Sujet Précédent Sujet Suivant

Trojandownloader.xs 180solutions...

Résolu/Fermé
zzzzzzz Messages postés 7 Date d'inscription lundi 31 mars 2008 Statut Membre Dernière intervention 30 juin 2008 - 31 mars 2008 à 14:24
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 6 avril 2008 à 18:50
Bonjour a tous,
j'ai attrapé un virus plutôt coriace et je n'arrive pas a la localiser. de plus je n'ai plus accès a internet.
mon fond d'écran est bleu avec une inscription "warning...", des bulles intempestive me signal en anglais que mon ordinateur est contaminer par un spyware. de plus des fenêtres a l'apparence étrange rouge et bleu avec des liens sur le net.dans les fenêtres rouge le virus signaler est 180solutions puis 123mùessenger et encore d'autre nom, dans les fenêtres bleu les virus ce nomme trojendownloader.xs.
les différent antivirus que j'ai essayer(au moins 5) ne détecte que les élément infecter et non la source du virus.
je vous envoie le rapport de anti-malwaresi cela peut vous aider.
s'il vous plait aider moi chasseur de virus en tout genre......
je m'en remet a vous.

Malwarebytes' Anti-Malware 1.09
Version de la base de données: 507

Type de recherche: Examen complet (C:\|D:\|E:\|)
Eléments examinés: 149335
Temps écoulé: 29 minute(s), 45 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 13
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 8
Fichier(s) infecté(s): 55

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9c5b2f29-1f46-4639-a6b4-828942301d3e} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ffff0001-0002-101a-a3c9-08002b2f49fb} (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00000250-0320-4dd4-be4f-7566d2314352} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{13197ace-6851-45c3-a7ff-c281324d5489} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e1075f4-eec4-4a86-add7-cd5f52858c31} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-92c6-ce7eb590a94d} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5929cd6e-2062-44a4-b2c5-2c7e78fbab38} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5dafd089-24b1-4c5e-bd42-8ca72550717b} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5fa6752a-c4a0-4222-88c2-928ae5ab4966} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8674aea0-9d3d-11d9-99dc-00600f9a01f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{965a592f-8efa-4250-8630-7960230792f1} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{cf021f40-3e14-23a5-cba2-717765728274} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fc3a74e5-f281-4f10-ae1e-733078684f3c} (Fake.Dropped.Malware.Renos) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\Program Files\180searchassistant (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180solutions (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\zango (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\seekmo (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180search assistant (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\stc (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FLEOK (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Fichier(s) infecté(s):
C:\Program Files\180searchassistant\saap.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180searchassistant\sac.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180solutions\sais.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\zango\zango.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\seekmo\seekmohook.dll (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180search assistant\180sa.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\180search assistant\sau.exe (Adware.180Solutions) -> Quarantined and deleted successfully.
C:\Program Files\stc\csv5p070.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\Program Files\Sysmnt\Ssmgr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\FLEOK\180ax.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avifile32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\avisynthex32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\aviwrap32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bjam.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\bokja.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\browserad.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\cdsm32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\changeurl_30.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\didduid.ini (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msa64chk.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\msapasrc.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mspphe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\123messenger.per (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\mssvr.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ntnut.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\saiemod.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\salm.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\shdocpl.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\stcloader.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\swin32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\updatetc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\voiceip.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\winsb.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSIXU.DLL (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\MSNSA32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ntnut32.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\shdocpe.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\SIPSPI32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WER8274.DLL (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\Installer\id53.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\180ax.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\2020search2.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\apphelp32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asferror32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\asycfilt32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\athprxy32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvaa32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\ati2dvag32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\audiosrv32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\autodisc32.dll (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\licencia.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\telefonos.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\textos.txt (Malware.Trace) -> Quarantined and deleted successfully.

14 réponses

Réponse 1 / 14
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
31 mars 2008 à 14:41
slt,




Télécharge Combofix de sUBs : Renomme le avant toute installation, par exemple, nomme le "KillBagle". aide ici : https://forum.pcastuces.com/sujet.asp?f=25&s=37315

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Sauvegarde le sur ton bureau et pas ailleurs !

Aide à l’utilisation de combofix ici: https://bibou0007.forumpro.fr/login?redirect=%2Ft121-topic

Double-clic sur combofix, Il va te poser une question, réponds par la touche 1 et entrée pour valider, laisse toi guider.
Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.
______________

colle un rapport hijackthis


http://www.trendsecure.com/portal/en-US/tools/security_tools/hijackthis/download

manuel :
http://pagesperso-orange.fr/rginformatique/section%20virus/demohijack.htm
https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
oldrasta007
6 avril 2008 à 13:22
ComboFix 08-04-04.1 - albuk 2008-04-06 12:43:00.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.820 [GMT 2:00]
Endroit: C:\Users\albuk\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\PlayMP3z
C:\Program Files\PlayMP3z\uninstall.exe
C:\Program Files\webmediaplayer
C:\Program Files\webmediaplayer\resources\languages_v2.xml
C:\Program Files\webmediaplayer\resources\webmedias
C:\Program Files\webmediaplayer\skins\classic.skn
C:\Program Files\webmediaplayer\sqlite3.dll
C:\Program Files\webmediaplayer\uninst.exe
C:\Program Files\webmediaplayer\WebMediaPlayer.exe
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Conditions générales.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Confidentialité.url
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Désinstaller.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\WebMediaPlayer.lnk
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WebMediaPlayer\Website.url
c:\Users\albuk\AppData\Local\eephbrc.dat
c:\users\albuk\appdata\local\eephbrc.exe
c:\Users\albuk\AppData\Local\eephbrc_nav.dat
C:\Users\albuk\AppData\Local\eephbrc_navps.dat
C:\Users\albuk\Desktopblackbird.jpg
C:\Users\albuk\DesktopEditorFKWP1.5.exe
C:\Users\albuk\DesktopEditorFKWP2.0.exe
C:\Users\albuk\Desktopfilemanagerclient.exe
C:\Users\albuk\Desktopfkwp1.5.exe
C:\Users\albuk\Desktopfkwp2.0.exe
C:\Users\albuk\Desktopfwebd.exe
C:\Users\albuk\DesktopFWebdEditor.exe
C:\Users\albuk\DesktopTrojan.Win32.BlackBird.exe
C:\Users\Public\Desktop\webmediaplayer.lnk
C:\Windows\system32\nvs2.inf
C:\Windows\system32\UpMedia
C:\Windows\system32\UpMedia\uninstallSE.exe

.
((((((((((((((((((((((((((((( Fichiers créés 2008-03-06 to 2008-04-06 ))))))))))))))))))))))))))))))))))))
.

