2007
    Executé à partir de C:\Documents and Settings\Administrateur\Bureau\SmitfraudFix\SmitfraudFix
    OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
    Le type du système de fichiers est NTFS
    Fix executé en mode normal

    »»»»»»»»»»»»»»»»»»»»»»»» Process

    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software Antivirus\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software Antivirus\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Athan\Athan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Alwil Software Antivirus\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software Antivirus\Avast4\ashWebSv.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\cmd.exe

    »»»»»»»»»»»»»»»»»»»»»»»» hosts

    »»»»»»»»»»»»»»»»»»»»»»»» C:\

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS

    C:\WINDOWS\main_uninstaller.exe PRESENT !
    C:\WINDOWS\msmhost.dll PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web

    »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Administrateur\Application Data

    »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer

    »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\ADMINI~1\Favoris

    C:\DOCUME~1\ADMINI~1\Favoris\Error Cleaner.url PRESENT !
    C:\DOCUME~1\ADMINI~1\Favoris\Privacy Protector.url PRESENT !

    »»»»»»»»»»»»»»»»»»»»»»»» Bureau

    »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

    »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues

    »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

    [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
    "Source"="About:Home"
    "SubscribedURL"="About:Home"
    "FriendlyName"="Ma page d'accueil"

    »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    SrchSTS.exe by S!Ri
    Search SharedTaskScheduler's .dll

    »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
    "AppInit_DLLs"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
    !!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
    "System"=""

    »»»»»»»»»»»»»»»»»»»»»»»» Rustock

    »»»»»»»»»»»»»»»»»»»»»»»» DNS

    Description: Broadcom NetXtreme Gigabit Ethernet for hp - Miniport d'ordonnancement de paquets
    DNS Server Search Order: 192.168.1.1

    HKLM\SYSTEM\CCS\Services\Tcpip\..\{5ABF1959-AC2E-431C-8260-2660A9EEC57F}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\..\{5ABF1959-AC2E-431C-8260-2660A9EEC57F}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\..\{5ABF1959-AC2E-431C-8260-2660A9EEC57F}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\..\{5ABF1959-AC2E-431C-8260-2660A9EEC57F}: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
    HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1

    »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll

    »»»»»»»»»»»»»»»»»»»»»»»» Fin
    0
  13. anoir08 Messages postés 46 Statut Membre 8
     
    desolé c'eté l'ancien rapport, non voici le 1er rapport:
    Search Navipromo version 3.0.4 commencé le 20/09/2007 à 0:14:42,62

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Poster ce rapport sur le forum pour le faire analyser !!!
    !!! Ne pas lancer la partie désinfection sans l'avis d'un spécialiste !!!

    Fix lancé depuis C:\Program Files\navilog1
    Mise a jour le 19.09.2007 a 15h00 by IL-MAFIOSO

    Microsoft Windows XP [version 5.1.2600]
    Internet Explorer : 6.0.2900.2180

    *** Recherche Programmes installes ***

    *** Recherche dossiers dans C:\WINDOWS ***

    *** Recherche dossiers dans C:\Program Files ***

    *** Recherche dossiers dans C:\Documents and Settings\All Users\Application Data ***

    *** Recherche dossiers dans C:\Documents and Settings\Administrateur\Application Data ***

    *** Recherche avec BlackLight Engine/F-secure ***
    BlackLight Engine est un produit de F-secure, pour + d'infos :
    https://www.f-secure.com/en

    F-SECURE BLACKLIGHT ROOTKIT ELIMINATOR
    ======================================

    Copyright 2005-2006 F-Secure Corporation. All rights reserved.
    This is a beta version. It will expire on 1st of October, 2007.
    Version information: 2.2.1064.

    [+] Started on 09/20/07 at 00:14:43.
    [+] Initializing ...
    [+] Starting scan, press Ctrl-C to abort.
    [+] Scanning for hidden items ................................
    [+] Scan complete.
    [+] Summary: 0 hidden item(s) found, 0 scheduled for renaming.
    [+] Exited on 09/20/07 at 00:16:46 (return code = 0).

    *** Recherche avec GenericNaviSearch ***
    !!! Tous Ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A verifier impérativement avant toute suppression manuelle !!!

