Sujet Précédent Sujet Suivant

Virus MSN (encore!)

Fermé
zoomie Messages postés 2 Date d'inscription mercredi 27 février 2008 Statut Membre Dernière intervention 27 février 2008 - 27 févr. 2008 à 19:32
 g!rly - 28 févr. 2008 à 03:50
Bonjour,
J'ai moi aussi reçu le virus dont tout le monde parle actuellement: avast a détecté le Win32:PurityScan-Q[Trj] et je n'arrive pas à le supprimer.
Je suis un boulet du PC, je ne comprends pas grand chose à ce qu'il se dit sur les forums. J'ai tout de même réussi à comprendre qu'il fallait que je lance MSNFix, ce que j'ai fait, mais le virus n'a pas disparu. Alors j'ai lancé Hijackthis, le rapport donne ca:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:05:15, on 27/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\System32\?ecurity\r?gsvr32.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = https://www.bing.com/?FORM=TOOLBR&cc=fr&toHttps=1&redig=4527FFF1C12746FC9EDB535C75E80ECC
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.ex­e
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: EoRezoBHO - {64F56FC1-1272-44CD-BA6E-39723696E350} - C:\Program Files\eoRezo\EoAdv\EoRezobho.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Streams Drivers] C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [xInsIDE] C:\Program Files\xInsIDE\xInsIDE.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [WinTouch] C:\Users\Zoé\AppData\Roaming\WinTouch\WinTouch.exe
O4 - HKCU\..\Run: [SfKg6w] C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\rayiou.exe
O4 - HKCU\..\Run: [Ieuu] "C:\Users\ZO7369~1\AppData\Roaming\ASEMBL~1\alg.exe" -vt yazb
O4 - HKCU\..\Run: [Zbvttzi] C:\Windows\System32\?ecurity\r?gsvr32.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
End of file - 8710 bytes


...mais je ne sais pas quoi en faire -_-'
Tous mes cours... sont sur mon PC, je suis un peu paniquée!
Par avance merci!
A voir également:

46 réponses

Précédent
Réponse 21 / 46
Utilisateur anonyme
28 févr. 2008 à 00:32
Désolée de poser des questions certainement idiotes, mais je ne comprends rien, et j'ai très peur de faire des bêtises!
===========
Rien d'idiot

il n'y a pas un nom de programme sur le message?
0
Réponse 22 / 46
zoomie
28 févr. 2008 à 00:35
dans l'autre fenêtre, il me dit scanning registry et scanningHKLM subkeys, c'est tout.
Ah, si dans la fenêtre qui s'est ouverte pour me notifier le problème, la barre dans laquelle était écrite le premier "chemin" (mon vocabulaire informatique est limité!) est encore là
0
Réponse 23 / 46
Utilisateur anonyme
28 févr. 2008 à 00:39
prevent this file from loading and disable the file by renaming it
0
Réponse 24 / 46
zoomie
28 févr. 2008 à 00:56
Voici le rapport:


***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
28/02/2008 00:47:41: Trojan Remover has been restarted
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe has been renamed to C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe.vir
C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\rayiou.exe - process is either not running or could not be terminated
C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\rayiou.exe has been renamed to C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\rayiou.exe.vir
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[Streams Drivers] - already deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[runner1] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[SfKg6w] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[Ieuu] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[Zbvttzi] - already deleted
HKLM\SYSTEM\CurrentControlSet\Services\iPod Service\[ImagePath] - already deleted
HKLM\SYSTEM\CurrentControlSet\Services\MREMP50a64\[ImagePath] - already deleted
HKLM\SYSTEM\CurrentControlSet\Services\MRESP50a64\[ImagePath] - already deleted
=======================================================
28/02/2008 00:47:41: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.7.2517. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 28/02/2008 00:07:01
Using Database v6942
Operating System: Windows Vista [Windows Vista (Build 6000)]
Edition: Windows Vista (TM) Home Basic
File System: NTFS
User Account Control is DISABLED.
Data directory: C:\Users\Zoé\AppData\Roaming\Simply Super Software\Trojan Remover\
Logfile directory: C:\Users\Zoé\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges


**************************************************

**************************************************
00:07:01: Scanning ----------WIN.INI-----------
WIN.INI found in C:\Windows

**************************************************
00:07:01: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\Windows