2008-04-06 10:40 . 2008-04-06 10:41 <REP> d-------- C:\Program Files\The Cleaner Free
2008-04-06 04:51 . 2008-03-29 19:23 95,608 --a------ C:\Windows\System32\AvastSS.scr
2008-04-06 04:51 . 2008-03-29 19:31 75,856 --a------ C:\Windows\System32\drivers\aswSP.sys
2008-04-06 04:51 . 2008-03-29 19:27 42,912 --a------ C:\Windows\System32\drivers\aswTdi.sys
2008-04-06 04:51 . 2008-03-29 19:29 23,152 --a------ C:\Windows\System32\drivers\aswRdr.sys
2008-04-06 04:51 . 2008-03-29 19:35 20,560 --a------ C:\Windows\System32\drivers\aswFsBlk.sys
2008-04-06 04:50 . 2008-04-06 04:50 <REP> d-------- C:\Program Files\Alwil Software
2008-04-06 04:50 . 2008-03-29 19:45 1,146,232 --a------ C:\Windows\System32\aswBoot.exe
2008-04-06 04:50 . 2004-01-09 10:13 380,928 --a------ C:\Windows\System32\actskin4.ocx
2008-04-06 04:50 . 2008-03-29 19:32 50,768 --a------ C:\Windows\System32\drivers\aswMonFlt.sys
2008-04-06 04:30 . 2008-04-06 04:30 <REP> d-------- C:\Users\All Users\Simply Super Software
2008-04-06 04:30 . 2008-04-06 04:30 <REP> d-------- C:\Users\albuk\AppData\Roaming\Simply Super Software
2008-04-06 04:30 . 2008-04-06 04:38 <REP> d-------- C:\Program Files\Trojan Remover
2008-04-06 04:30 . 2006-05-25 15:52 162,304 --a------ C:\Windows\System32\ztvunrar36.dll
2008-04-06 04:30 . 2003-02-02 20:06 153,088 --a------ C:\Windows\System32\UNRAR3.dll
2008-04-06 04:30 . 2005-08-26 01:50 77,312 --a------ C:\Windows\System32\ztvunace26.dll
2008-04-06 04:30 . 2002-03-06 01:00 75,264 --a------ C:\Windows\System32\unacev2.dll
2008-04-06 04:30 . 2006-06-19 13:01 69,632 --a------ C:\Windows\System32\ztvcabinet.dll
2008-04-06 03:52 . 2008-04-06 03:52 <REP> d-------- C:\Program Files\Trend Micro
2008-04-05 22:44 . 2008-04-06 04:39 <REP> d-------- C:\Program Files\PC-Cleaner
2008-04-05 16:32 . 2008-04-06 03:45 <REP> d-a------ C:\Users\All Users\TEMP
2008-04-05 16:32 . 2008-04-06 03:45 <REP> d-------- C:\Program Files\Spyware Doctor
2008-04-05 14:42 . 2008-04-05 14:42 <REP> d-------- C:\Users\albuk\AppData\Roaming\Antispyware
2008-04-04 17:27 . 2005-05-26 15:34 2,297,552 --a------ C:\Windows\System32\d3dx9_26.dll
2008-04-01 19:35 . 2008-04-01 19:36 <REP> d-------- C:\Program Files\PC-Antispyware
2008-04-01 03:29 . 2008-04-01 03:29 <REP> d-------- C:\Users\All Users\eqervsma
2008-04-01 03:29 . 2008-04-01 03:29 <REP> d-------- C:\Users\All Users\dgxihohm
2008-03-30 17:15 . 2008-03-30 18:01 <REP> d-------- C:\Users\albuk\AppData\Roaming\Uniblue
2008-03-27 10:40 . 2008-03-27 10:40 244 --ah----- C:\sqmnoopt00.sqm
2008-03-27 10:40 . 2008-03-27 10:40 232 --ah----- C:\sqmdata00.sqm
2008-03-27 02:02 . 2008-03-27 03:07 <REP> d-------- C:\wamp
2008-03-25 18:33 . 2008-03-25 18:33 <REP> d-------- C:\Program Files\Real
2008-03-25 18:33 . 2008-03-25 18:33 <REP> d-------- C:\Program Files\Common Files\xing shared
2008-03-25 18:33 . 2008-03-25 18:33 <REP> d-------- C:\Program Files\Common Files\Real
2008-03-24 13:39 . 2008-03-24 13:39 <REP> d-------- C:\Users\All Users\Xerox
2008-03-22 16:54 . 2008-03-22 16:54 <REP> d----c--- C:\Windows\System32\DRVSTORE
2008-03-22 16:54 . 2006-11-29 14:06 3,426,072 --a------ C:\Windows\System32\d3dx9_32.dll
2008-03-22 16:54 . 2007-10-17 14:53 43,816 --a------ C:\Windows\System32\drivers\fssfltr.sys
2008-03-22 16:53 . 2008-03-22 16:53 <REP> d-------- C:\Program Files\Microsoft SQL Server Compact Edition
2008-03-22 16:49 . 2008-03-22 16:50 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-03-22 16:49 . 2008-03-22 16:49 <REP> d-------- C:\Program Files\Windows Live Favorites
2008-03-22 16:48 . 2008-03-22 16:48 <REP> d-------- C:\Windows\PCHEALTH
2008-03-22 16:20 . 2008-03-24 04:02 <REP> d-------- C:\Program Files\Windows Live
2008-03-22 16:20 . 2008-03-22 16:48 <REP> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-03-22 16:19 . 2008-04-03 19:40 <REP> d-------- C:\Users\All Users\WLInstaller
2008-03-22 15:26 . 2008-03-22 15:26 <REP> d-------- C:\Program Files\EIDOS Interactive
2008-03-22 15:26 . 1998-01-23 13:20 305,664 --a------ C:\Windows\IsUn040c.exe
2008-03-21 12:14 . 2008-03-21 18:26 <REP> d-------- C:\Users\albuk\AppData\Roaming\Globe7
2008-03-21 12:14 . 2008-03-21 12:14 <REP> d-------- C:\Program Files\Globe7
2008-03-19 11:52 . 2008-03-19 11:52 <REP> dr------- C:\Windows\System32\config\systemprofile\Searches
2008-03-17 05:34 . 2008-03-17 05:35 63 --a------ C:\Windows\yesmessenger.ini
2008-03-17 05:32 . 2008-03-17 20:53 <REP> d-------- C:\Program Files\YesMessenger
2008-03-16 22:01 . 2008-03-06 22:32 23,904 --a------ C:\Windows\System32\drivers\COH_Mon.sys
2008-03-16 22:01 . 2008-03-06 22:32 10,537 --a------ C:\Windows\System32\drivers\COH_Mon.cat
2008-03-16 22:01 . 2008-03-06 22:32 706 --a------ C:\Windows\System32\drivers\COH_Mon.inf
2008-03-16 21:01 . 2008-03-17 03:51 <REP> d-------- C:\Program Files\Microsoft Silverlight
2008-03-16 14:21 . 2007-07-12 03:49 186,256 --a------ C:\Windows\System32\SymNPPWA.dll
2008-03-16 11:54 . 2008-03-16 11:54 <REP> d-------- C:\Program Files\LimeWire
2008-03-14 12:07 . 2008-03-14 12:07 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-03-14 12:07 . 2008-03-14 12:07 41,984 --a------ C:\Windows\System32\drivers\monitor.sys
2008-03-13 20:42 . 2008-03-24 20:08 <REP> d-------- C:\Users\albuk\AppData\Roaming\Skype
2008-03-13 20:15 . 2008-04-03 15:48 <REP> d-------- C:\Program Files\FBrowsingAdvisor
2008-03-13 20:15 . 2008-04-03 15:48 <REP> d-------- C:\Program Files\FBrowserAdvisor
2008-03-13 20:13 . 2008-04-03 15:48 <REP> d-------- C:\Program Files\InternetProgram
2008-03-13 18:09 . 2008-03-13 18:09 <REP> d-------- C:\Program Files\PuzzlesMaster
2008-03-13 18:05 . 2008-03-13 18:05 189 --a------ C:\Windows\wininit.ini
2008-03-13 17:39 . 2008-04-05 16:17 <REP> d-------- C:\Users\albuk\AppData\Roaming\LimeWire
2008-03-13 16:48 . 2008-03-13 16:49 <REP> d-------- C:\Program Files\Java
2008-03-13 16:43 . 2008-03-13 16:43 <REP> d-------- C:\Program Files\Common Files\Java
2008-03-13 16:21 . 2008-03-13 16:21 <REP> d-------- C:\Users\albuk\AppData\Roaming\Talkback
2008-03-13 13:48 . 2008-03-13 13:48 <REP> d-------- C:\Users\albuk\AppData\Roaming\Macrovision
2008-03-13 12:55 . 2008-03-13 12:55 <REP> d-------- C:\Users\All Users\Macrovision
2008-03-13 12:55 . 2008-03-13 12:55 <REP> d-------- C:\Program Files\Vodafone
2008-03-13 12:40 . 2007-10-15 17:27 101,376 --a------ C:\Windows\System32\drivers\ewusbmdm.sys
2008-03-12 16:19 . 2008-03-12 16:19 <REP> d-------- C:\Users\albuk\AppData\Roaming\Symantec
2008-03-12 16:15 . 2008-03-12 16:15 16 --a------ C:\Windows\System32\coh.cache
2008-03-11 14:09 . 2008-03-11 14:09 1,585,664 --a------ C:\Windows\System32\setupapi.dll
2008-03-11 14:07 . 2008-03-11 14:07 8,147,968 --a------ C:\Windows\System32\wmploc.DLL
2008-03-11 14:07 . 2008-03-11 14:07 356,864 --a------ C:\Windows\System32\MediaMetadataHandler.dll
2008-03-11 14:07 . 2008-03-11 14:07 7,680 --a------ C:\Windows\System32\spwmp.dll
2008-03-11 14:07 . 2008-03-11 14:07 4,096 --a------ C:\Windows\System32\msdxm.ocx
2008-03-11 14:07 . 2008-03-11 14:07 4,096 --a------ C:\Windows\System32\dxmasf.dll
2008-03-11 14:05 . 2008-03-11 14:05 1,327,104 --a------ C:\Windows\System32\quartz.dll
2008-03-11 14:05 . 2008-03-11 14:05 803,328 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-03-11 14:05 . 2008-03-11 14:05 223,232 --a------ C:\Windows\System32\WMASF.DLL
2008-03-11 14:05 . 2008-03-11 14:05 216,632 --a------ C:\Windows\System32\drivers\netio.sys
2008-03-11 14:05 . 2008-03-11 14:05 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-03-11 14:05 . 2008-03-11 14:05 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-03-11 14:05 . 2008-03-11 14:05 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-03-11 14:05 . 2008-03-11 14:05 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2008-03-11 14:05 . 2008-03-11 14:05 2,048 --a------ C:\Windows\System32\asferror.dll
2008-03-11 14:04 . 2008-03-11 14:04 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-03-11 14:04 . 2008-03-11 14:04 1,686,528 --a------ C:\Windows\System32\gameux.dll
2008-03-11 14:04 . 2008-03-11 14:04 737,792 --a------ C:\Windows\System32\inetcomm.dll
2008-03-11 14:04 . 2008-03-11 14:04 84,480 --a------ C:\Windows\System32\INETRES.dll
2008-03-11 14:04 . 2008-03-11 14:04 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-03-11 14:03 . 2008-03-11 14:03 788,992 --a------ C:\Windows\System32\rpcrt4.dll
2008-03-11 14:03 . 2008-03-11 14:03 130,048 --a------ C:\Windows\System32\drivers\srv2.sys
2008-03-11 14:03 . 2008-03-11 14:03 101,888 --a------ C:\Windows\System32\drivers\mrxsmb.sys
2008-03-11 14:03 . 2008-03-11 14:03 84,992 --a------ C:\Windows\System32\drivers\srvnet.sys

