Rapport Hijack this

Résolu
Maxx -  
 Utilisateur anonyme -
Bonjour,

Mon ordi est infesté d'un virus. Voici le rapport Hijack this
Merdi de m'aider rapidement !

Logfile of Trend Micro HijackThis v2.0.0 (BETA)
Scan saved at 13:51:33, on 13/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\LManager.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
C:\WINDOWS\system32\ElkCtrl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\DOCUME~1\Autre\LOCALS~1\Temp\RtkBtMnt.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\WinRAR\WinRAR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Autre\Bureau\HiJackThis_v2.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {9B698AF6-C528-4CBB-A89D-13CC6A5FA74B} - C:\WINDOWS\system32\jkkjh.dll
O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\system32\pmnljkl.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [BM0a6725ef] Rundll32.exe "C:\WINDOWS\system32\clpagtmx.dll",s
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [MalwareAlarm] C:\Program Files\MalwareAlarm\MalwareAlarm.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O20 - Winlogon Notify: pmnljkl - C:\WINDOWS\SYSTEM32\pmnljkl.dll
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 12742 bytes
Configuration: Windows XP
Internet Explorer 6.0

46 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Une machine Windows XP est infectée par un virus et le diagnostic passe par l'analyse du rapport HijackThis pour repérer les éléments douteux et évaluer les programmes lancés automatiquement et les services suspects. Des conseils centraux recommandent d'exécuter des outils de contrôle et de suppression comme Combofix et VundoFix, de temporairement désactiver l'antivirus pour le scan et d’employer OTMoveIt pour déplacer les fichiers malveillants. D'autres réponses évoquent l'importance de créer des sauvegardes et de redémarrer en mode sans échec, puis de supprimer des entrées deRun et des services agressifs pour stabiliser le système. Dans ce contexte, des liens vers des tutoriels et des outils externes sont cités, et la vérification par un nouveau rapport après intervention est recommandée.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. Powax Messages postés 570 Statut Membre 92
     
    Bonjour,

    1) tu n'as pas de pare-feu actif (celui de windows ne compte pas)

    => télécharge et installe: http://www.commentcamarche.net/telecharger/telecharger 206 kerio

    2) Télécharge Combofix.exe sur ton Bureau: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    * Déconnecte-toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
    * Double clique sur Combofix.exe
    * Mets le en langue française F
    * Tape sur la touche 1 (Yes) pour démarrer le scan
    * Lorsque le scan sera terminé, un rapport apparaîtra
    * Poste le rapport sauvegardé: C:\Combofix.txt

    3) Télécharge VundoFix: http://www.atribune.org/ccount/click.php?id=4

    * Double-clique sur VundoFix.exe
    * Clique sur le bouton Scan for Vundo
    * Si le programme te demande de supprimer des fichiers, dis oui
    * Lorsque le programme a fini de scanner ton pc, il doit être éteint, redémarre le.
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt
    0
    1. Maxx
       
      Merci pour ces conseils...
      Je ne suis pas trè doué en informatique, comment est-ce que je peux désactiver mon antivirus ? Je ne sais même pas si j'en ai un !
      0
  2. Powax Messages postés 570 Statut Membre 92
     
    Si si tu en as un, c'est AVG Antivirus ;o)

    Démarrer << Programmes, tu ouvre l'interface de gestion et tu le désactive. Je ne peux pas être plus précis, dsl.
    0
  3. Maxx
     
    Quelle galère !
    Mon antivirus est bien AVG FREE EDITION !
    Je n'ai pas réussi à le désactivé alors je l'ai carrément désinstaller !
    J'avais déjà essayé Combofix avant, mais une fois le rapport apparu à l'écran, l'ordi à bugger et impossible de le conserver. J'ai arrêter mon ordi, je les redémarrer. J'ai refait Combifix, mais à chaque fois l'ordi bugg et le rapport n'est pas enregistré.
    Le dernier rapport beaucoup plus court que le premier indique :
    l'heure de l'horloge a été changé
    le fichier c:\windows\pskt.ini a été supprimé

    Est-ce que je dois maintenant lancer Vundofix ?
    0
  4. Powax Messages postés 570 Statut Membre 92
     
    Yep lance Vundo. Et réinstalle ton antivirus !!
    0
    1. Maxx
       
      Mon antivirus est réinstallé.
      Voici le rapport de vundofix :

      VundoFix V7.0.3

      Scan started at 21:04:35 16/03/2008

      Listing files found while scanning....

      C:\windows\system32\hjkkj.ini
      C:\windows\system32\hjkkj.ini2
      C:\windows\system32\jkkjh.dll

      VundoFix V7.0.3

      Scan started at 21:14:00 16/03/2008

      Listing files found while scanning....

      C:\windows\system32\hjkkj.ini
      C:\windows\system32\hjkkj.ini2
      C:\windows\system32\jkkjh.dll

      Beginning removal...

      Attempting to delete C:\windows\system32\hjkkj.ini
      C:\windows\system32\hjkkj.ini Has been deleted!

      Attempting to delete C:\windows\system32\hjkkj.ini2
      C:\windows\system32\hjkkj.ini2 Has been deleted!

      Attempting to delete C:\windows\system32\jkkjh.dll
      C:\windows\system32\jkkjh.dll Has been deleted!

      Performing Repairs to the registry.
      Done!

      VundoFix V7.0.3

      Scan started at 21:25:57 16/03/2008

      Listing files found while scanning....

      No infected files were found.


      VundoFix V7.0.3

      Scan started at 21:32:52 16/03/2008

      Listing files found while scanning....
      0
    2. Maxx
       
      Voici le rapport de combofix :

      ComboFix 08-03-10.1 - Autre 2008-03-13 17:28:13.3 - [color=red][b]FAT32[/b][/color]x86
      Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.509 [GMT 1:00]
      Endroit: C:\Documents and Settings\Autre\Bureau\ComboFix.exe

      [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
      .
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Powax Messages postés 570 Statut Membre 92
     
    Bonjour,

    le rapport ComboFix est incomplet ...

    Re-poste le en entier, ainsi qu'un nouveau rapport HiJackThis stp.
    0
    1. maxx
       
      Il n'y a rien de plus dans le rapport vundo ! Je n'ai peut-etre pas laissé le scan se faire totalement ?!

      Voici le rapport Hijackthis :

      Logfile of Trend Micro HijackThis v2.0.0 (BETA)
      Scan saved at 10:41, on 2008-03-17
      Platform: Windows XP SP2 (WinNT 5.01.2600)
      Boot mode: Normal

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      C:\Acer\Empowering Technology\admServ.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\eHome\ehRecvr.exe
      C:\WINDOWS\eHome\ehSched.exe
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      C:\WINDOWS\system32\nvsvc32.exe
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\ehome\mcrdsvc.exe
      C:\WINDOWS\system32\dllhost.exe
      C:\WINDOWS\System32\alg.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\WINDOWS\eHome\ehmsas.exe
      C:\Acer\Empowering Technology\eRecovery\Monitor.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Acer\Empowering Technology\admtray.exe
      C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
      C:\PROGRA~1\LAUNCH~1\LManager.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
      C:\WINDOWS\system32\ElkCtrl.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\Program Files\iPod\bin\iPodService.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\msnmsgr.exe
      C:\WINDOWS\system32\wbem\unsecapp.exe
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      C:\DOCUME~1\JULIEN~1\LOCALS~1\Temp\RtkBtMnt.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
      C:\PROGRA~1\Grisoft\AVG7\avgw.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe
      C:\WINDOWS\system32\csrss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\ehome\ehtray.exe
      C:\WINDOWS\eHome\ehmsas.exe
      C:\WINDOWS\RTHDCPL.EXE
      C:\Acer\Empowering Technology\eRecovery\Monitor.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Acer\Empowering Technology\admtray.exe
      C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      C:\WINDOWS\system32\rundll32.exe
      C:\WINDOWS\system32\RUNDLL32.EXE
      C:\DOCUME~1\Autre\LOCALS~1\Temp\RtkBtMnt.exe
      C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
      C:\PROGRA~1\LAUNCH~1\LManager.exe
      C:\WINDOWS\system32\LVCOMSX.EXE
      C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
      C:\WINDOWS\system32\ElkCtrl.exe
      C:\Program Files\QuickTime\qttask.exe
      C:\Program Files\iTunes\iTunesHelper.exe
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
      C:\Program Files\Spyware Doctor\pctsTray.exe
      C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
      C:\WINDOWS\system32\Rundll32.exe
      C:\WINDOWS\system32\ctfmon.exe
      C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
      C:\WINDOWS\system32\wuauclt.exe
      C:\WINDOWS\system32\wbem\unsecapp.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
      C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
      C:\Documents and Settings\Autre\Bureau\HiJackThis_v2.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
      C:\Program Files\Java\jre1.6.0_02\bin\jucheck.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
      R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
      R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
      O2 - BHO: (no name) - {16AC4674-1669-4010-B9B7-0D63B7569284} - C:\WINDOWS\system32\jkkjh.dll (file missing)
      O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
      O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\system32\pmnljkl.dll (file missing)
      O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
      O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
      O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
      O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
      O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
      O4 - HKLM\..\Run: [LaunchApp] Alaunch
      O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
      O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
      O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
      O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
      O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
      O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
      O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
      O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
      O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
      O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
      O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
      O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
      O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
      O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
      O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
      O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
      O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
      O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
      O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
      O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
      O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
      O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
      O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
      O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
      O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
      O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
      O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
      O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
      O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
      O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
      O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
      O4 - HKLM\..\Run: [BM0a6725ef] Rundll32.exe "C:\WINDOWS\system32\wcpomsll.dll",s
      O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
      O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
      O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
      O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
      O4 - HKUS\S-1-5-21-267051079-3657839205-3423815223-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Julien T')
      O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
      O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
      O4 - S-1-5-21-267051079-3657839205-3423815223-1005 Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Julien T')
      O4 - S-1-5-21-267051079-3657839205-3423815223-1005 User Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe (User 'Julien T')
      O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
      O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
      O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
      O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
      O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
      O20 - Winlogon Notify: pmnljkl - pmnljkl.dll (file missing)
      O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
      O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
      O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
      O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
      O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
      O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
      O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
      O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
      O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
      O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
      O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
      O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
      O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
      O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
      O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
      O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
      O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
      O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
      O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
      O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
      0
  7. Powax Messages postés 570 Statut Membre 92
     