**************************************************
00:07:01: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
00:07:01: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: explorer.exe
C:\Windows\explorer.exe
2923520 bytes
Created: 21/11/2007
Modified: 21/11/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
24576 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------
File: C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe
59124 bytes
Created: 25/02/2008
Modified: 25/02/2008
Company:
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe appears to be in-use/locked
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe - this entry will be removed (no action requested on file)
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SynTPEnh
Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
815104 bytes
Created: 25/03/2007
Modified: 20/11/2006
Company: Synaptics, Inc.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
132760 bytes
Created: 17/10/2007
Modified: 14/06/2007
Company: Sun Microsystems, Inc.
--------------------
Value Name: ATICCC
Value Data: "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe
90112 bytes
Created: 11/07/2006
Modified: 11/07/2006
Company:
--------------------
Value Name: Broadcom Wireless Manager UI
Value Data: C:\Windows\system32\WLTRAY.exe
C:\Windows\system32\WLTRAY.exe
1540096 bytes
Created: 24/03/2007
Modified: 18/11/2006
Company: Dell Inc.
--------------------
Value Name: ISUSScheduler
Value Data: "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
81920 bytes
Created: 03/10/2006
Modified: 03/10/2006
Company: Macrovision Corporation
--------------------
Value Name: RoxWatchTray
Value Data: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
221184 bytes
Created: 05/11/2006
Modified: 05/11/2006
Company: Sonic Solutions
--------------------
Value Name: PDVDDXSrv
Value Data: "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
118784 bytes
Created: 24/03/2007
Modified: 20/10/2006
Company: CyberLink Corp.
--------------------
Value Name: Google Desktop Search
Value Data: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
1831936 bytes
Created: 24/03/2007
Modified: 16/05/2007
Company: Google
--------------------
Value Name: ECenter
Value Data: c:\dell\E-Center\EULALauncher.exe
c:\dell\E-Center\EULALauncher.exe
17920 bytes
Created: 24/03/2007
Modified: 17/11/2006
Company:
--------------------
Value Name: EoEngine
Value Data:
The Value Data for this entry appears to be blank
--------------------
Value Name: EoNet
Value Data:
The Value Data for this entry appears to be blank
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
79224 bytes
Created: 05/01/2008
Modified: 04/12/2007
Company: ALWIL Software
--------------------
Value Name: ISUSPM Startup
Value Data: c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe
221184 bytes
Created: 03/10/2006
Modified: 03/10/2006
Company: Macrovision Corporation
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
282624 bytes
Created: 16/02/2007
Modified: 16/02/2007
Company: Apple Computer, Inc.
--------------------
Value Name: Streams Drivers
Value Data: C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe
59124 bytes
Created: 25/02/2008
Modified: 25/02/2008
Company:
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe appears to be in-use/locked
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe - this registry value has been removed
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe - running process located and terminated
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe - file ownership assigned to: PC-de-Zoé\Zoé
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe - running process located and terminated
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe - file backed up to C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe.vir
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe - file has been neutralised
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe - marked for renaming when the PC is restarted
--------------------
Value Name: runner1
Value Data: C:\Windows\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC610826A656A0AEDE604D64C2661373FD13E0DCD66A47
C:\Windows\mrofinu1423.exe
-R- 37376 bytes
Created: 27/02/2008
Modified: 27/02/2008
Company:
C:\Windows\mrofinu1423.exe appears to contain: DOWNLOADER (HEURISTIC DETECTION)
C:\Windows\mrofinu1423.exe 61A847B5BBF7281336993B466188719AB689201522886B092CBD44BD8689220221DD325762EA4EBF968951185EFC610826A656A0AEDE604D64C2661373FD13E0DCD66A47 - this registry value has been removed
C:\Windows\mrofinu1423.exe - running process located and terminated
C:\Windows\mrofinu1423.exe - READ-ONLY file attribute removed
C:\Windows\mrofinu1423.exe - file renamed to: C:\Windows\mrofinu1423.exe.vir
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
863824 bytes
Created: 28/02/2008
Modified: 24/02/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
171448 bytes
Created: 05/07/2007
Modified: 05/07/2007
Company: Google Inc.
--------------------
Value Name: JavaCore
Value Data: C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\JavaCore\JavaCore.exe
144896 bytes
Created: 27/02/2008
Modified: 27/02/2008
Company:
--------------------
Value Name: NoDNS
Value Data: C:\Program Files\\NoDNS\\NoDNS.exe
C:\Program Files\\NoDNS\\NoDNS.exe
102400 bytes
Created: 27/02/2008
Modified: 27/02/2008
Company:
--------------------
Value Name: WinTouch
Value Data: C:\Users\Zoé\AppData\Roaming\WinTouch\WinTouch.exe
C:\Users\Zoé\AppData\Roaming\WinTouch\WinTouch.exe
181760 bytes
Created: 27/02/2008
Modified: 27/02/2008
Company:
--------------------
Value Name: SfKg6w
Value Data: C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\rayiou.exe
C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\rayiou.exe
35840 bytes
Created: 27/02/2008
Modified: 27/02/2008
Company:
C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\rayiou.exe appears to be in-use/locked
C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\rayiou.exe - this registry value has been removed
C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\rayiou.exe - running process located and terminated
C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\rayiou.exe - file ownership assigned to: PC-de-Zoé\Zoé
C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\rayiou.exe - running process located and terminated
C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\rayiou.exe - file backed up to C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\rayiou.exe.vir
C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\rayiou.exe - file has been neutralised
C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\rayiou.exe - marked for renaming when the PC is restarted
--------------------
Value Name: Ieuu
Value Data: "C:\Users\ZO7369~1\AppData\Roaming\ASEMBL~1\alg.exe" -vt yazb
C:\Users\ZO7369~1\AppData\Roaming\ASEMBL~1\alg.exe
-RHS- 68608 bytes
Created: 27/02/2008
Modified: 27/02/2008
Company:
C:\Users\ZO7369~1\AppData\Roaming\ASEMBL~1\alg.exe" -vt yazb - this registry value has been removed
C:\Users\ZO7369~1\AppData\Roaming\ASEMBL~1\alg.exe - process is either not running or could not be terminated
C:\Users\ZO7369~1\AppData\Roaming\ASEMBL~1\alg.exe - READ-ONLY, HIDDEN and SYSTEM file attributes removed
C:\Users\ZO7369~1\AppData\Roaming\ASEMBL~1\alg.exe - file renamed to: C:\Users\ZO7369~1\AppData\Roaming\ASEMBL~1\alg.exe.vir
--------------------
Value Name: Zbvttzi
Value Data: C:\Windows\System32\?ecurity\r?gsvr32.exe
C:\Windows\System32\?ecurity\r?gsvr32.exe - this registry value has been removed [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty

**************************************************
00:42:56: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

**************************************************
00:42:56: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
00:42:56: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\Windows\system32\scrnsave.scr
C:\Windows\system32\scrnsave.scr
10240 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
--------------------

**************************************************
00:42:57: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

**************************************************
00:42:57: Scanning ----- SERVICEDLL REGISTRY KEYS -----

**************************************************
00:43:00: Scanning ----- SERVICES REGISTRY KEYS -----
Key: adpu160m
ImagePath: \SystemRoot\system32\drivers\adpu160m.sys
C:\Windows\system32\drivers\adpu160m.sys
98408 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Adaptec, Inc.
----------
Key: agp440
ImagePath: \SystemRoot\system32\drivers\agp440.sys
C:\Windows\system32\drivers\agp440.sys
53864 bytes
Created: 02/11/2006
Modified: 25/03/2007
Company: Microsoft Corporation
----------
Key: AmdK8
ImagePath: system32\DRIVERS\amdk8.sys
C:\Windows\system32\DRIVERS\amdk8.sys
40960 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------
Key: aswMonFlt
ImagePath: system32\DRIVERS\aswMonFlt.sys
C:\Windows\system32\DRIVERS\aswMonFlt.sys
45648 bytes
Created: 16/05/2007
Modified: 04/12/2007
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
17272 bytes
Created: 05/01/2008
Modified: 04/12/2007
Company: ALWIL Software
----------
Key: AtiPcie
ImagePath: system32\DRIVERS\AtiPcie.sys
C:\Windows\system32\DRIVERS\AtiPcie.sys
8192 bytes
Created: 24/03/2007
Modified: 30/10/2006
Company: ATI Technologies Inc.
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
140664 bytes
Created: 05/01/2008
Modified: 04/12/2007
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
247160 bytes
Created: 05/01/2008
Modified: 04/12/2007
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
345464 bytes
Created: 05/01/2008
Modified: 04/12/2007
Company: ALWIL Software
----------
Key: BCM43XX
ImagePath: system32\DRIVERS\bcmwl6.sys
C:\Windows\system32\DRIVERS\bcmwl6.sys
534016 bytes
Created: 25/03/2007
Modified: 18/11/2006
Company: Broadcom Corporation
----------
Key: bcm4sbxp
ImagePath: system32\DRIVERS\bcm4sbxp.sys
C:\Windows\system32\DRIVERS\bcm4sbxp.sys
45056 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Broadcom Corporation
----------
Key: blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key: catchme
ImagePath: \??\C:\Users\ZO7369~1\AppData\Local\Temp\catchme.sys - this file is globally excluded
----------
Key: DLABMFSM
ImagePath: System32\DLA\DLABMFSM.SYS
C:\Windows\System32\DLA\DLABMFSM.SYS
35096 bytes
Created: 24/03/2007
Modified: 18/08/2006
Company: Roxio
----------
Key: DLABOIOM
ImagePath: System32\DLA\DLABOIOM.SYS
C:\Windows\System32\DLA\DLABOIOM.SYS
32472 bytes
Created: 24/03/2007
Modified: 18/08/2006
Company: Roxio
----------
Key: DLACDBHM
ImagePath: System32\Drivers\DLACDBHM.SYS
C:\Windows\System32\Drivers\DLACDBHM.SYS
12920 bytes
Created: 24/03/2007
Modified: 11/08/2006
Company: Roxio
----------
Key: DLADResM
ImagePath: System32\DLA\DLADResM.SYS
C:\Windows\System32\DLA\DLADResM.SYS
9432 bytes
Created: 24/03/2007
Modified: 18/08/2006
Company: Roxio
----------
Key: DLAIFS_M
ImagePath: System32\DLA\DLAIFS_M.SYS
C:\Windows\System32\DLA\DLAIFS_M.SYS
104472 bytes
Created: 24/03/2007
Modified: 18/08/2006
Company: Roxio
----------
Key: DLAOPIOM
ImagePath: System32\DLA\DLAOPIOM.SYS
C:\Windows\System32\DLA\DLAOPIOM.SYS
26008 bytes
Created: 24/03/2007
Modified: 18/08/2006
Company: Roxio
----------
Key: DLAPoolM
ImagePath: System32\DLA\DLAPoolM.SYS
C:\Windows\System32\DLA\DLAPoolM.SYS
14520 bytes
Created: 24/03/2007
Modified: 18/08/2006
Company: Roxio
----------
Key: DLARTL_M
ImagePath: System32\Drivers\DLARTL_M.SYS
C:\Windows\System32\Drivers\DLARTL_M.SYS
28184 bytes
Created: 24/03/2007
Modified: 11/08/2006
Company: Roxio
----------
Key: DLAUDFAM
ImagePath: System32\DLA\DLAUDFAM.SYS
C:\Windows\System32\DLA\DLAUDFAM.SYS
94648 bytes
Created: 24/03/2007
Modified: 18/08/2006
Company: Roxio
----------
Key: DLAUDF_M
ImagePath: System32\DLA\DLAUDF_M.SYS
C:\Windows\System32\DLA\DLAUDF_M.SYS
97848 bytes
Created: 24/03/2007
Modified: 18/08/2006
Company: Roxio
----------
Key: DRVMCDB
ImagePath: System32\Drivers\DRVMCDB.SYS
C:\Windows\System32\Drivers\DRVMCDB.SYS
99176 bytes
Created: 24/03/2007
Modified: 21/07/2006
Company: Sonic Solutions
----------
Key: DRVNDDM
ImagePath: System32\Drivers\DRVNDDM.SYS
C:\Windows\System32\Drivers\DRVNDDM.SYS
51768 bytes
Created: 24/03/2007
Modified: 11/08/2006
Company: Roxio
----------
Key: DSBrokerService
ImagePath: "C:\Program Files\DellSupport\brkrsvc.exe"
C:\Program Files\DellSupport\brkrsvc.exe
70656 bytes
Created: 07/11/2006
Modified: 07/11/2006
Company:
----------
Key: DSproct
ImagePath: \??\C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys
4736 bytes
Created: 05/10/2006
Modified: 05/10/2006
Company: Gteko Ltd.
----------
Key: dsunidrv
ImagePath: \??\C:\Program Files\DellSupport\Drivers\dsunidrv.sys
C:\Program Files\DellSupport\Drivers\dsunidrv.sys
-S- 7424 bytes
Created: 17/08/2006
Modified: 17/08/2006
Company: Gteko Ltd.
----------
Key: e1express
ImagePath: system32\DRIVERS\e1e6032.sys
C:\Windows\system32\DRIVERS\e1e6032.sys
200704 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Intel Corporation
----------
Key: GoogleDesktopManager
ImagePath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe"
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
1831936 bytes
Created: 24/03/2007
Modified: 16/05/2007
Company: Google
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
138168 bytes
Created: 05/07/2007
Modified: 05/07/2007
Company: Google
----------
Key: HSF_DPV
ImagePath: system32\DRIVERS\HSX_DPV.sys
C:\Windows\system32\DRIVERS\HSX_DPV.sys
986624 bytes
Created: 25/03/2007
Modified: 12/11/2006
Company: Conexant Systems, Inc.
----------
Key: HSXHWAZL
ImagePath: system32\DRIVERS\HSXHWAZL.sys
C:\Windows\system32\DRIVERS\HSXHWAZL.sys
206848 bytes
Created: 25/03/2007
Modified: 12/11/2006