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-04 15:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-04-04 15:20 --------- d-----w C:\Program Files\Microsoft Games
2008-04-02 11:12 --------- d-----w C:\Program Files\Packard Bell
2008-03-30 12:18 --------- d-----w C:\Program Files\Norton 360
2008-03-16 12:19 805 ----a-w C:\Windows\system32\drivers\SYMEVENT.INF
2008-03-16 12:19 123,952 ----a-w C:\Windows\system32\drivers\SYMEVENT.SYS
2008-03-16 12:19 10,740 ----a-w C:\Windows\system32\drivers\SYMEVENT.CAT
2008-03-16 12:19 --------- d-----w C:\Program Files\Symantec
2008-03-16 12:17 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-14 10:10 --------- d-----w C:\Program Files\Windows Mail
2008-03-11 13:12 --------- d-----w C:\Program Files\Windows Sidebar
2008-03-11 12:09 943,800 ----a-w C:\Windows\System32\winload.exe
2008-03-11 12:06 8,704 ----a-w C:\Windows\System32\hcrstco.dll
2008-03-11 12:04 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-03-11 12:04 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-03-11 12:04 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-03-11 12:04 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-03-11 11:58 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-03-11 11:58 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-03-11 11:58 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-03-11 11:58 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-03-07 22:45 --------- d-sh--w C:\Program Files\Fichiers communs
2008-02-01 10:17 587,264 ----a-w C:\Windows\WLXPGSS.SCR
2007-12-01 16:39 174 --sha-w C:\Program Files\desktop.ini
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}]
2007-12-17 12:12 56360 --a------ C:\Program Files\Windows Live\Contrôle parental\fssbho.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-03-11 14:04 1232896]
"SmpcSys"="C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe" [ ]
"ISUSPM"="C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" [2007-03-29 16:41 222128]
"eqervsma"="C:\ProgramData\eqervsma\byzihcry.exe" [2008-04-01 03:29 94208]
"hED30XIgp2"="C:\ProgramData\dgxihohm\bkjytonw.exe" [2008-04-01 03:29 32256]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 14:34 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-12-02 03:09 1006264]
"NvSvc"="C:\Windows\system32\nvsvc.dll" [2007-08-16 07:19 86016]
"NvCplDaemon"="C:\Windows\system32\NvCpl.dll" [2007-08-16 07:19 8478720]
"NvMediaCenter"="C:\Windows\system32\NvMcTray.dll" [2007-08-16 07:19 81920]
"CardReaderMonitor"="C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe" [2007-07-25 18:45 643072]
"RoxWatchTray"="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2007-01-11 12:40 232184]
"Google Desktop Search"="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-12-01 19:06 243200]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2007-01-09 23:59 115816]
"PCMService"="c:\Program Files\Powercinema\PCMService.exe" [2007-02-14 21:45 159744]
"Picasa Media Detector"="C:\Program Files\Picasa2\PicasaMediaDetector.exe" [2007-02-21 03:18 366400]
"toolbar_eula_launcher"="C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe" [2007-02-20 18:20 28672]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe" [2007-12-14 04:42 144784]
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 18:38 583048]
"fssui"="C:\Program Files\Windows Live\Contrôle parental\fssui.exe" [2007-12-17 12:12 243240]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-25 18:33 185896]
"PC-Antispyware"="C:\Program Files\PC-Antispyware\PC-Antispyware.exe" [ ]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-04-03 19:19 873552]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-03-29 19:37 79224]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 12:34 5724184]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.l3codecp"=