    Reposte ce qui se trouve là: C:\Combofix.txt ;o)
    0
  8. Powax Messages postés 570 Statut Membre 92
     
    1) tu n'as toujours pas de pare-feu actif (celui de windows ne compte pas)

    => télécharge et installe: https://www.commentcamarche.net/telecharger/ 206 kerio

    2) tu as pas mal de programmes inutiles lancés par défaut au démarrage

    Démarrer << Exécuter, tape "msconfig"

    Dans l'onglet "Démarrage", décoche QuickTime, iTunesHelper, Adobe Reader, AdobeUpdater, Office, OpenOffice
    0
  9. Maxx
     
    Il n'y a que ça :

    ComboFix 08-03-10.1 - Autre 2008-03-13 17:28:13.3 - [color=red][b]FAT32[/b][/color]x86
    Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.509 [GMT 1:00]
    Endroit: C:\Documents and Settings\Autre\Bureau\ComboFix.exe

    [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
    .
    0
  10. Maxx
     
    Le pare-feu ne se trouve plus à la page indiquée.

    J'ai fait les chandements pour le démarrage, j'ai trouvé itunes Helper, Adobe reader et open office. Je crois avoir trouvé QuickTime, mais je n'ai pas trouvé Adobe Updater et Office.

    QuickTime c'est bien qttask c:\Program Files\Quic... ?

    Quand l'ordi s'est rallumé, il m'a demandé de rechanger, de reprendre le démarrage normal !
    0
    1. Powax Messages postés 570 Statut Membre 92
       
      J'avais mal copié le lien: http://www.commentcamarche.net/telecharger/telecharger 206 kerio

      En effet, QuickTime c'est bien qttask

      C'est normal qu'il te demande ce que tu veux faire au démarrage, choisis le démarrage sélectif pour qu'il prenne en compte tes modifs ;o)
      0
  11. Maxx
     
    Le pare-feu est installé.
    J'ai modifié le démarrage (sauf office et adobe updater).
    J'ai toujours des messages de présence du Trojan horse Generic 10.ASD !
    0
  12. Powax Messages postés 570 Statut Membre 92
     
    Fallait le dire plus tôt ... !

    Télécharge, installe et scanne : http://www.commentcamarche.net/telecharger/telecharger 34055042 trojan remover
    0
    1. maxx
       
      J'ai scanné avec Trojan remover, l'ordi à l'air moins lent... mais j'ai toujours un message de Sunbelt/Kerio : Tentative d'intrusion bloquée Intrus : c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe ! Il ne veut pas se fermer !
      Voici le rapport Trojan Remover :

      ***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
      18/03/2008 12:49:41: Trojan Remover has been restarted
      Unable to rename C:\WINDOWS\system32\jkkjh.dll to C:\WINDOWS\system32\jkkjh.dll.ren
      (C:\WINDOWS\system32\jkkjh.dll does not appear to exist)
      18/03/2008 12:49:41: Trojan Remover closed
      ************************************************************


      ***** NORMAL SCAN FOR ACTIVE MALWARE *****
      Trojan Remover Ver 6.5.9, Build 2457. For information, email simplysupsupport@aol.com
      [Unregistered version]
      Scan started at: 18/03/2008 12:45:01
      Using Database v6759
      Operating System: Windows XP Media Center Edition Service Pack 2 (Build 2600)
      Using data directory: C:\Documents and Settings\Julien T\Application Data\Simply Super Software\Trojan Remover\
      Logfile directory: C:\Documents and Settings\Julien T\Mes documents\Simply Super Software\Trojan Remover Logfiles\
      Running with Administrator privileges


      **************************************************
      Checking Registry exefile command for modifications
      Checking Registry comfile command for modifications
      Checking Registry piffile command for modifications
      Checking Registry batfile command for modifications
      Checking Registry regfile command for modifications
      Checking Registry cmdfile command for modifications
      Checking Registry scrfile command for modifications

      ******************************
      12:45:01: Scanning ----------WIN.INI-----------
      WIN.INI found in C:\WINDOWS

      ******************************
      12:45:01: Scanning --------SYSTEM.INI---------
      SYSTEM.INI found in C:\WINDOWS

      ******************************
      12:45:01: ----- SCANNING FOR ROOTKIT SERVICES -----
      No hidden Services were detected.