Company: Conexant Systems, Inc.
----------
Key: IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
73728 bytes
Created: 22/10/2004
Modified: 22/10/2004
Company: Macrovision Corporation
----------
Key: IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key: iPod Service
ImagePath: "C:\Program Files\iPod\bin\iPodService.exe"
C:\Program Files\iPod\bin\iPodService.exe - this registry value has been removed [file not found to scan]
----------
Key: MREMP50
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS
19712 bytes
Created: 08/11/2007
Modified: 05/04/2007
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: MREMP50a64
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS
C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS - this registry value has been removed [file not found to scan]
----------
Key: MRESP50
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS
18304 bytes
Created: 08/11/2007
Modified: 05/04/2007
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: MRESP50a64
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS
C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS - this registry value has been removed [file not found to scan]
----------
Key: ntrigdigi
ImagePath: \SystemRoot\system32\drivers\ntrigdigi.sys
C:\Windows\system32\drivers\ntrigdigi.sys
20608 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: N-trig Innovative Technologies
----------
Key: NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key: NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key: ohci1394
ImagePath: \SystemRoot\system32\drivers\ohci1394.sys
C:\Windows\system32\drivers\ohci1394.sys
62080 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------
Key: Parport
ImagePath: \SystemRoot\system32\drivers\parport.sys
C:\Windows\system32\drivers\parport.sys
79360 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------
Key: Parvdm
ImagePath: \SystemRoot\system32\drivers\parvdm.sys
C:\Windows\system32\drivers\parvdm.sys
8704 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------
Key: PxHelp20
ImagePath: System32\Drivers\PxHelp20.sys
C:\Windows\System32\Drivers\PxHelp20.sys
43528 bytes
Created: 24/07/2006
Modified: 08/03/2007
Company: Sonic Solutions
----------
Key: ql2300
ImagePath: \SystemRoot\system32\drivers\ql2300.sys
C:\Windows\system32\drivers\ql2300.sys
900712 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: QLogic Corporation
----------
Key: ql40xx
ImagePath: \SystemRoot\system32\drivers\ql40xx.sys
C:\Windows\system32\drivers\ql40xx.sys
106088 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: QLogic Corporation
----------
Key: rimmptsk
ImagePath: system32\DRIVERS\rimmptsk.sys
C:\Windows\system32\DRIVERS\rimmptsk.sys
32256 bytes
Created: 25/03/2007
Modified: 20/11/2006
Company: REDC
----------
Key: rimsptsk
ImagePath: \SystemRoot\system32\drivers\rimsptsk.sys
C:\Windows\system32\drivers\rimsptsk.sys
43520 bytes
Created: 25/03/2007
Modified: 20/11/2006
Company: REDC
----------
Key: rismxdp
ImagePath: \SystemRoot\system32\drivers\rixdptsk.sys
C:\Windows\system32\drivers\rixdptsk.sys
37376 bytes
Created: 25/03/2007
Modified: 20/11/2006
Company: REDC
----------
Key: RoxMediaDB9
ImagePath: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
880640 bytes
Created: 05/11/2006
Modified: 05/11/2006
Company: Sonic Solutions
----------
Key: RoxWatch9
ImagePath: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
159744 bytes
Created: 05/11/2006
Modified: 05/11/2006
Company: Sonic Solutions
----------
Key: Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\Windows\system32\drivers\serenum.sys
17920 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\system32\drivers\serial.sys
83456 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------
Key: sffdisk
ImagePath: system32\DRIVERS\sffdisk.sys
C:\Windows\system32\DRIVERS\sffdisk.sys
13312 bytes
Created: 18/06/2007
Modified: 18/06/2007
Company: Microsoft Corporation
----------
Key: sffp_sd
ImagePath: system32\DRIVERS\sffp_sd.sys
C:\Windows\system32\DRIVERS\sffp_sd.sys
12800 bytes
Created: 18/06/2007
Modified: 18/06/2007
Company: Microsoft Corporation
----------
Key: sisagp
ImagePath: \SystemRoot\system32\drivers\sisagp.sys
C:\Windows\system32\drivers\sisagp.sys
53352 bytes
Created: 02/11/2006
Modified: 25/03/2007
Company: Microsoft Corporation
----------
Key: STHDA
ImagePath: system32\drivers\stwrt.sys
C:\Windows\system32\drivers\stwrt.sys
647680 bytes
Created: 24/03/2007
Modified: 08/02/2007
Company: SigmaTel, Inc.
----------
Key: stllssvr
ImagePath: "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
73728 bytes
Created: 14/09/2006
Modified: 14/09/2006
Company: MicroVision Development, Inc.
----------
Key: SynTP
ImagePath: system32\DRIVERS\SynTP.sys
C:\Windows\system32\DRIVERS\SynTP.sys
179256 bytes
Created: 25/03/2007
Modified: 20/11/2006
Company: Synaptics, Inc.
----------
Key: uagp35
ImagePath: \SystemRoot\system32\drivers\uagp35.sys
C:\Windows\system32\drivers\uagp35.sys
56936 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------
Key: USB_RNDIS
ImagePath: system32\DRIVERS\usb8023.sys
C:\Windows\system32\DRIVERS\usb8023.sys
14848 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: viaide
ImagePath: \SystemRoot\system32\drivers\viaide.sys
C:\Windows\system32\drivers\viaide.sys
17512 bytes
Created: 02/11/2006
Modified: 25/03/2007
Company: VIA Technologies, Inc.
----------
Key: winachsf
ImagePath: system32\DRIVERS\HSX_CNXT.sys
C:\Windows\system32\DRIVERS\HSX_CNXT.sys
659968 bytes
Created: 25/03/2007
Modified: 12/11/2006
Company: Conexant Systems, Inc.
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: wltrysvc
ImagePath: %SystemRoot%\System32\WLTRYSVC.EXE %SystemRoot%\System32\bcmwltry.exe
C:\Windows\System32\WLTRYSVC.EXE
24064 bytes
Created: 24/03/2007
Modified: 18/11/2006
Company:
----------
Key: XAudio
ImagePath: system32\DRIVERS\xaudio.sys
C:\Windows\system32\DRIVERS\xaudio.sys
8192 bytes
Created: 25/03/2007
Modified: 12/11/2006
Company: Conexant Systems, Inc.
----------
Key: XAudioService
ImagePath: %SystemRoot%\system32\DRIVERS\xaudio.exe
C:\Windows\system32\DRIVERS\xaudio.exe
386560 bytes
Created: 25/03/2007
Modified: 12/11/2006
Company: Conexant Systems, Inc.
----------