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{24EE6A15-F72C-49E1-92CD-B065869F7BE0}"= UDP:C:\Program Files\Powercinema\PowerCinema.exe:CyberLink PowerCinema
"{C9878EAA-AC65-45CF-8919-408AC8DCACCD}"= TCP:C:\Program Files\Powercinema\PowerCinema.exe:CyberLink PowerCinema
"{CD14C816-6AD6-4FC2-8BCC-4A16237437C3}"= UDP:C:\Program Files\Powercinema\PCMService.exe:CyberLink PowerCinema Resident Program
"{71B92861-61F2-453D-8EB8-5DAC6CBC2F1F}"= TCP:C:\Program Files\Powercinema\PCMService.exe:CyberLink PowerCinema Resident Program
"{BC863F00-612A-4631-8A38-0FE046988735}"= c:\Program Files\Powercinema\PowerCinema.exe:CyberLink PowerCinema
"{0014307A-5A8F-42CE-90A9-BC0EC8877648}"= c:\Program Files\Powercinema\PCMService.exe:CyberLink PowerCinema Resident Program
"{0141D0F7-E705-4449-A38C-A18966C1FC97}"= c:\Program Files\Powercinema\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{69AC7686-3805-44C1-816A-4AF7BE51ACD9}"= c:\Program Files\Powercinema\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{B3DCA9B8-3200-416D-95EB-D343009B1977}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{FC7D4A5F-9568-420E-9F77-2E672E0FB912}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{CCB0F6B4-F210-484B-9D4E-B9093D5A9F56}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R1 aswSP;avast! Self Protection;C:\Windows\system32\drivers\aswSP.sys [2008-03-29 19:31]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080404.001\IDSvix86.sys [2008-03-11 23:36]
R2 aswFsBlk;aswFsBlk;C:\Windows\system32\DRIVERS\aswFsBlk.sys [2008-03-29 19:35]
R2 aswMonFlt;aswMonFlt;C:\Windows\system32\DRIVERS\aswMonFlt.sys [2008-03-29 19:32]
R2 fssfltr;FssFltr;C:\Windows\system32\DRIVERS\fssfltr.sys [2007-10-17 14:53]
R2 fsssvc;Windows Live OneCare Contrôle parental;"C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe" [2007-12-17 12:13]
R3 nvsmu;nvsmu;C:\Windows\system32\DRIVERS\nvsmu.sys [2007-02-16 02:50]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-09-27 14:46]
R3 RTSTOR;USB Mass Storage Device;C:\Windows\system32\drivers\RTSTOR.SYS [2007-06-15 22:47]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2007-01-09 23:32]
S3 wampapache;wampapache;"c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice []
S3 wampmysqld;wampmysqld;c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld []

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a28aa5e9-f0e3-11dc-981d-0015af524031}]
\shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a28aa5ef-f0e3-11dc-981d-0015af524031}]
\shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{a28aa5f9-f0e3-11dc-981d-0015af524031}]
\shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c247252a-fbe9-11dc-b658-00140b401c2f}]
\shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7426d97-f0f4-11dc-a80d-0015af524031}]
\shell\AutoRun\command - E:\StartVMCLite.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7426d98-f0f4-11dc-a80d-0015af524031}]
\shell\AutoRun\command - E:\StartVMCLite.exe