      ******************************
      12:45:04: Scanning -----WINDOWS REGISTRY-----
      --------------------
      Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
      This key's "Shell" value calls the following program(s):
      Explorer.exe - this entry has been left in place
      ----------
      This key's "Userinit" value calls the following program(s):
      C:\WINDOWS\system32\userinit.exe - this entry has been left in place
      ----------
      This key's "System" value appears to be blank
      ----------
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      --------------------
      Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      Value Name = load
      The Data Value for this entry appears to be blank
      --------------------
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      This Registry Key attempts to run the following program(s):
      Value Name = igfxtray
      Value Data = C:\WINDOWS\system32\igfxtray.exe - this command has been left in place
      --------------------
      Value Name = igfxhkcmd
      Value Data = C:\WINDOWS\system32\hkcmd.exe - this command has been left in place
      --------------------
      Value Name = igfxpers
      Value Data = C:\WINDOWS\system32\igfxpers.exe - this command has been left in place
      --------------------
      Value Name = ehTray
      Value Data = C:\WINDOWS\ehome\ehtray.exe - this command has been left in place
      --------------------
      Value Name = LaunchApp
      Value Data = Alaunch - this command has been left in place
      --------------------
      Value Name = RTHDCPL
      Value Data = RTHDCPL.EXE - this command has been left in place
      --------------------
      Value Name = SkyTel
      Value Data = SkyTel.EXE - this command has been left in place
      --------------------
      Value Name = Alcmtr
      Value Data = ALCMTR.EXE - this command has been left in place
      --------------------
      Value Name = AzMixerSel
      Value Data = C:\Program Files\Realtek\InstallShield\AzMixerSel.exe - this command has been left in place
      --------------------
      Value Name = SynTPEnh
      Value Data = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - this command has been left in place
      --------------------
      Value Name = ntiMUI
      Value Data = C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe - this command has been left in place
      --------------------
      Value Name = ADMTray.exe
      Value Data = C:\Acer\Empowering Technology\admtray.exe - this command has been left in place
      --------------------
      Value Name = eDataSecurity Loader
      Value Data = C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe - this command has been left in place
      --------------------
      Value Name = BluetoothAuthenticationAgent
      Value Data = rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent - this command has been left in place
      --------------------
      Value Name = IMJPMIG8.1
      Value Data = C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 - this command has been left in place
      --------------------
      Value Name = MSPY2002
      Value Data = C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC - this command has been left in place
      --------------------
      Value Name = PHIME2002ASync
      Value Data = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC - this command has been left in place
      --------------------
      Value Name = PHIME2002A
      Value Data = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName - this command has been left in place
      --------------------
      Value Name = NvCplDaemon
      Value Data = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup - this command has been left in place
      --------------------
      Value Name = nwiz
      Value Data = nwiz.exe /install - this command has been left in place
      --------------------
      Value Name = NvMediaCenter
      Value Data = RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit - this command has been left in place
      --------------------
      Value Name = ePower_DMC
      Value Data = C:\Acer\Empowering Technology\ePower\ePower_DMC.exe - this command has been left in place
      --------------------
      Value Name = Acer ePower Management
      Value Data = C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot - this command has been left in place
      --------------------
      Value Name = LManager
      Value Data = C:\PROGRA~1\LAUNCH~1\LManager.exe - this command has been left in place
      --------------------
      Value Name = eRecoveryService
      Value Data = C:\Acer\Empowering Technology\eRecovery\Monitor.exe - this command has been left in place
      --------------------
      Value Name = LVCOMSX
      Value Data = C:\WINDOWS\system32\LVCOMSX.EXE - this command has been left in place
      --------------------
      Value Name = LogitechCameraAssistant
      Value Data = C:\Program Files\Acer\OrbiCam\CameraAssistant.exe - this command has been left in place
      --------------------
      Value Name = LogitechVideo[inspector]
      Value Data = C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect - this command has been left in place
      --------------------
      Value Name = LogitechCameraService(E)
      Value Data = C:\WINDOWS\system32\ElkCtrl.exe /automation - this command has been left in place
      --------------------
      Value Name = ISUSPM Startup
      Value Data = C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup - this command has been left in place
      --------------------
      Value Name = ISUSScheduler
      Value Data = C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start - this command has been left in place
      --------------------
      Value Name = TkBellExe
      Value Data = C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot - this command has been left in place
      --------------------
      Value Name = Autoconfigurateur WiFi Neuf
      Value Data = C:\Program Files\Neuf\Kit\WiFi\9wifi.exe - this command has been left in place
      --------------------
      Value Name = SunJavaUpdateSched
      Value Data = C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe - this command has been left in place
      --------------------
      Value Name = ISTray
      Value Data = C:\Program Files\Spyware Doctor\pctsTray.exe - this command has been left in place
      --------------------
      Value Name = AVG7_CC
      Value Data = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP - this command has been left in place
      --------------------
      Value Name = QuickTime Task
      Value Data = C:\Program Files\QuickTime\qttask.exe" -atboottime - this command has been left in place
      --------------------
      Value Name = BM0a6725ef
      Value Data = Rundll32.exe "C:\WINDOWS\system32\wcpomsll.dll",s - this command has been left in place [file not found to scan]
      --------------------
      Value Name = TrojanScanner
      Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
      --------------------
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      This Registry Key appears to be empty
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
      This Registry Key appears to be empty
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
      This Registry Key appears to be empty
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
      This Registry Key appears to be empty
      --------------------
      Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
      This Registry Key attempts to run the following program(s):
      Value Name = CTFMON.EXE
      Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
      --------------------
      Value Name = msnmsgr
      Value Data = C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background - this command has been left in place
      --------------------
      --------------------
      Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
      This Registry Key appears to be empty

      ******************************
      12:45:11: Scanning -----SHELLEXECUTEHOOKS-----
      ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
      File: shell32.dll - this file is expected and has been left in place
      ----------
      ValueName: {E9383002-FC55-4330-B9C9-67E03BC5C840}
      File: C:\WINDOWS\system32\pmnljkl.dll
      C:\WINDOWS\system32\pmnljkl.dll - this ShellExecuteHook has been left in place [file not found to scan]
      ----------

      ******************************
      12:45:30: Scanning -----HIDDEN REGISTRY ENTRIES-----
      Taskdir check completed
      ----------
      No Registry Run Keys Hidden Entries found
      ----------

      ******************************
      12:45:30: Scanning -----ACTIVE SCREENSAVER-----
      ScreenSaver=C:\WINDOWS\system32\wpgldfsh.scr - this command has been left in place
      --------------------

      ******************************
      12:45:31: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
      Checking the StubPath calls in the Active Setup\Installed Components registry keys:
      Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
      StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
      ----------
      Key=>{26923b43-4d38-484f-9b9e-de460746276c}
      StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
      ----------
      Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
      StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
      ----------
      Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
      StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
      ----------
      Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
      StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
      ----------
      Key={7790769C-0471-11d2-AF11-00C04FA35D02}
      StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
      ----------
      Key={89820200-ECBD-11cf-8B85-00AA005B4340}
      StubPath=regsvr32.exe - this reference has been left in place
      ----------
      Key={89820200-ECBD-11cf-8B85-00AA005B4383}
      StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
      ----------

      ******************************
      12:45:32: Scanning ----- SERVICEDLL REGISTRY KEYS -----
      Checking DLL files called from the CurrentControlSet\Services Keys:
      --------------------
      Key=6to4
      ServiceDLL=%SystemRoot%\System32\6to4svc.dll - this reference has been left in place
      --------------------
      Key=Alerter
      ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
      --------------------
      Key=AppMgmt
      ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place
      --------------------
      Key=AudioSrv
      ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
      --------------------
      Key=BITS
      ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place
      --------------------
      Key=Browser
      ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
      --------------------
      Key=BthServ
      ServiceDLL=%SystemRoot%\System32\bthserv.dll - this reference has been left in place
      --------------------
      Key=CryptSvc
      ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
      --------------------
      Key=DcomLaunch
      ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
      --------------------
      Key=Dhcp
      ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
      --------------------
      Key=dmserver
      ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
      --------------------
      Key=Dnscache
      ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
      --------------------
      Key=ERSvc
      ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
      --------------------
      Key=EventSystem
      ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place
      --------------------
      Key=FastUserSwitchingCompatibility
      ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
      --------------------
      Key=helpsvc
      ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
      --------------------
      Key=HidServ
      ServiceDLL=%SystemRoot%\System32\hidserv.dll - this file is globally excluded (file cannot be found)
      --------------------
      Key=HTTPFilter
      ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
      --------------------
      Key=Irmon
      ServiceDLL=%SystemRoot%\System32\irmon.dll - this reference has been left in place
      --------------------
      Key=lanmanserver
      ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
      --------------------
      Key=lanmanworkstation
      ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
      --------------------
      Key=LmHosts
      ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
      --------------------
      Key=Messenger
      ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
      --------------------
      Key=MHN
      ServiceDLL=%SystemRoot%\System32\mhn.dll - this reference has been left in place
      --------------------
      Key=Netman
      ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
      --------------------
      Key=Nla
      ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
      --------------------
      Key=NtmsSvc
      ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
      --------------------
      Key=RasAuto
      ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
      --------------------
      Key=RasMan
      ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
      --------------------
      Key=RemoteAccess
      ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
      --------------------
      Key=RemoteRegistry
      ServiceDLL=%SystemRoot%\system32\regsvc.dll - this reference has been left in place
      --------------------
      Key=RpcSs
      ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
      --------------------
      Key=Schedule
      ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
      --------------------
      Key=seclogon
      ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
      --------------------
      Key=SENS
      ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
      --------------------
      Key=SharedAccess
      ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
      --------------------
      Key=ShellHWDetection
      ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
      --------------------
      Key=srservice
      ServiceDLL=C:\WINDOWS\system32\srsvc.dll - this reference has been left in place
      --------------------
      Key=SSDPSRV
      ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
      --------------------
      Key=stisvc
      ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
      --------------------
      Key=TapiSrv
      ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
      --------------------
      Key=TermService
      ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
      --------------------
      Key=Themes
      ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
      --------------------
      Key=TrkWks
      ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
      --------------------
      Key=upnphost
      ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
      --------------------
      Key=W32Time
      ServiceDLL=C:\WINDOWS\system32\w32time.dll - this reference has been left in place
      --------------------
      Key=WebClient
      ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
      --------------------
      Key=winmgmt
      ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
      --------------------
      Key=WmdmPmSN
      ServiceDLL=C:\WINDOWS\system32\MsPMSNSv.dll - this reference has been left in place
      --------------------
      Key=Wmi
      ServiceDLL=%SystemRoot%\System32\advapi32.dll - this reference has been left in place
      --------------------
      Key=wscsvc
      ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
      --------------------
      Key=wuauserv
      ServiceDLL=C:\WINDOWS\system32\wuauserv.dll - this reference has been left in place
      --------------------
      Key=WZCSVC
      ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
      --------------------
      Key=xmlprov
      ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place