**************************************************
00:43:44: Scanning -----VXD ENTRIES-----

**************************************************
00:43:44: Scanning ----- WINLOGON\NOTIFY DLLS -----
No WINLOGON\NOTIFY DLLs found to scan

**************************************************
00:43:44: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
75128 bytes
Created: 05/01/2008
Modified: 04/12/2007
Company: ALWIL Software
----------
Key: BriefcaseMenu
CLSID: {85BBD920-42A0-1069-A2E4-08002B30309D}
Path: syncui.dll
C:\Windows\system32\syncui.dll
175616 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------
Key: Open With
CLSID: {09799AFB-AD67-11d1-ABCD-00C04FC30936}
Path: %SystemRoot%\system32\shell32.dll
C:\Windows\system32\shell32.dll
11315200 bytes
Created: 28/08/2007
Modified: 28/08/2007
Company: Microsoft Corporation
----------
Key: Open With EncryptionMenu
CLSID: {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Path: %SystemRoot%\system32\shell32.dll
C:\Windows\system32\shell32.dll
11315200 bytes
Created: 28/08/2007
Modified: 28/08/2007
Company: Microsoft Corporation
----------
Key: Sharing
CLSID: {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
Path: ntshrui.dll
C:\Windows\system32\ntshrui.dll
296448 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\PROGRA~1\TROJAN~1\Trshlex.dll
C:\PROGRA~1\TROJAN~1\Trshlex.dll
467552 bytes
Created: 28/02/2008
Modified: 05/02/2007
Company: Simply Super Software
----------
Key: WinRAR
CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Path: C:\Program Files\WinRAR\rarext.dll
C:\Program Files\WinRAR\rarext.dll
128512 bytes
Created: 16/06/2007
Modified: 22/05/2007
Company:
----------
Key: {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Path: %SystemRoot%\system32\shell32.dll
C:\Windows\system32\shell32.dll
11315200 bytes
Created: 28/08/2007
Modified: 28/08/2007
Company: Microsoft Corporation
----------