*Newly Created Service* - COMHOST
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-04-05 16:58:09 C:\Windows\Tasks\Antispyware Scheduled Scan.job"
- C:\Program Files\AntiSpywareApp\AntiSpyware.ex
- C:\Program Files\AntiSpywareApp
"2008-04-06 10:29:59 C:\Windows\Tasks\Extension de garantie.job"
- C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
"2008-04-06 10:30:00 C:\Windows\Tasks\Recovery DVD Creator.job"
- C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
"2008-03-30 20:50:49 C:\Windows\Tasks\Uniblue SpeedUpMyPC Nag.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-03-30 15:15:14 C:\Windows\Tasks\Uniblue SpeedUpMyPC.job"
- C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
"2008-03-22 14:50:15 C:\Windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-06 12:46:16
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-04-06 12:47:10
ComboFix-quarantined-files.txt 2008-04-06 10:47:05
Pre-Run: 75,452,477,440 octets libres
Post-Run: 75,426,013,184 octets libres
.
2008-04-02 07:39:55 --- E O F ---
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040 > oldrasta007
6 avril 2008 à 14:01
que fais tu dans ce post????
0
oldrasta007 > jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022
6 avril 2008 à 17:17
merci déjà de t'interesser à mon problème, c'est un poste à usage privée, j'essai d'écrire des programmes en html je revois mes cours, je rédige quelques courrier et bien entendu je navigue sur le net bref rien de vraiment extra alors je ne vois pas pourquoi, je reçois ce genre de virus. mais en tout cas je serai vraiment ravi de voir que ce virus disparaisse de mon pc
0
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040 > oldrasta007
6 avril 2008 à 17:52
cré ton propre post et ont'aidera sans probleme
0
oldrasta007 Messages postés 146 Date d'inscription dimanche 6 avril 2008 Statut Membre Dernière intervention 30 octobre 2016 2 > jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022
6 avril 2008 à 18:35
comme tu me l'as demandé, j'ai créé mon espace perso. et comme je te le disais tout à l'heure, lorsque je lance, trojan remover voila ce que j'obtiens:

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.8.2524. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 6/04/2008 17:28:50
Using Database v6965
Operating System: Windows Vista [Windows Vista (Build 6000)]
Edition: Windows Vista (TM) Home Basic
File System: NTFS
User Account Control is Enabled.
Data directory: C:\Users\albuk\AppData\Roaming\Simply Super Software\Trojan Remover\
Logfile directory: C:\Users\albuk\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges


**************************************************
The following Anti-Malware program(s) are loaded:
Microsoft Windows Defender
Avast! Antivirus
Nortons Anti-Virus

**************************************************


**************************************************
17:28:51: Scanning ----------WIN.INI-----------
WIN.INI found in C:\Windows

**************************************************
17:28:51: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\Windows

**************************************************
17:28:51: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
17:28:52: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\Windows\Explorer.exe
2923520 bytes
Created: 11/03/2008
Modified: 11/03/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\Windows\system32\userinit.exe
C:\Windows\system32\userinit.exe
24576 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: Windows Defender
Value Data: %ProgramFiles%\Windows Defender\MSASCui.exe -hide
C:\Program Files\Windows Defender\MSASCui.exe
1006264 bytes
Created: 2/12/2007
Modified: 2/12/2007
Company: Microsoft Corporation
--------------------
Value Name: NvSvc
Value Data: RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
C:\Windows\system32\nvsvc.dll
86016 bytes
Created: 10/09/2007
Modified: 16/08/2007
Company: NVIDIA Corporation
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
C:\Windows\system32\NvCpl.dll
8478720 bytes
Created: 10/09/2007
Modified: 16/08/2007
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
C:\Windows\system32\NvMcTray.dll
81920 bytes
Created: 10/09/2007
Modified: 16/08/2007
Company: NVIDIA Corporation
--------------------
Value Name: CardReaderMonitor
Value Data: C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe
C:\Program Files\Realtek Semiconductor Corp.\Realtek Card Reader Monitor\CardReaderMonitor.exe
643072 bytes
Created: 1/12/2007
Modified: 25/07/2007
Company: Realtek Semiconductor Corp.
--------------------
Value Name: RoxWatchTray
Value Data: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
232184 bytes
Created: 11/01/2007
Modified: 11/01/2007
Company: Sonic Solutions
--------------------
Value Name: Google Desktop Search
Value Data: "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
243200 bytes
Created: 1/12/2007
Modified: 1/12/2007
Company: Google
--------------------
Value Name: ccApp
Value Data: "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
115816 bytes
Created: 9/01/2007
Modified: 9/01/2007
Company: Symantec Corporation
--------------------
Value Name: PCMService
Value Data: "c:\Program Files\Powercinema\PCMService.exe"
c:\Program Files\Powercinema\PCMService.exe
159744 bytes
Created: 1/12/2007
Modified: 14/02/2007
Company: CyberLink Corp.
--------------------
Value Name: Picasa Media Detector
Value Data: C:\Program Files\Picasa2\PicasaMediaDetector.exe
C:\Program Files\Picasa2\PicasaMediaDetector.exe
366400 bytes
Created: 21/02/2007
Modified: 21/02/2007
Company: Google Inc.
--------------------
Value Name: toolbar_eula_launcher
Value Data: C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
C:\Program Files\Packard Bell\GOOGLE_EULA\EULALauncher.exe
28672 bytes
Created: 1/12/2007
Modified: 20/02/2007
Company:
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
144784 bytes
Created: 13/03/2008
Modified: 14/12/2007
Company: Sun Microsystems, Inc.
--------------------
Value Name: Symantec PIF AlertEng
Value Data: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 29/01/2008
Modified: 29/01/2008
Company: Symantec Corporation
--------------------
Value Name: fssui
Value Data: "C:\Program Files\Windows Live\Contrôle parental\fssui.exe" -autorun
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
243240 bytes
Created: 17/12/2007
Modified: 17/12/2007
Company: Microsoft Corporation
--------------------
Value Name: TkBellExe
Value Data: "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
185896 bytes
Created: 25/03/2008
Modified: 25/03/2008
Company: RealNetworks, Inc.
--------------------
Value Name: PC-Antispyware
Value Data: "C:\Program Files\PC-Antispyware\PC-Antispyware.exe" hide
C:\Program Files\PC-Antispyware\PC-Antispyware.exe [file not found to scan]
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
873552 bytes
Created: 6/04/2008
Modified: 3/04/2008
Company: Simply Super Software
--------------------
Value Name: avast!
Value Data: C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
79224 bytes
Created: 6/04/2008
Modified: 29/03/2008
Company: ALWIL Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: Sidebar
Value Data: C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
C:\Program Files\Windows Sidebar\sidebar.exe
1232896 bytes
Created: 11/03/2008
Modified: 11/03/2008
Company: Microsoft Corporation
--------------------
Value Name: SmpcSys
Value Data: C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe [file not found to scan]
--------------------
Value Name: ISUSPM
Value Data: "C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe" -scheduler
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
222128 bytes
Created: 29/03/2007
Modified: 29/03/2007
Company: Macrovision Corporation
--------------------
Value Name: eqervsma
Value Data: C:\ProgramData\eqervsma\byzihcry.exe
C:\ProgramData\eqervsma\byzihcry.exe
94208 bytes
Created: 1/04/2008
Modified: 1/04/2008
Company:
--------------------
Value Name: hED30XIgp2
Value Data: C:\ProgramData\dgxihohm\bkjytonw.exe
C:\ProgramData\dgxihohm\bkjytonw.exe
32256 bytes
Created: 1/04/2008
Modified: 1/04/2008
Company:
--------------------
Value Name: msnmsgr
Value Data: "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
5724184 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
--------------------
Value Name: lxiiomeh
Value Data: C:\ProgramData\lxiiomeh\qnmvynwf.exe
C:\ProgramData\lxiiomeh\qnmvynwf.exe
98304 bytes
Created: 6/04/2008
Modified: 6/04/2008
Company:
--------------------
Value Name: WMPNSCFG
Value Data: C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
201728 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