      ******************************
      12:45:39: Scanning ----- SERVICES REGISTRY KEYS -----
      Checking files called from the CurrentControlSet\Services Keys:
      Key=abp480n5
      ImagePath=system32\DRIVERS\ABP480N5.SYS - this reference has been left in place
      ----------
      Key=ACPI
      ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place
      ----------
      Key=ACPIEC
      ImagePath=system32\DRIVERS\ACPIEC.sys - this reference has been left in place
      ----------
      Key=adpu160m
      ImagePath=system32\DRIVERS\adpu160m.sys - this reference has been left in place
      ----------
      Key=aec
      ImagePath=system32\drivers\aec.sys - this reference has been left in place
      ----------
      Key=AegisP
      ImagePath=system32\DRIVERS\AegisP.sys - this reference has been left in place
      ----------
      Key=AFD
      ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
      ----------
      Key=agp440
      ImagePath=system32\DRIVERS\agp440.sys - this reference has been left in place
      ----------
      Key=agpCPQ
      ImagePath=system32\DRIVERS\agpCPQ.sys - this reference has been left in place
      ----------
      Key=Aha154x
      ImagePath=system32\DRIVERS\aha154x.sys - this reference has been left in place
      ----------
      Key=aic78u2
      ImagePath=system32\DRIVERS\aic78u2.sys - this reference has been left in place
      ----------
      Key=aic78xx
      ImagePath=system32\DRIVERS\aic78xx.sys - this reference has been left in place
      ----------
      Key=ALG
      ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
      ----------
      Key=AliIde
      ImagePath=system32\DRIVERS\aliide.sys - this reference has been left in place
      ----------
      Key=alim1541
      ImagePath=system32\DRIVERS\alim1541.sys - this reference has been left in place
      ----------
      Key=amdagp
      ImagePath=system32\DRIVERS\amdagp.sys - this reference has been left in place
      ----------
      Key=amsint
      ImagePath=system32\DRIVERS\amsint.sys - this reference has been left in place
      ----------
      Key=Arp1394
      ImagePath=system32\DRIVERS\arp1394.sys - this reference has been left in place
      ----------
      Key=asc
      ImagePath=system32\DRIVERS\asc.sys - this reference has been left in place
      ----------
      Key=asc3350p
      ImagePath=system32\DRIVERS\asc3350p.sys - this reference has been left in place
      ----------
      Key=asc3550
      ImagePath=system32\DRIVERS\asc3550.sys - this reference has been left in place
      ----------
      Key=aspnet_state
      ImagePath=%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - this reference has been left in place
      ----------
      Key=AsyncMac
      ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
      ----------
      Key=atapi
      ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place
      ----------
      Key=atksgt
      ImagePath=system32\DRIVERS\atksgt.sys - this reference has been left in place
      ----------
      Key=Atmarpc
      ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place
      ----------
      Key=audstub
      ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place
      ----------
      Key=Avg7Alrt
      ImagePath=C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - this reference has been left in place
      ----------
      Key=Avg7Core
      ImagePath=\SystemRoot\System32\Drivers\avg7core.sys - this reference has been left in place
      ----------
      Key=Avg7RsW
      ImagePath=\SystemRoot\System32\Drivers\avg7rsw.sys - this reference has been left in place
      ----------
      Key=Avg7RsXP
      ImagePath=\SystemRoot\System32\Drivers\avg7rsxp.sys - this reference has been left in place
      ----------
      Key=Avg7UpdSvc
      ImagePath=C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - this reference has been left in place
      ----------
      Key=AvgClean
      ImagePath=\SystemRoot\System32\Drivers\avgclean.sys - this reference has been left in place
      ----------
      Key=AWService
      ImagePath="C:\Acer\Empowering Technology\admServ.exe" - this reference has been left in place
      ----------
      Key=bcm4sbxp
      ImagePath=system32\DRIVERS\bcm4sbxp.sys - this reference has been left in place
      ----------
      Key=BthEnum
      ImagePath=system32\DRIVERS\BthEnum.sys - this reference has been left in place
      ----------
      Key=BthPan
      ImagePath=system32\DRIVERS\bthpan.sys - this reference has been left in place
      ----------
      Key=BTHPORT
      ImagePath=System32\Drivers\BTHport.sys - this reference has been left in place
      ----------
      Key=BTHUSB
      ImagePath=System32\Drivers\BTHUSB.sys - this reference has been left in place
      ----------
      Key=cbidf
      ImagePath=system32\DRIVERS\cbidf2k.sys - this reference has been left in place
      ----------
      Key=CCDECODE
      ImagePath=system32\DRIVERS\CCDECODE.sys - this reference has been left in place
      ----------
      Key=cd20xrnt
      ImagePath=system32\DRIVERS\cd20xrnt.sys - this reference has been left in place
      ----------
      Key=Cdrom
      ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
      ----------
      Key=CiSvc
      ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
      ----------
      Key=ClipSrv
      ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
      ----------
      Key=clr_optimization_v2.0.50727_32
      ImagePath=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - this reference has been left in place
      ----------
      Key=CmBatt
      ImagePath=system32\DRIVERS\CmBatt.sys - this reference has been left in place
      ----------
      Key=CmdIde
      ImagePath=system32\DRIVERS\cmdide.sys - this reference has been left in place
      ----------
      Key=Compbatt
      ImagePath=system32\DRIVERS\compbatt.sys - this reference has been left in place
      ----------
      Key=COMSysApp
      ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
      ----------
      Key=Cpqarray
      ImagePath=system32\DRIVERS\cpqarray.sys - this reference has been left in place
      ----------
      Key=dac2w2k
      ImagePath=system32\DRIVERS\dac2w2k.sys - this reference has been left in place
      ----------
      Key=dac960nt
      ImagePath=system32\DRIVERS\dac960nt.sys - this reference has been left in place
      ----------
      Key=Disk
      ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place
      ----------
      Key=DKbFltr
      ImagePath=system32\DRIVERS\DKbFltr.sys - this reference has been left in place
      ----------
      Key=dmadmin
      ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
      ----------
      Key=dmboot
      ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
      ----------
      Key=dmio
      ImagePath=System32\drivers\dmio.sys - this reference has been left in place
      ----------
      Key=dmload
      ImagePath=System32\drivers\dmload.sys - this reference has been left in place
      ----------
      Key=DMusic
      ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
      ----------
      Key=dpti2o
      ImagePath=system32\DRIVERS\dpti2o.sys - this reference has been left in place
      ----------
      Key=drmkaud
      ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
      ----------
      Key=ehRecvr
      ImagePath=C:\WINDOWS\eHome\ehRecvr.exe - this reference has been left in place
      ----------
      Key=ehSched
      ImagePath=C:\WINDOWS\eHome\ehSched.exe - this reference has been left in place
      ----------
      Key=EMSCR
      ImagePath=system32\DRIVERS\EMS7SK.sys - this reference has been left in place
      ----------
      Key=EpmPsd
      ImagePath=\??\C:\WINDOWS\system32\drivers\epm-psd.sys - this reference has been left in place
      ----------
      Key=EpmShd
      ImagePath=\??\C:\WINDOWS\system32\drivers\epm-shd.sys - this reference has been left in place
      ----------
      Key=ESDCR
      ImagePath=system32\DRIVERS\ESD7SK.sys - this reference has been left in place
      ----------
      Key=ESMCR
      ImagePath=system32\DRIVERS\ESM7SK.sys - this reference has been left in place
      ----------
      Key=Eventlog
      ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
      ----------
      Key=EvtEng
      ImagePath=C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - this reference has been left in place
      ----------
      Key=Fax
      ImagePath=%systemroot%\system32\fxssvc.exe - this reference has been left in place
      ----------
      Key=FltMgr
      ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place
      ----------
      Key=Ftdisk
      ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place
      ----------
      Key=fwdrv
      ImagePath=\SystemRoot\system32\drivers\fwdrv.sys - this reference has been left in place
      ----------
      Key=GEARAspiWDM
      ImagePath=System32\Drivers\GEARAspiWDM.sys - this reference has been left in place
      ----------
      Key=Gpc
      ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place
      ----------
      Key=HDAudBus
      ImagePath=system32\DRIVERS\HDAudBus.sys - this reference has been left in place
      ----------
      Key=HidUsb
      ImagePath=system32\DRIVERS\hidusb.sys - this reference has been left in place
      ----------
      Key=hpn
      ImagePath=system32\DRIVERS\hpn.sys - this reference has been left in place
      ----------
      Key=HSFHWAZL
      ImagePath=system32\DRIVERS\HSFHWAZL.sys - this reference has been left in place
      ----------
      Key=HSF_DPV
      ImagePath=system32\DRIVERS\HSF_DPV.sys - this reference has been left in place
      ----------
      Key=HTTP
      ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
      ----------
      Key=i2omp
      ImagePath=system32\DRIVERS\i2omp.sys - this reference has been left in place
      ----------
      Key=i8042prt
      ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
      ----------
      Key=ialm
      ImagePath=system32\DRIVERS\ialmnt5.sys - this reference has been left in place
      ----------
      Key=IKFileSec
      ImagePath=system32\drivers\ikfilesec.sys - this reference has been left in place
      ----------
      Key=IKSysFlt
      ImagePath=system32\drivers\iksysflt.sys - this reference has been left in place
      ----------
      Key=IKSysSec
      ImagePath=system32\drivers\iksyssec.sys - this reference has been left in place
      ----------
      Key=Imapi
      ImagePath=system32\DRIVERS\imapi.sys - this reference has been left in place
      ----------
      Key=ImapiService
      ImagePath=C:\WINDOWS\system32\imapi.exe - this reference has been left in place
      ----------
      Key=ini910u
      ImagePath=system32\DRIVERS\ini910u.sys - this reference has been left in place
      ----------
      Key=int15.sys
      ImagePath=\??\C:\Acer\Empowering Technology\eRecovery\int15.sys - this reference has been left in place
      ----------
      Key=IntcAzAudAddService
      ImagePath=system32\drivers\RtkHDAud.sys - this reference has been left in place
      ----------
      Key=IntelIde
      ImagePath=system32\DRIVERS\intelide.sys - this reference has been left in place
      ----------
      Key=intelppm
      ImagePath=system32\DRIVERS\intelppm.sys - this reference has been left in place
      ----------
      Key=Ip6Fw
      ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place
      ----------
      Key=IpFilterDriver
      ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
      ----------
      Key=IpInIp
      ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place
      ----------
      Key=IpNat
      ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
      ----------
      Key=iPod Service
      ImagePath="C:\Program Files\iPod\bin\iPodService.exe" - this reference has been left in place
      ----------
      Key=IPSec
      ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place
      ----------
      Key=irda
      ImagePath=system32\DRIVERS\irda.sys - this reference has been left in place
      ----------
      Key=IRENUM
      ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place
      ----------
      Key=isapnp
      ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place
      ----------
      Key=Kbdclass
      ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
      ----------
      Key=khips
      ImagePath=\SystemRoot\system32\drivers\khips.sys - this reference has been left in place
      ----------
      Key=kmixer
      ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
      ----------
      Key=KPF4
      ImagePath="C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe" - this reference has been left in place
      ----------
      Key=LightScribeService
      ImagePath="C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe" - this reference has been left in place
      ----------
      Key=lirsgt
      ImagePath=system32\DRIVERS\lirsgt.sys - this reference has been left in place
      ----------
      Key=lv321av
      ImagePath=system32\DRIVERS\lv321av.sys - this reference has been left in place
      ----------
      Key=lvmvdrv
      ImagePath=\??\C:\WINDOWS\system32\drivers\lvmvdrv.sys - this reference has been left in place
      ----------
      Key=LVPrcMon
      ImagePath=\??\C:\WINDOWS\system32\drivers\LVPrcMon.sys - this reference has been left in place
      ----------
      Key=LVPrcSrv
      ImagePath=c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe - this reference has been left in place
      ----------
      Key=LVUSBSta
      ImagePath=system32\drivers\lvusbsta.sys - this reference has been left in place
      ----------
      Key=McrdSvc
      ImagePath=C:\WINDOWS\ehome\mcrdsvc.exe - this reference has been left in place
      ----------
      Key=mdmxsdk
      ImagePath=system32\DRIVERS\mdmxsdk.sys - this reference has been left in place
      ----------
      Key=MHNDRV
      ImagePath=system32\DRIVERS\mhndrv.sys - this reference has been left in place
      ----------
      Key=mnmsrvc
      ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place
      ----------
      Key=Mouclass
      ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
      ----------
      Key=mouhid
      ImagePath=system32\DRIVERS\mouhid.sys - this reference has been left in place
      ----------
      Key=mraid35x
      ImagePath=system32\DRIVERS\mraid35x.sys - this reference has been left in place
      ----------
      Key=MRxDAV
      ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place
      ----------
      Key=MRxSmb
      ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
      ----------
      Key=MSDTC
      ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place
      ----------
      Key=MSIServer
      ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
      ----------
      Key=MSKSSRV
      ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
      ----------
      Key=MSPCLOCK
      ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
      ----------
      Key=MSPQM
      ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
      ----------
      Key=mssmbios
      ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
      ----------
      Key=MSTEE
      ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
      ----------
      Key=NABTSFEC
      ImagePath=system32\DRIVERS\NABTSFEC.sys - this reference has been left in place
      ----------
      Key=NdisFilt
      ImagePath=System32\Drivers\NdisFilt.sys - this reference has been left in place
      ----------
      Key=NdisIP
      ImagePath=system32\DRIVERS\NdisIP.sys - this reference has been left in place
      ----------
      Key=NdisTapi
      ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
      ----------
      Key=Ndisuio
      ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
      ----------
      Key=NdisWan
      ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
      ----------
      Key=NetBIOS
      ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
      ----------
      Key=NetBT
      ImagePath=system32\DRIVERS\netbt.sys - this reference has been left in place
      ----------
      Key=NetDDE
      ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
      ----------
      Key=NetDDEdsdm
      ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
      ----------
      Key=Netlogon
      ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
      ----------
      Key=NETMNT
      ImagePath=system32\DRIVERS\NETMNT.sys - this reference has been left in place
      ----------
      Key=NIC1394
      ImagePath=system32\DRIVERS\nic1394.sys - this reference has been left in place
      ----------
      Key=NPF
      ImagePath=system32\drivers\npf.sys - this reference has been left in place
      ----------
      Key=NTIDrvr
      ImagePath=system32\DRIVERS\NTIDrvr.sys - this reference has been left in place
      ----------
      Key=NtLmSsp
      ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
      ----------
      Key=nv
      ImagePath=system32\DRIVERS\nv4_mini.sys - this reference has been left in place
      ----------
      Key=NVSvc
      ImagePath=%SystemRoot%\system32\nvsvc32.exe - this reference has been left in place
      ----------
      Key=NwlnkFlt
      ImagePath=system32\DRIVERS\nwlnkflt.sys - this reference has been left in place
      ----------
      Key=NwlnkFwd
      ImagePath=system32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
      ----------
      Key=ohci1394
      ImagePath=system32\DRIVERS\ohci1394.sys - this reference has been left in place
      ----------
      Key=OsaFsLoc
      ImagePath=\??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys - this reference has been left in place
      ----------
      Key=osaio
      ImagePath=\??\C:\WINDOWS\system32\drivers\osaio.sys - this reference has been left in place
      ----------
      Key=osanbm
      ImagePath=\??\C:\WINDOWS\system32\drivers\osanbm.sys - this reference has been left in place
      ----------
      Key=ose
      ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" - this reference has been left in place
      ----------
      Key=PCASp50
      ImagePath=System32\Drivers\PCASp50.sys - this reference has been left in place
      ----------
      Key=PCI
      ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place
      ----------
      Key=PCIIde
      ImagePath=system32\DRIVERS\pciide.sys - this reference has been left in place
      ----------
      Key=Pcmcia
      ImagePath=system32\DRIVERS\pcmcia.sys - this reference has been left in place
      ----------
      Key=perc2
      ImagePath=system32\DRIVERS\perc2.sys - this reference has been left in place
      ----------
      Key=perc2hib
      ImagePath=system32\DRIVERS\perc2hib.sys - this reference has been left in place
      ----------
      Key=PlugPlay
      ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
      ----------
      Key=PolicyAgent
      ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
      ----------
      Key=PptpMiniport
      ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
      ----------
      Key=ProtectedStorage
      ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
      ----------
      Key=PSched
      ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place
      ----------
      Key=Ptilink
      ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place
      ----------
      Key=PxHelp20
      ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
      ----------
      Key=ql1080
      ImagePath=system32\DRIVERS\ql1080.sys - this reference has been left in place
      ----------
      Key=Ql10wnt
      ImagePath=system32\DRIVERS\ql10wnt.sys - this reference has been left in place
      ----------
      Key=ql12160
      ImagePath=system32\DRIVERS\ql12160.sys - this reference has been left in place
      ----------
      Key=ql1240
      ImagePath=system32\DRIVERS\ql1240.sys - this reference has been left in place
      ----------
      Key=ql1280
      ImagePath=system32\DRIVERS\ql1280.sys - this reference has been left in place
      ----------
      Key=RasAcd
      ImagePath=system32\DRIVERS\rasacd.sys - this reference has been left in place
      ----------
      Key=Rasirda
      ImagePath=system32\DRIVERS\rasirda.sys - this reference has been left in place
      ----------
      Key=Rasl2tp
      ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
      ----------
      Key=RasPppoe
      ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
      ----------
      Key=Raspti
      ImagePath=system32\DRIVERS\raspti.sys - this reference has been left in place
      ----------
      Key=Rdbss
      ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
      ----------
      Key=RDPCDD
      ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
      ----------
      Key=rdpdr
      ImagePath=system32\DRIVERS\rdpdr.sys - this reference has been left in place
      ----------
      Key=RDSessMgr
      ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
      ----------
      Key=redbook
      ImagePath=system32\DRIVERS\redbook.sys - this reference has been left in place
      ----------
      Key=RegSrvc
      ImagePath=C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - this reference has been left in place
      ----------
      Key=RFCOMM
      ImagePath=system32\DRIVERS\rfcomm.sys - this reference has been left in place
      ----------
      Key=rpcapd
      ImagePath="%ProgramFiles%\WinPcap\rpcapd.exe" -d -f "%ProgramFiles%\WinPcap\rpcapd.ini" - this reference has been left in place
      ----------
      Key=RpcLocator
      ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
      ----------
      Key=RSVP
      ImagePath=%SystemRoot%\system32\rsvp.exe - this reference has been left in place
      ----------
      Key=S24EventMonitor
      ImagePath=C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe - this reference has been left in place
      ----------
      Key=s24trans
      ImagePath=system32\DRIVERS\s24trans.sys - this reference has been left in place
      ----------
      Key=SamSs
      ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
      ----------
      Key=SCardSvr
      ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
      ----------
      Key=sdAuxService
      ImagePath=C:\Program Files\Spyware Doctor\pctsAuxs.exe - this reference has been left in place
      ----------
      Key=sdbus
      ImagePath=system32\DRIVERS\sdbus.sys - this reference has been left in place
      ----------
      Key=sdCoreService
      ImagePath=C:\Program Files\Spyware Doctor\pctsSvc.exe - this reference has been left in place
      ----------
      Key=Secdrv
      ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place
      ----------
      Key=sisagp
      ImagePath=system32\DRIVERS\sisagp.sys - this reference has been left in place
      ----------
      Key=SLIP
      ImagePath=system32\DRIVERS\SLIP.sys - this reference has been left in place
      ----------
      Key=SMCIRDA
      ImagePath=system32\DRIVERS\smcirda.sys - this reference has been left in place
      ----------
      Key=Sparrow
      ImagePath=system32\DRIVERS\sparrow.sys - this reference has been left in place
      ----------
      Key=splitter
      ImagePath=system32\drivers\splitter.sys - this reference has been left in place
      ----------
      Key=Spooler
      ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
      ----------
      Key=sr
      ImagePath=system32\DRIVERS\sr.sys - this reference has been left in place
      ----------
      Key=Srv
      ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place
      ----------
      Key=streamip
      ImagePath=system32\DRIVERS\StreamIP.sys - this reference has been left in place
      ----------
      Key=swenum
      ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
      ----------
      Key=swmidi
      ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
      ----------
      Key=SwPrv
      ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{070AF376-0726-47B6-9EF8-1DF1ED2C765D} - this reference has been left in place
      ----------
      Key=symc810
      ImagePath=system32\DRIVERS\symc810.sys - this reference has been left in place
      ----------
      Key=symc8xx
      ImagePath=system32\DRIVERS\symc8xx.sys - this reference has been left in place
      ----------
      Key=sym_hi
      ImagePath=system32\DRIVERS\sym_hi.sys - this reference has been left in place
      ----------
      Key=sym_u3
      ImagePath=system32\DRIVERS\sym_u3.sys - this reference has been left in place
      ----------
      Key=SynTP
      ImagePath=system32\DRIVERS\SynTP.sys - this reference has been left in place
      ----------
      Key=sysaudio
      ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
      ----------
      Key=SysmonLog
      ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
      ----------
      Key=Tcpip
      ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
      ----------
      Key=Tcpip6
      ImagePath=system32\DRIVERS\tcpip6.sys - this reference has been left in place
      ----------
      Key=TermDD
      ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
      ----------
      Key=TlntSvr
      ImagePath=C:\WINDOWS\system32\tlntsvr.exe - this reference has been left in place
      ----------
      Key=TosIde
      ImagePath=system32\DRIVERS\toside.sys - this reference has been left in place
      ----------
      Key=tunmp
      ImagePath=system32\DRIVERS\tunmp.sys - this reference has been left in place
      ----------
      Key=ultra
      ImagePath=system32\DRIVERS\ultra.sys - this reference has been left in place
      ----------
      Key=UMWdf
      ImagePath=C:\WINDOWS\system32\wdfmgr.exe - this reference has been left in place
      ----------
      Key=Update
      ImagePath=system32\DRIVERS\update.sys - this reference has been left in place
      ----------
      Key=UPS
      ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
      ----------
      Key=usbehci
      ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
      ----------
      Key=usbhub
      ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
      ----------
      Key=usbprint
      ImagePath=system32\DRIVERS\usbprint.sys - this reference has been left in place
      ----------
      Key=usbscan
      ImagePath=system32\DRIVERS\usbscan.sys - this reference has been left in place
      ----------
      Key=USBSTOR
      ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
      ----------
      Key=usbuhci
      ImagePath=system32\DRIVERS\usbuhci.sys - this reference has been left in place
      ----------
      Key=usnjsvc
      ImagePath="C:\Program Files\Windows Live\Messenger\usnsvc.exe" - this reference has been left in place
      ----------
      Key=VgaSave
      ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
      ----------
      Key=viaagp
      ImagePath=system32\DRIVERS\viaagp.sys - this reference has been left in place
      ----------
      Key=ViaIde
      ImagePath=system32\DRIVERS\viaide.sys - this reference has been left in place
      ----------
      Key=VSS
      ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
      ----------
      Key=w39n51
      ImagePath=system32\DRIVERS\w39n51.sys - this reference has been left in place
      ----------
      Key=Wanarp
      ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
      ----------
      Key=wdmaud
      ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
      ----------
      Key=winachsf
      ImagePath=system32\DRIVERS\HSF_CNXT.sys - this reference has been left in place
      ----------
      Key=WLSetupSvc
      ImagePath="C:\Program Files\Windows Live\installer\WLSetupSvc.exe" - this reference has been left in place
      ----------
      Key=WmiAcpi
      ImagePath=system32\DRIVERS\wmiacpi.sys - this reference has been left in place
      ----------
      Key=WmiApSrv
      ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place
      ----------
      Key=WSTCODEC
      ImagePath=system32\DRIVERS\WSTCODEC.SYS - this reference has been left in place
      ----------