    * Scan C:\WINDOWS\system32 *

    Fichiers trouvés :

    Aucun Fichier trouvé !

    Fichiers suspects :

    Aucun Fichier suspect trouvé !

    *** Recherche fichiers ***

    *** Recherche cles registre ***

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    2)Recherche Heuristique :
    0
  14. ep
     
    non tu as posté ton premier rapport de MSNfix
    ;-)
    0
  15. anoir08 Messages postés 46 Statut Membre 8
     
    oui, vous trouverez au dessus de ton dernier message le rapport que tu as demandé en premier

    et voiçi le 2ème, celui là c'est assez court!!

    20/09/2007 a 0:25:16,07

    *** Recherche des fichiers dans C:

    *** Recherche des fichiers dans C:\WINDOWS\

    *** Recherche des fichiers dans C:\WINDOWS\system32

    *** Recherche des fichiers dans C:\Program Files
    *** Fin du rapport !

    alors, il ya problemes, en tous cas le message d'alerte n'a pas apparu depuis que j'ai lancé le progamme torjan remover avec la derniere mise à jour.
    0
  16. anoir08 Messages postés 46 Statut Membre 8
     
    :) heureux que sont ok, c'est grace a vous mon ami,
    voilà le rapport de hijacks:

    Logfile of HijackThis v1.99.1
    Scan saved at 00:38:42, on 20/09/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\Alwil Software Antivirus\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software Antivirus\Avast4\ashServ.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\WINDOWS\system32\qttask.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Athan\Athan.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
    C:\Program Files\Alwil Software Antivirus\Avast4\ashMaiSv.exe
    C:\Program Files\Alwil Software Antivirus\Avast4\ashWebSv.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Documents and Settings\Administrateur\Bureau\hijackthis\test.exe.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O3 - Toolbar: ie-msn - {AD5AFA9D-A060-4FC4-9871-4D857580E526} - C:\Program Files\Common Files\System\sysiemsn\ie-msn.dll (file missing)
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\system32\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
    O4 - HKLM\..\Run: [Tweak UI] RUNDLL32.EXE TWEAKUI.CPL,TweakMeUp
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O9 - Extra button: Run WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra 'Tools' menuitem: Launch WinHTTrack - {36ECAF82-3300-8F84-092E-AFF36D6C7040} - C:\Program Files\WinHTTrack\WinHTTrackIEBar.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\OFFICE11\REFIEBAR.DLL
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\
    O21 - SSODL: msmhost - {58E0CD42-DAC1-4BC5-9D5C-6E12D1FBF250} - C:\WINDOWS\msmhost.dll (file missing)
    O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software Antivirus\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software Antivirus\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software Antivirus\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software Antivirus\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
    0
  17. ep
     
    refaire hijackthis
    et coche ces lignes ensuite clic sur fix checked

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://softwarereferral.com/jump.php?wmid=6010&mid=MjI6Ojg5&lid=2
    O3 - Toolbar: ie-msn - {AD5AFA9D-A060-4FC4-9871-4D857580E526} - C:\Program Files\Common Files\System\sysiemsn\ie-msn.dll (file missing)

    Télécharge : - CCleaner
    https://www.pcastuces.com/logitheque/ccleaner.htm
    ("Download Latest Version", sur la droite).
    Ce logiciel va permettre de supprimer tous les fichiers temporaires. Avant de cliquer sur le bouton "installer", décoche toutes les "options supplémentaires". Ensuite, Clique sur "Options", "Avancé" et décoche la case "Effacer uniquement les fichiers, du dossier Temp de Windows, plus vieux que 48 heures". Par la suite, laisse-le avec ses réglages par défaut. C'est tout.
    Un tuto
    http://perso.orange.fr/jesses/Docs/Logiciels/CCleaner.htm

    utilise rogue remover:
    http://www.libellules.ch/dotclear/index.php?2006/11/29/1518-rogue-remover
    0
  18. anoir08 Messages postés 46 Statut Membre 8
     
    c'est fait, Mille MERCI pour ton aide. vraiment merci de tout mon coeur, respect.
    0
  • 1
  • 2