**************************************************
17:28:56: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

**************************************************
17:28:56: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
17:28:56: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

**************************************************
17:28:56: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

**************************************************
17:28:56: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------

**************************************************
17:29:00: Scanning ----- SERVICES REGISTRY KEYS -----
Key: adpu160m
ImagePath: \SystemRoot\system32\drivers\adpu160m.sys
C:\Windows\system32\drivers\adpu160m.sys
98408 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Adaptec, Inc.
----------
Key: agp440
ImagePath: \SystemRoot\system32\drivers\agp440.sys
C:\Windows\system32\drivers\agp440.sys
53864 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------
Key: AmdK8
ImagePath: system32\DRIVERS\amdk8.sys
C:\Windows\system32\DRIVERS\amdk8.sys
40960 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------
Key: aswFsBlk
ImagePath: system32\DRIVERS\aswFsBlk.sys
C:\Windows\system32\DRIVERS\aswFsBlk.sys
20560 bytes
Created: 6/04/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: aswMonFlt
ImagePath: system32\DRIVERS\aswMonFlt.sys
C:\Windows\system32\DRIVERS\aswMonFlt.sys
50768 bytes
Created: 6/04/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: aswUpdSv
ImagePath: "C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe"
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
17272 bytes
Created: 6/04/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: avast! Antivirus
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashServ.exe"
C:\Program Files\Alwil Software\Avast4\ashServ.exe
144760 bytes
Created: 6/04/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: avast! Mail Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
247160 bytes
Created: 6/04/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: avast! Web Scanner
ImagePath: "C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
345464 bytes
Created: 6/04/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: blbdrive
ImagePath: \SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key: ccEvtMgr
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
108648 bytes
Created: 9/01/2007
Modified: 9/01/2007
Company: Symantec Corporation
----------
Key: ccSetMgr
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
108648 bytes
Created: 9/01/2007
Modified: 9/01/2007
Company: Symantec Corporation
----------
Key: CLCapSvc
ImagePath: "c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe"
c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
278608 bytes
Created: 1/12/2007
Modified: 14/02/2007
Company:
----------
Key: CLSched
ImagePath: "c:\Program Files\Powercinema\Kernel\TV\CLSched.exe"
c:\Program Files\Powercinema\Kernel\TV\CLSched.exe
110677 bytes
Created: 1/12/2007
Modified: 14/02/2007
Company:
----------
Key: CLTNetCnService
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
108648 bytes
Created: 9/01/2007
Modified: 9/01/2007
Company: Symantec Corporation
----------
Key: comHost
ImagePath: "C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe"
C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
49248 bytes
Created: 12/01/2007
Modified: 12/01/2007
Company: Symantec Corporation
----------
Key: eeCtrl
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys
385072 bytes
Created: 12/03/2008
Modified: 13/02/2008
Company: Symantec Corporation
----------
Key: fssfltr
ImagePath: system32\DRIVERS\fssfltr.sys
C:\Windows\system32\DRIVERS\fssfltr.sys
43816 bytes
Created: 22/03/2008
Modified: 17/10/2007
Company: Microsoft Corporation
----------
Key: fsssvc
ImagePath: "C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe"
C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe
523816 bytes
Created: 17/12/2007
Modified: 17/12/2007
Company: Microsoft Corporation
----------
Key: GEARAspiWDM
ImagePath: System32\Drivers\GEARAspiWDM.sys
C:\Windows\System32\Drivers\GEARAspiWDM.sys
15664 bytes
Created: 19/09/2006
Modified: 19/09/2006
Company: GEAR Software Inc.
----------
Key: GoogleDesktopManager
ImagePath: "C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe"
C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe
81408 bytes
Created: 1/12/2007
Modified: 1/12/2007
Company: Google
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
138168 bytes
Created: 1/12/2007
Modified: 1/12/2007
Company: Google
----------
Key: HdAudAddService
ImagePath: system32\drivers\CHDART.sys
C:\Windows\system32\drivers\CHDART.sys
160768 bytes
Created: 16/07/2007
Modified: 12/04/2007
Company: Conexant Systems Inc.
----------
Key: HidUsb
ImagePath: \SystemRoot\system32\drivers\hidusb.sys
C:\Windows\system32\drivers\hidusb.sys
12288 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------
Key: hwdatacard
ImagePath: system32\DRIVERS\ewusbmdm.sys
C:\Windows\system32\DRIVERS\ewusbmdm.sys
101376 bytes
Created: 13/03/2008
Modified: 15/10/2007
Company: Huawei Technologies Co., Ltd.
----------
Key: IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 4/04/2005
Modified: 4/04/2005
Company: Macrovision Corporation
----------
Key: IDSvix86
ImagePath: \??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080404.001\IDSvix86.sys
C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080404.001\IDSvix86.sys
261680 bytes
Created: 5/04/2008
Modified: 11/03/2008
Company: Symantec Corporation
----------
Key: IpInIp
ImagePath: system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key: kbdhid
ImagePath: \SystemRoot\system32\drivers\kbdhid.sys
C:\Windows\system32\drivers\kbdhid.sys
15872 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------
Key: LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2999664 bytes
Created: 1/12/2007
Modified: 26/09/2007
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Ex
ImagePath: "C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
108648 bytes
Created: 9/01/2007
Modified: 9/01/2007
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Service
ImagePath: "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
583048 bytes
Created: 29/01/2008
Modified: 29/01/2008
Company: Symantec Corporation
----------
Key: mouhid
ImagePath: \SystemRoot\system32\drivers\mouhid.sys
C:\Windows\system32\drivers\mouhid.sys
15872 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------
Key: NAVENG
ImagePath: \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080405.003\NAVENG.SYS
C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080405.003\NAVENG.SYS
82256 bytes
Created: 5/04/2008
Modified: 15/03/2008
Company: Symantec Corporation
----------
Key: NAVEX15
ImagePath: \??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080405.003\NAVEX15.SYS
C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20080405.003\NAVEX15.SYS
895408 bytes
Created: 5/04/2008
Modified: 15/03/2008
Company: Symantec Corporation
----------
Key: ntrigdigi