      ******************************
      12:46:27: Scanning -----VXD ENTRIES-----
      Checking the following VxD entries:
      Checking VMM32 VxD files being loaded

      ******************************
      12:46:27: Scanning ----- WINLOGON\NOTIFY DLLS -----
      Checking DLLs called from the Winlogon\Notify key:
      Key=crypt32chain
      DLLName=crypt32.dll - this reference has been left in place
      ----------
      Key=cryptnet
      DLLName=cryptnet.dll - this reference has been left in place
      ----------
      Key=cscdll
      DLLName=cscdll.dll - this reference has been left in place
      ----------
      Key=igfxcui
      DLLName=igfxdev.dll - this reference has been left in place
      ----------
      Key=pmnljkl
      DLLName=pmnljkl.dll - this reference has been left in place [file not found to scan]
      ----------
      Key=ScCertProp
      DLLName=wlnotify.dll - this reference has been left in place
      ----------
      Key=Schedule
      DLLName=wlnotify.dll - this reference has been left in place
      ----------
      Key=sclgntfy
      DLLName=sclgntfy.dll - this reference has been left in place
      ----------
      Key=SensLogn
      DLLName=WlNotify.dll - this reference has been left in place
      ----------
      Key=termsrv
      DLLName=wlnotify.dll - this reference has been left in place
      ----------
      Key=wlballoon
      DLLName=wlnotify.dll - this reference has been left in place
      ----------

      ******************************
      12:46:37: Scanning ----- CONTEXTMENUHANDLERS -----
      Key = AVG7 Shell Extension
      CLSID = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
      C:\Program Files\Grisoft\AVG7\avgse.dll - this ContextMenuHandler has been left in place
      ----------
      Key = EDSshellExt
      CLSID = {29FF7AB0-BE34-4992-A30B-53A9D86EE239}
      C:\WINDOWS\system32\eDSshellExt.dll - this ContextMenuHandler has been left in place
      ----------
      Key = Fichiers hors connexion
      CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
      %SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
      ----------
      Key = Open With
      CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
      %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
      ----------
      Key = Open With EncryptionMenu
      CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
      %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
      ----------
      Key = Trojan Remover
      CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
      C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
      ----------
      Key = WinRAR
      CLSID = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
      C:\Program Files\WinRAR\rarext.dll - this ContextMenuHandler has been left in place
      ----------
      Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
      %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
      ----------