**************************************************
00:43:45: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {0561EC90-CE54-4f0c-9C55-E226110A740C}
File: [CLSID does not appear to reference a file]
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
110592 bytes
Created: 14/12/2004
Modified: 14/12/2004
Company: Adobe Systems, Inc.
----------

**************************************************
00:43:45: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
436288 bytes
Created: 27/02/2008
Modified: 29/11/2006
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
63128 bytes
Created: 12/01/2006
Modified: 12/01/2006
Company: Adobe Systems Incorporated
----------
Key: {22BF413B-C6D2-4d91-82A9-A0F997BA588C}
BHO: C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
722472 bytes
Created: 13/04/2007
Modified: 30/03/2007
Company: Skype Technologies S.A.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
509592 bytes
Created: 17/10/2007
Modified: 14/06/2007
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar2.dll
c:\program files\google\googletoolbar2.dll
-R- 2436160 bytes
Created: 05/07/2007
Modified: 05/07/2007
Company: Google Inc.
----------
Key: {CA6319C0-31B7-401E-A518-A07C3DB8F777}
BHO: C:\Program Files\BAE\BAE.dll
C:\Program Files\BAE\BAE.dll
98304 bytes
Created: 24/03/2007
Modified: 17/11/2006
Company: Dell Inc.
----------

**************************************************
00:43:45: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: C:\Windows\system32\webcheck.dll
C:\Windows\system32\webcheck.dll
232960 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------

**************************************************
00:43:46: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value: {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment: Component Categories cache daemon
File: %SystemRoot%\system32\browseui.dll
C:\Windows\system32\browseui.dll
1321472 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------

**************************************************
00:43:46: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
00:43:46: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL]
File: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
144896 bytes
Created: 24/03/2007
Modified: 16/05/2007
Company: Google
----------

**************************************************
00:43:46: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: credssp.dll
C:\Windows\system32\credssp.dll
15360 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
----------

**************************************************
00:43:47: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 02/11/2006
Modified: 29/08/2007
Company:
--------------------
C:\Program Files\Digital Line Detect\DLG.exe
50688 bytes
Created: 24/03/2007
Modified: 03/11/2006
Company: Avanquest Software
Digital Line Detect.lnk - links to C:\Program Files\Digital Line Detect\DLG.exe
--------------------
C:\Windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
-R- 45056 bytes
Created: 24/03/2007
Modified: 24/03/2007
Company: InstallShield Software Corp.
QuickSet.lnk - links to C:\Windows\Installer\{53A01CC6-14B0-4512-A2E7-10D39BF83DC4}\NewShortcut2_53A01CC614B04512A2E710D39BF83DC4.exe
--------------------

**************************************************
00:43:47: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: Zoé
[C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\Zoé\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 04/04/2007
Modified: 29/08/2007
Company:
----------
--------------------

**************************************************
00:43:47: Scanning ----- SCHEDULED TASKS -----
Taskname: User_Feed_Synchronization-{F2A9B1AA-0315-4997-89B1-7DDDD599A4FC}.job
File: C:\Windows\system32\msfeedssync.exe
C:\Windows\system32\msfeedssync.exe
12288 bytes
Created: 02/11/2006
Modified: 02/11/2006
Company: Microsoft Corporation
Parameters: sync
Next Run Time: 28/02/2008 00:45:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Zoé
Comments: Updates out-of-date system feeds.
----------

**************************************************
00:43:48: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
---------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\Zoé\Pictures\Photos Will\03.Laos (Août 2001)\Numérique\05.08.01 KuangSi08.jpg
C:\Users\Zoé\Pictures\Photos Will\03.Laos (Août 2001)\Numérique\05.08.01 KuangSi08.jpg
62319 bytes
Created: 13/04/2007
Modified: 18/08/2001
Company:
----------
Additional file checks completed
---------

**************************************************
00:43:48: Scanning ------ %TEMP% DIRECTORY ------
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe
59124 bytes
Created: 25/02/2008
Modified: 28/02/2008
Company:
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe appears to contain: TRASHED.FILE
Previously renamed file C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe.vir has been deleted
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe - running process located and terminated
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe - file renamed to: C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe.vir
--------------------

**************************************************
00:43:54: Scanning ----- RUNNING PROCESSES -----
[Only loaded modules not scanned already
during this scan will be scanned here]