ImagePath: \SystemRoot\system32\drivers\ntrigdigi.sys
C:\Windows\system32\drivers\ntrigdigi.sys
20608 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: N-trig Innovative Technologies
----------
Key: NVENETFD
ImagePath: system32\DRIVERS\nvmfdx32.sys
C:\Windows\system32\DRIVERS\nvmfdx32.sys
1059112 bytes
Created: 16/07/2007
Modified: 6/03/2007
Company: NVIDIA Corporation
----------
Key: nvsmu
ImagePath: system32\DRIVERS\nvsmu.sys
C:\Windows\system32\DRIVERS\nvsmu.sys
12032 bytes
Created: 16/07/2007
Modified: 16/02/2007
Company: NVIDIA Corporation
----------
Key: NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key: NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key: ohci1394
ImagePath: \SystemRoot\system32\drivers\ohci1394.sys
C:\Windows\system32\drivers\ohci1394.sys
62080 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------
Key: Parport
ImagePath: \SystemRoot\system32\drivers\parport.sys
C:\Windows\system32\drivers\parport.sys
79360 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------
Key: Parvdm
ImagePath: \SystemRoot\system32\drivers\parvdm.sys
C:\Windows\system32\drivers\parvdm.sys
8704 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------
Key: PxHelp20
ImagePath: System32\Drivers\PxHelp20.sys
C:\Windows\System32\Drivers\PxHelp20.sys
36560 bytes
Created: 27/09/2006
Modified: 27/09/2006
Company: Sonic Solutions
----------
Key: ql2300
ImagePath: \SystemRoot\system32\drivers\ql2300.sys
C:\Windows\system32\drivers\ql2300.sys
900712 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: QLogic Corporation
----------
Key: ql40xx
ImagePath: \SystemRoot\system32\drivers\ql40xx.sys
C:\Windows\system32\drivers\ql40xx.sys
106088 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: QLogic Corporation
----------
Key: RoxMediaDB9
ImagePath: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe"
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
887544 bytes
Created: 11/01/2007
Modified: 11/01/2007
Company: Sonic Solutions
----------
Key: RoxWatch9
ImagePath: "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe"
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
166648 bytes
Created: 11/01/2007
Modified: 11/01/2007
Company: Sonic Solutions
----------
Key: RTL8187B
ImagePath: system32\DRIVERS\RTL8187B.sys
C:\Windows\system32\DRIVERS\RTL8187B.sys
287744 bytes
Created: 2/12/2007
Modified: 27/09/2007
Company: Realtek Semiconductor Corporation
----------
Key: RTSTOR
ImagePath: system32\drivers\RTSTOR.SYS
C:\Windows\system32\drivers\RTSTOR.SYS
47616 bytes
Created: 1/12/2007
Modified: 15/06/2007
Company: Realtek Semiconductor Corp.
----------
Key: Serenum
ImagePath: \SystemRoot\system32\drivers\serenum.sys
C:\Windows\system32\drivers\serenum.sys
17920 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: \SystemRoot\system32\drivers\serial.sys
C:\Windows\system32\drivers\serial.sys
83456 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------
Key: sisagp
ImagePath: \SystemRoot\system32\drivers\sisagp.sys
C:\Windows\system32\drivers\sisagp.sys
53352 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------
Key: SPBBCDrv
ImagePath: \??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys
418104 bytes
Created: 1/02/2007
Modified: 14/04/2007
Company: Symantec Corporation
----------
Key: SRTSP
ImagePath: System32\Drivers\SRTSP.SYS
C:\Windows\System32\Drivers\SRTSP.SYS
279088 bytes
Created: 1/12/2007
Modified: 1/12/2007
Company: Symantec Corporation
----------
Key: SRTSPL
ImagePath: System32\Drivers\SRTSPL.SYS
C:\Windows\System32\Drivers\SRTSPL.SYS
317616 bytes
Created: 1/12/2007
Modified: 1/12/2007
Company: Symantec Corporation
----------
Key: SRTSPX
ImagePath: System32\Drivers\SRTSPX.SYS
C:\Windows\System32\Drivers\SRTSPX.SYS
43696 bytes
Created: 1/12/2007
Modified: 1/12/2007
Company: Symantec Corporation
----------
Key: ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\Windows\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created: 9/03/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\Windows\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created: 9/03/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\Windows\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created: 9/03/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: stllssvr
ImagePath: "C:\Program Files\Common Files\SureThing Shared\stllssvr.exe"
C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
73728 bytes
Created: 14/09/2006
Modified: 14/09/2006
Company: MicroVision Development, Inc.
----------
Key: Symantec Core LC
ImagePath: "C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe"
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
1251720 bytes
Created: 26/03/2008
Modified: 26/03/2008
Company:
----------
Key: SYMDNS
ImagePath: \SystemRoot\System32\Drivers\SYMDNS.SYS
C:\Windows\System32\Drivers\SYMDNS.SYS
12984 bytes
Created: 9/01/2007
Modified: 9/01/2007
Company: Symantec Corporation
----------
Key: SymEvent
ImagePath: \??\C:\Windows\system32\Drivers\SYMEVENT.SYS
C:\Windows\system32\Drivers\SYMEVENT.SYS
123952 bytes
Created: 1/12/2007
Modified: 16/03/2008
Company: Symantec Corporation
----------
Key: SYMFW
ImagePath: \SystemRoot\System32\Drivers\SYMFW.SYS
C:\Windows\System32\Drivers\SYMFW.SYS
145976 bytes
Created: 9/01/2007
Modified: 9/01/2007
Company: Symantec Corporation
----------
Key: SYMIDS
ImagePath: \SystemRoot\System32\Drivers\SYMIDS.SYS
C:\Windows\System32\Drivers\SYMIDS.SYS
40120 bytes
Created: 9/01/2007
Modified: 9/01/2007
Company: Symantec Corporation
----------
Key: SYMNDISV
ImagePath: \SystemRoot\System32\Drivers\SYMNDISV.SYS
C:\Windows\System32\Drivers\SYMNDISV.SYS
38200 bytes
Created: 9/01/2007
Modified: 9/01/2007
Company: Symantec Corporation
----------
Key: SYMREDRV
ImagePath: \SystemRoot\System32\Drivers\SYMREDRV.SYS
C:\Windows\System32\Drivers\SYMREDRV.SYS
27576 bytes
Created: 9/01/2007
Modified: 9/01/2007
Company: Symantec Corporation
----------
Key: SYMTDI
ImagePath: \SystemRoot\System32\Drivers\SYMTDI.SYS
C:\Windows\System32\Drivers\SYMTDI.SYS
191544 bytes
Created: 9/01/2007
Modified: 9/01/2007
Company: Symantec Corporation
----------
Key: uagp35
ImagePath: \SystemRoot\system32\drivers\uagp35.sys
C:\Windows\system32\drivers\uagp35.sys
56936 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: viaide
ImagePath: \SystemRoot\system32\drivers\viaide.sys
C:\Windows\system32\drivers\viaide.sys
17512 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: VIA Technologies, Inc.
----------
Key: wampapache
ImagePath: "c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe" -k runservice
c:\wamp\bin\apache\apache2.2.6\bin\httpd.exe
24635 bytes
Created: 27/03/2008
Modified: 5/09/2007
Company: Apache Software Foundation
----------
Key: wampmysqld
ImagePath: c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe wampmysqld
c:\wamp\bin\mysql\mysql5.0.45\bin\mysqld-nt.exe
5730304 bytes
Created: 27/03/2008
Modified: 6/07/2007
Company:
----------
Key: Wd
ImagePath: system32\drivers\wd.sys
C:\Windows\system32\drivers\wd.sys
19560 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------