      ******************************
      12:46:39: Scanning ----- FOLDER\COLUMNHANDLERS -----
      Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
      %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
      ----------
      Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
      %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
      ----------
      Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
      %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
      ----------
      Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
      %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
      ----------
      Key = {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
      "C:\Program Files\OpenOffice.org 2.3\program\shlxthdl.dll" - this Folder\ColumnHandler has been left in place
      ----------
      Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
      C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
      ----------

      ******************************
      12:46:39: Scanning ----- BROWSER HELPER OBJECTS -----
      Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
      C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place
      ----------
      C:\WINDOWS\system32\jkkjh.dll - appears to contain ADWARE.VIRTUMONDE
      C:\WINDOWS\system32\jkkjh.dll - this Browser Helper Object was being loaded by the following key:
      HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{16AC4674-1669-4010-B9B7-0D63B7569284} - this key has been removed
      C:\WINDOWS\system32\jkkjh.dll - this Browser Helper Object was referenced by the following key:
      HKEY_CLASSES_ROOT\CLSID\{16AC4674-1669-4010-B9B7-0D63B7569284} - this key has been removed
      C:\WINDOWS\system32\jkkjh.dll has been marked for renaming when the PC is restarted (if it exists)
      ----------
      Key = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
      C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - this Browser Helper Object has been left in place
      ----------
      Key = {9030D464-4C02-4ABF-8ECC-5164760863C6}
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - this Browser Helper Object has been left in place
      ----------
      Key = {E9383002-FC55-4330-B9C9-67E03BC5C840}
      C:\WINDOWS\system32\pmnljkl.dll - this Browser Helper Object has been left in place [file not found to scan]
      ----------

      ******************************
      12:46:50: Scanning ----- SHELLSERVICEOBJECTS -----
      Key = PostBootReminder
      %SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
      ----------
      Key = CDBurn
      %SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
      ----------
      Key = WebCheck
      %SystemRoot%\system32\webcheck.dll - this ShellServiceObject has been left in place
      ----------
      Key = SysTray
      C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place
      ----------

      ******************************
      12:46:50: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
      Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
      Comment = Pré-chargeur Browseui
      File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
      ----------
      Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
      Comment = Démon de cache des catégories de composant
      File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
      ----------

      ******************************
      12:46:50: Scanning ----- IMAGEFILE DEBUGGERS -----
      No "Debugger" entries found.

      ******************************
      12:46:50: Scanning ----- APPINIT_DLLS -----
      The AppInit_DLLs value is blank

      ******************************
      12:46:50: Scanning ------ COMMON STARTUP GROUP ------
      [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
      The Common Startup Group attempts to load the following file(s) at boot time:
      desktop.ini - this file is expected and has been left in place
      --------------------

      ******************************
      No User Startup Groups were located to check

      ******************************
      12:46:50: Scanning ----- SCHEDULED TASKS -----

      ******************************
      12:46:50: ----- EXTRA CHECKS -----
      PE386 rootkit checks completed
      ----------
      Winlogon registry rootkit checks completed
      ----------
      Heuristic checks for hidden files/drivers completed
      ----------

      ******************************
      12:46:51: Scanning ------ DOWNLOADED PROGRAM FILES ------
      The following files are located in the DOWNLOADED PROGRAM FILES directory:
      C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
      C:\WINDOWS\Downloaded Program Files\isusweb.dll - this file has been left in place
      C:\WINDOWS\Downloaded Program Files\dwusplay.exe - this file has been left in place
      C:\WINDOWS\Downloaded Program Files\dwusplay.dll - this file has been left in place

      ******************************
      12:46:52: Scanning ----- RUNNING PROCESSES -----

      C:\WINDOWS\System32\smss.exe
      --------------------
      C:\WINDOWS\system32\csrss.exe
      --------------------
      C:\WINDOWS\system32\winlogon.exe
      --------------------
      C:\WINDOWS\system32\services.exe
      --------------------
      C:\WINDOWS\system32\lsass.exe
      --------------------
      C:\WINDOWS\system32\svchost.exe
      --------------------
      C:\WINDOWS\system32\svchost.exe
      --------------------
      C:\WINDOWS\System32\svchost.exe
      --------------------
      C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
      --------------------
      C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
      --------------------
      C:\WINDOWS\system32\svchost.exe
      --------------------
      C:\WINDOWS\system32\svchost.exe
      --------------------
      C:\WINDOWS\system32\spoolsv.exe
      --------------------
      c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
      --------------------
      C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
      --------------------
      C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
      --------------------
      C:\Acer\Empowering Technology\admServ.exe
      --------------------
      C:\WINDOWS\system32\svchost.exe
      --------------------
      C:\WINDOWS\eHome\ehRecvr.exe
      --------------------
      C:\WINDOWS\eHome\ehSched.exe
      --------------------
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
      --------------------
      C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
      --------------------
      C:\WINDOWS\system32\nvsvc32.exe
      --------------------
      C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
      --------------------
      C:\Program Files\Spyware Doctor\pctsAuxs.exe
      --------------------
      C:\Program Files\Spyware Doctor\pctsSvc.exe
      --------------------
      C:\WINDOWS\system32\svchost.exe
      --------------------
      C:\WINDOWS\system32\svchost.exe
      --------------------
      C:\WINDOWS\ehome\mcrdsvc.exe
      --------------------
      C:\WINDOWS\system32\dllhost.exe
      --------------------
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      --------------------
      C:\WINDOWS\System32\alg.exe
      --------------------
      C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
      --------------------
      C:\WINDOWS\ehome\ehtray.exe
      --------------------
      C:\WINDOWS\eHome\ehmsas.exe
      --------------------
      C:\Acer\Empowering Technology\eRecovery\Monitor.exe
      --------------------
      C:\WINDOWS\RTHDCPL.EXE
      --------------------
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      --------------------
      C:\WINDOWS\system32\wuauclt.exe
      --------------------
      C:\Acer\Empowering Technology\admtray.exe
      --------------------
      C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
      --------------------
      C:\WINDOWS\system32\rundll32.exe
      --------------------
      C:\WINDOWS\system32\RUNDLL32.EXE
      --------------------
      C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
      --------------------
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      --------------------
      C:\PROGRA~1\LAUNCH~1\LManager.exe
      --------------------
      C:\WINDOWS\system32\wbem\unsecapp.exe
      --------------------
      C:\WINDOWS\system32\LVCOMSX.EXE
      --------------------
      C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
      --------------------
      C:\WINDOWS\system32\wbem\wmiprvse.exe
      --------------------
      C:\WINDOWS\system32\ElkCtrl.exe
      --------------------
      C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
      --------------------
      C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
      ----------
      0
  13. Powax Messages postés 570 Statut Membre 92
     
    La tentatie d'intrusion, c'est normal, c'est logitech donc ça vient de ta souris ou de ton clavier ;o)
    0
  14. maxx
     
    Donc, là, le virus est supprimé ?!

    Merci beaucoup pour l'aide et la patience !

    Pour l'intrusion bloquée par Sunbelt/Kerio, que puis-je faire ?!
    0
  15. Powax Messages postés 570 Statut Membre 92
     
    Bonjour,

    1) pour le pare-feu, tu peux autoriser logitech ;o)

    2) Télécharge VundoFix: http://www.atribune.org/ccount/click.php?id=4

    * Double-clique sur VundoFix.exe
    * Clique sur le bouton Scan for Vundo
    * Si le programme te demande de supprimer des fichiers, dis oui
    * Lorsque le programme a fini de scanner ton pc, il doit être éteint, redémarre le.
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt

    3) 1) Va dans ' ordinateur ' > ' Outil ' > ' Options des dossiers ' > Onglet ' Affichage '

    2) Active le bouton ' Afficher les fichiers et dossiers cachés '
    3) Décoche ' Masquer les fichiers protégés du systeme d'exploitation ( recommandé ) '
    4) Décoche ' Masquer les extensions dont le type est connu '

    5) Va sur ce site --> https://www.virustotal.com/gui/

    Clique sur ' parcourir '

    Cherche ce fichier : C:\WINDOWS\system32\wcpomsll.dll

    Clique sur ' send '

    Un rapport va s'élaborer ligne à ligne

    Attends la fin. Il doit comprendre la taille du fichier envoyé

    Sauvegarde le rapport avec le bloc-note

    Poste-le.

    3) Poste un dernier rapport HiJack stp :o)
    0
  16. Maxx
     
    Comment autoriser logitch ?!