C:\Windows\System32\smss.exe
[1 loaded module]
--------------------
C:\Windows\system32\csrss.exe
[13 loaded modules in total]
--------------------
C:\Windows\system32\wininit.exe
[29 loaded modules in total]
--------------------
C:\Windows\system32\csrss.exe
[13 loaded modules in total]
--------------------
C:\Windows\system32\winlogon.exe
[29 loaded modules in total]
--------------------
C:\Windows\system32\services.exe
[32 loaded modules in total]
--------------------
C:\Windows\system32\lsass.exe
[60 loaded modules in total]
--------------------
C:\Windows\system32\lsm.exe
[31 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[43 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[42 loaded modules in total]
--------------------
C:\Windows\System32\svchost.exe
[49 loaded modules in total]
--------------------
C:\Windows\system32\Ati2evxx.exe
[25 loaded modules in total]
--------------------
C:\Windows\System32\svchost.exe
[63 loaded modules in total]
--------------------
C:\Windows\System32\svchost.exe
[112 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[151 loaded modules in total]
--------------------
C:\Windows\system32\SLsvc.exe
[22 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[78 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[88 loaded modules in total]
--------------------
C:\Windows\system32\Ati2evxx.exe
[33 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[24 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe
[72 loaded modules in total]
--------------------
C:\Windows\system32\Dwm.exe
[37 loaded modules in total]
--------------------
C:\Windows\Explorer.EXE
[126 loaded modules in total]
--------------------
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
[32 loaded modules in total]
--------------------
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
[26 loaded modules in total]
--------------------
C:\Windows\System32\WLTRAY.EXE
[46 loaded modules in total]
--------------------
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
[18 loaded modules in total]
--------------------
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[120 loaded modules in total]
--------------------
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
[42 loaded modules in total]
--------------------
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[83 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[75 loaded modules in total]
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
[37 loaded modules in total]
--------------------
C:\Program Files\JavaCore\JavaCore.exe
[38 loaded modules in total]
--------------------
C:\Users\Zoé\AppData\Roaming\WinTouch\WinTouch.exe
[67 loaded modules in total]
--------------------
C:\Users\Zoé\AppData\Roaming\a?sembly\alg.exe
[48 loaded modules in total]
--------------------
C:\Windows\System32\?ecurity\r?gsvr32.exe
[90 loaded modules in total]
--------------------
C:\Program Files\Digital Line Detect\DLG.exe
[26 loaded modules in total]
--------------------
C:\Program Files\Dell\QuickSet\quickset.exe
[77 loaded modules in total]
--------------------
C:\Windows\System32\spoolsv.exe
[79 loaded modules in total]
--------------------
C:\Windows\system32\taskeng.exe
[81 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[57 loaded modules in total]
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
[131 loaded modules in total]
--------------------
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[41 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[40 loaded modules in total]
--------------------
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
[58 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[46 loaded modules in total]
--------------------
C:\Windows\System32\svchost.exe
[6 loaded modules in total]
--------------------
C:\Windows\system32\SearchIndexer.exe
[63 loaded modules in total]
--------------------
C:\Windows\system32\DRIVERS\xaudio.exe
[19 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[60 loaded modules in total]
--------------------
C:\Windows\system32\wbem\wmiprvse.exe
[32 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[46 loaded modules in total]
--------------------
C:\Windows\system32\taskeng.exe
[49 loaded modules in total]
--------------------
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
[51 loaded modules in total]
--------------------
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
[26 loaded modules in total]
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
[100 loaded modules in total]
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[81 loaded modules in total]
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
[58 loaded modules in total]
--------------------
C:\Windows\system32\wbem\unsecapp.exe
[29 loaded modules in total]
--------------------
C:\Windows\system32\SearchProtocolHost.exe
[60 loaded modules in total]
--------------------
C:\Windows\system32\wuauclt.exe
[37 loaded modules in total]
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 2511424
[This is a Trojan Remover component]
[40 loaded modules in total]
--------------------
C:\Windows\system32\conime.exe
[21 loaded modules in total]
--------------------

**************************************************
00:45:38: Checking HOSTS file
No malicious entries were found in the HOSTS file

**************************************************
00:45:38: ------ Scan for other files to remove ------
No malware-related files found to remove

**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\windows\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

**************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 28/02/2008 00:45:38
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
28/02/2008 00:45:45: restart commenced
********************************************************



Une autre fenêtre s'est ouverte disant:
the registry winlogon userinit entry loads this file:
C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe
a file with this name "has not been" found (it may be hidden)

the file is called from the following registry key:
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\"Userinit"
the reference may be loading hidden malware

you should run trojen remover after this scan has been completed to check this entry. If you have already done so and do not want to see this alert again, select the exclude option

ensuite, il faut choisir: continue, exclude, stop scan
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 46
Utilisateur anonyme
28 févr. 2008 à 01:02
Continue

Une fois terminé, relancer la machine et remettre un log hitjackthis
0
Réponse 26 / 46
zoomie
28 févr. 2008 à 01:24
J'en suis à mon quatrième (ou cinquième) redémarrage, après lequel fastscan se relance. Il me propose la meme chose que ce que j'ai copié plus haut, je dit continue et il continue l'analyse. Lorsqu'il termine, je fait redemarrer...
Je continue?
0
Réponse 27 / 46
Utilisateur anonyme
28 févr. 2008 à 01:29
Stop scan et log hitjackthis
0
Réponse 28 / 46
zoomie
28 févr. 2008 à 01:31
Voici le rapport:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:29:44, on 28/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Users\Zoé\AppData\Roaming\WinTouch\WinTouch.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKCU\..\Run: [WinTouch] C:\Users\Zoé\AppData\Roaming\WinTouch\WinTouch.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 29 / 46
Utilisateur anonyme
28 févr. 2008 à 01:33
Ha cette Zoé

Ca, ça te dit quelque chose?
0
zoomie
28 févr. 2008 à 01:35
?
0
Utilisateur anonyme > zoomie
28 févr. 2008 à 01:36
Excuse moi

ça WinTouch.exe
0
zoomie > Utilisateur anonyme
28 févr. 2008 à 01:39
ca doit me dire quelque chose?
0
Réponse 30 / 46
Utilisateur anonyme
28 févr. 2008 à 01:42
Non pas forcément.

On termine c'est la fin ou on termine demain (moi ça ne me pose pas de problème pour finir, il n'y en a plus pour longtemps).?

Il faudra désinstaller l'outil TROJAN REMOVER. Mais après
0
Réponse 31 / 46
zoomie
28 févr. 2008 à 01:45
S'il y en a plus pour longtemps, ca me va de finir maintenant. Merci beaucoup en tout cas d'ecourter ta nuit a cause de moi.
Bon, ca devrait me dire quoi ce truc? Je suis VRAIMENT nulle en informatique, et je comprends vraiment rien en dehors de word...
0
Réponse 32 / 46
Utilisateur anonyme
28 févr. 2008 à 01:50
Relance Hitjackthis

Fixe ces lignes

O2 - BHO: (no name) - {64F56FC1-1272-44CD-BA6E-39723696E350} - (no file)

O4 - HKCU\..\Run: [WinTouch] C:\Users\Zoé\AppData\Roaming\WinTouch\WinTouch.exe

Pour fixer, cocher la petite case à gauche de chaque ligne

Cliquer sur le bouton Fixe Checked.

Refais log pour verifier.
0
Réponse 33 / 46
zoomie
28 févr. 2008 à 01:53
voici le rapport (pour changer, je comprends rien!)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:51:13, on 28/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0
Réponse 34 / 46
Utilisateur anonyme
28 févr. 2008 à 01:57
Ok c'est bon

C'est bientot la fin

OteMoveIt

• Télécharger ici http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
• L'installer sur le bureau
• Le lancer.
• S'Assurer que la case "Unregister Dll's and Ocx's" soit bien cochée.
• Copier/Coller les lignes ci-dessous en gras de OTMoveIt nommé
Paste Standard List of Files/Folders to move.

C:\Users\Zoé\AppData\Roaming\WinTouch\WinTouch.exe

• Click sur MoveIt! pour lancer la suppression.
• Si OTMoveIt propose de redémarrer le PC, accepter !
• Lorsque un résultat apparaît dans le cadre Results, click sur Exit.
• Copier/Coller sur le forum le rapport de OTMoveIt situé sur C:\_OTMoveIt\MovedFiles.
0
Réponse 35 / 46
zoomie
28 févr. 2008 à 02:00
C'est ca le rapport?

C:\Users\Zoé\AppData\Roaming\WinTouch\WinTouch.exe moved successfully.

OTMoveIt2 v1.0.20 log created on 02282008_015743
0
Réponse 36 / 46
Utilisateur anonyme
28 févr. 2008 à 02:02
Oui. Et je le trouve super :-)

Trojan Remover est désinstallé?
0
Réponse 37 / 46
zoomie
28 févr. 2008 à 02:05
Ca y est, oui
0
Réponse 38 / 46
Utilisateur anonyme
28 févr. 2008 à 02:13
Bon on termine

Un petit coup de CCLeaner (voir première manip sans le réinstaller) Tu pourras le garder celui là car il te permettra de faire le ménage dans ta base de registre

Relance la machine pour vérifier

Re poste un log Hitjackthis

Ensuite suit à la lettre cette procédure http://www.vista-xp.fr/forum/topic243.html

Puis celle ci pour activer le pare-feu (Tu n'as pas de pare feu et c'est pas bien)

Et ce sera fini.

Dis moi comment va le PC après tout ça.
0
Réponse 39 / 46
Utilisateur anonyme
28 févr. 2008 à 02:17
Encore un petit conseil

Desinstalle AVAST, il n'est plus dans le coup

Tu peux installer ANTIVIR (gratuit)
Ou G-DATA (payant 40 €)

Il faut installer aussi un anti malware
Tu as AVGAS AntySpyware (gratuit)

Ma config

LIVE BOX PRO avec pare-feu intégré (Si tu as une xxxBOX tu as certainement un pare-feu intégré)
Pare-Feu windows
AVGAS AntySpyware
G-DATA
0
Réponse 40 / 46
zoomie
28 févr. 2008 à 02:27
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 02:22:22, on 28/02/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Windows\System32\WLTRAY.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\JavaCore\JavaCore.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe,C:\Users\ZO7369~1\AppData\Local\Temp\winlogon.exe
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\Windows\system32\WLTRAY.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [PDVDDXSrv] "C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [ECenter] c:\dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [ISUSPM Startup] c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [JavaCore] C:\Program Files\JavaCore\JavaCore.exe
O4 - HKCU\..\Run: [NoDNS] C:\Program Files\\NoDNS\\NoDNS.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: QuickSet.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\PROGRA~1\Skype\Phone\IEPlugin\SKYPEI~1.DLL
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: GoogleDesktopManager - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
symboles et écritures pour nick msn
Pando -
roro -

20 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
Peut on retrouver des conversations MSN?
Moi51 -
benzar -

36 réponses