    Voici le rapport Hijack this :

    Logfile of Trend Micro HijackThis v2.0.0 (BETA)
    Scan saved at 12:30, on 2008-03-19
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    Boot mode: Normal

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\csrss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\spoolsv.exe
    c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    C:\Acer\Empowering Technology\admServ.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\eHome\ehRecvr.exe
    C:\WINDOWS\eHome\ehSched.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    C:\WINDOWS\system32\nvsvc32.exe
    C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    C:\Program Files\Spyware Doctor\pctsAuxs.exe
    C:\Program Files\Spyware Doctor\pctsSvc.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\ehome\mcrdsvc.exe
    C:\WINDOWS\system32\dllhost.exe
    C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
    C:\WINDOWS\System32\alg.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\system32\wbem\wmiprvse.exe
    C:\WINDOWS\Explorer.EXE
    C:\WINDOWS\ehome\ehtray.exe
    C:\WINDOWS\RTHDCPL.EXE
    C:\WINDOWS\eHome\ehmsas.exe
    C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    C:\Acer\Empowering Technology\admtray.exe
    C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    C:\WINDOWS\system32\rundll32.exe
    C:\WINDOWS\system32\RUNDLL32.EXE
    C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\PROGRA~1\LAUNCH~1\LManager.exe
    C:\WINDOWS\system32\LVCOMSX.EXE
    C:\WINDOWS\system32\wbem\unsecapp.exe
    C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    C:\WINDOWS\system32\ElkCtrl.exe
    C:\DOCUME~1\Autre\LOCALS~1\Temp\RtkBtMnt.exe
    C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
    C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
    C:\Program Files\Neuf\Kit\WiFi\9wifi.exe
    C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
    C:\Program Files\Spyware Doctor\pctsTray.exe
    C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
    C:\Program Files\QuickTime\qttask.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
    C:\PROGRA~1\Grisoft\AVG7\avgw.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
    C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
    C:\Documents and Settings\Autre\Bureau\HiJackThis_v2.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.acer.com/worldwide/selection.html
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://actus.sfr.fr
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = https://actus.sfr.fr
    R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=33568
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll
    O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
    O2 - BHO: (no name) - {E9383002-FC55-4330-B9C9-67E03BC5C840} - C:\WINDOWS\system32\pmnljkl.dll (file missing)
    O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
    O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
    O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
    O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
    O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
    O4 - HKLM\..\Run: [LaunchApp] Alaunch
    O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
    O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
    O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
    O4 - HKLM\..\Run: [AzMixerSel] C:\Program Files\Realtek\InstallShield\AzMixerSel.exe
    O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    O4 - HKLM\..\Run: [ntiMUI] C:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
    O4 - HKLM\..\Run: [ADMTray.exe] "C:\Acer\Empowering Technology\admtray.exe"
    O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
    O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
    O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
    O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
    O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
    O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
    O4 - HKLM\..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe boot
    O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
    O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe
    O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
    O4 - HKLM\..\Run: [LogitechCameraAssistant] C:\Program Files\Acer\OrbiCam\CameraAssistant.exe
    O4 - HKLM\..\Run: [LogitechVideo[inspector]] C:\Program Files\Acer\OrbiCam\InstallHelper.exe /inspect
    O4 - HKLM\..\Run: [LogitechCameraService(E)] C:\WINDOWS\system32\ElkCtrl.exe /automation
    O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
    O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [Autoconfigurateur WiFi Neuf] "C:\Program Files\Neuf\Kit\WiFi\9wifi.exe"
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe"
    O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
    O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [BM0a6725ef] Rundll32.exe "C:\WINDOWS\system32\wcpomsll.dll",s
    O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
    O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe
    O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
    O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
    O4 - HKUS\S-1-5-21-267051079-3657839205-3423815223-1005\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Julien T')
    O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
    O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
    O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
    O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
    O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
    O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
    O20 - Winlogon Notify: pmnljkl - pmnljkl.dll (file missing)
    O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
    O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
    O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
    O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
    O23 - Service: AdminWorks Agent X6 (AWService) - Avocent Inc. - C:\Acer\Empowering Technology\admServ.exe
    O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
    O23 - Service: Service de planification Media Center (ehSched) - Unknown owner - C:\WINDOWS\eHome\ehSched.exe
    O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
    O23 - Service: Fax - Unknown owner - C:\WINDOWS\system32\fxssvc.exe
    O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
    O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
    O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe
    O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
    O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
    O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
    O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
    O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
    O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
    O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
    O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
    O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
    O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
    O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
    O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
    O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe
    0
  17. Powax Messages postés 570 Statut Membre 92
     
    J'ai demandé ça avant le rapport HiJack:

    2) Télécharge VundoFix: http://www.atribune.org/ccount/click.php?id=4

    * Double-clique sur VundoFix.exe
    * Clique sur le bouton Scan for Vundo
    * Si le programme te demande de supprimer des fichiers, dis oui
    * Lorsque le programme a fini de scanner ton pc, il doit être éteint, redémarre le.
    * Copie/colle le contenu du rapport situé dans C:\vundofix.txt

    3) 1) Va dans ' ordinateur ' > ' Outil ' > ' Options des dossiers ' > Onglet ' Affichage '

    2) Active le bouton ' Afficher les fichiers et dossiers cachés '
    3) Décoche ' Masquer les fichiers protégés du systeme d'exploitation ( recommandé ) '
    4) Décoche ' Masquer les extensions dont le type est connu '

    5) Va sur ce site --> https://www.virustotal.com/gui/

    Clique sur ' parcourir '

    Cherche ce fichier : C:\WINDOWS\system32\wcpomsll.dll

    Clique sur ' send '

    Un rapport va s'élaborer ligne à ligne

    Attends la fin. Il doit comprendre la taille du fichier envoyé

    Sauvegarde le rapport avec le bloc-note

    Poste-le.
    0
  18. maxx
     
    VundoFix V7.0.3

    Scan started at 21:04:35 16/03/2008

    Listing files found while scanning....

    C:\windows\system32\hjkkj.ini
    C:\windows\system32\hjkkj.ini2
    C:\windows\system32\jkkjh.dll

    VundoFix V7.0.3

    Scan started at 21:14:00 16/03/2008

    Listing files found while scanning....

    C:\windows\system32\hjkkj.ini
    C:\windows\system32\hjkkj.ini2
    C:\windows\system32\jkkjh.dll

    Beginning removal...

    Attempting to delete C:\windows\system32\hjkkj.ini
    C:\windows\system32\hjkkj.ini Has been deleted!

    Attempting to delete C:\windows\system32\hjkkj.ini2
    C:\windows\system32\hjkkj.ini2 Has been deleted!

    Attempting to delete C:\windows\system32\jkkjh.dll
    C:\windows\system32\jkkjh.dll Has been deleted!

    Performing Repairs to the registry.
    Done!

    VundoFix V7.0.3

    Scan started at 21:25:57 16/03/2008

    Listing files found while scanning....

    No infected files were found.
    Comment faire pour trouver le fichier c:\windows\system32\wcpomsll.dll quand je suis sur le site www.virustotal.com ?

    Voici le rapport vundofix :

    VundoFix V7.0.3

    Scan started at 21:32:52 16/03/2008

    Listing files found while scanning....

    No infected files were found.

    VundoFix V7.0.3

    Scan started at 14:12:11 19/03/2008

    Listing files found while scanning....

    No infected files were found.

    Beginning removal...
    0
    1. Powax Messages postés 570 Statut Membre 92
       
      Tout est dit:

      5) Va sur ce site --> https://www.virustotal.com/gui/

      Clique sur ' parcourir '

      Cherche ce fichier : C:\WINDOWS\system32\wcpomsll.dll

      Clique sur ' send '

      Un rapport va s'élaborer ligne à ligne

      Attends la fin. Il doit comprendre la taille du fichier envoyé

      Sauvegarde le rapport avec le bloc-note

      Poste-le.
      0
  19. maxx
     
    Sur le site www.virustotal.com, quand je clique sur "parcourir", une fenêtre s'ouvre avec tous mes dossiers. Je dois chercher dans chaque dossier si je trouve le fichier c:\windows\system32\wcpomsll.dll ?
    Il peut se trouver n'importe où ?!
    0
    1. Powax Messages postés 570 Statut Membre 92
       
      Non, il est à un emplacement précis et pas "n'importe où"

      Tu clic sur "parcourir", puis double-clic sur C: , puis sur windows, puis system32 et enfin sur wcpomsll.dll
      0
  20. Powax Messages postés 570 Statut Membre 92
     
    Tu as bien fait l'étape 3 ?

    1) Va dans ' ordinateur ' > ' Outil ' > ' Options des dossiers ' > Onglet ' Affichage '
    2) Active le bouton ' Afficher les fichiers et dossiers cachés '
    3) Décoche ' Masquer les fichiers protégés du systeme d'exploitation ( recommandé ) '
    4) Décoche ' Masquer les extensions dont le type est connu '
    0
  • 1
  • 2
  • 3