**************************************************
17:29:20: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

**************************************************
17:29:20: Scanning ----- WINLOGON\NOTIFY DLLS -----
No WINLOGON\NOTIFY DLLs found to scan

**************************************************
17:29:20: Scanning ----- CONTEXTMENUHANDLERS -----
Key: avast
CLSID: {472083B0-C522-11CF-8763-00608CC02F24}
Path: C:\Program Files\Alwil Software\Avast4\ashShell.dll
C:\Program Files\Alwil Software\Avast4\ashShell.dll
75128 bytes
Created: 6/04/2008
Modified: 29/03/2008
Company: ALWIL Software
----------
Key: BriefcaseMenu
CLSID: {85BBD920-42A0-1069-A2E4-08002B30309D}
Path: syncui.dll
C:\Windows\system32\syncui.dll
175616 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------
Key: Notepad++
CLSID: {120B94B5-2E6A-4F13-94D0-414BCB64FA0F}
Path: C:\Program Files\Notepad++\nppcm.dll
C:\Program Files\Notepad++\nppcm.dll
24576 bytes
Created: 24/11/2006
Modified: 24/11/2006
Company: Burgaud.com
----------
Key: Open With
CLSID: {09799AFB-AD67-11d1-ABCD-00C04FC30936}
Path: %SystemRoot%\system32\shell32.dll
C:\Windows\system32\shell32.dll
11315200 bytes
Created: 2/12/2007
Modified: 2/12/2007
Company: Microsoft Corporation
----------
Key: Open With EncryptionMenu
CLSID: {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Path: %SystemRoot%\system32\shell32.dll
C:\Windows\system32\shell32.dll
11315200 bytes
Created: 2/12/2007
Modified: 2/12/2007
Company: Microsoft Corporation
----------
Key: Sharing
CLSID: {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
Path: ntshrui.dll
C:\Windows\system32\ntshrui.dll
296448 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\PROGRA~1\TROJAN~1\Trshlex.dll
C:\PROGRA~1\TROJAN~1\Trshlex.dll
467552 bytes
Created: 6/04/2008
Modified: 5/02/2007
Company: Simply Super Software
----------
Key: {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Path: %SystemRoot%\system32\shell32.dll
C:\Windows\system32\shell32.dll
11315200 bytes
Created: 2/12/2007
Modified: 2/12/2007
Company: Microsoft Corporation
----------

**************************************************
17:29:21: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 23/10/2006
Modified: 23/10/2006
Company: Adobe Systems, Inc.
----------

**************************************************
17:29:21: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
62080 bytes
Created: 23/10/2006
Modified: 23/10/2006
Company: Adobe Systems Incorporated
----------
Key: {1E8A6170-7264-4D0F-BEAE-D42A53123C75}
BHO: C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.5\NppBho.dll
-R- 97960 bytes
Created: 19/02/2007
Modified: 19/02/2007
Company: Symantec Corporation
----------
Key: {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac}
BHO: C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
C:\Program Files\Windows Live\Contrôle parental\fssbho.dll
56360 bytes
Created: 17/12/2007
Modified: 17/12/2007
Company: Microsoft Corporation
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
509328 bytes
Created: 13/03/2008
Modified: 14/12/2007
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar1.dll
c:\program files\google\googletoolbar1.dll
-R- 2436160 bytes
Created: 1/12/2007
Modified: 1/12/2007
Company: Google Inc.
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\Windows Live Toolbar\msntb.dll
C:\Program Files\Windows Live Toolbar\msntb.dll
546320 bytes
Created: 19/10/2007
Modified: 19/10/2007
Company: Microsoft Corporation
----------
Key: {CA6319C0-31B7-401E-A518-A07C3DB8F777}
BHO: C:\Program Files\Google\Google_BAE\BAE.dll
C:\Program Files\Google\Google_BAE\BAE.dll
98304 bytes
Created: 1/12/2007
Modified: 9/11/2006
Company: Packard Bell
----------

**************************************************
17:29:22: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: C:\Windows\system32\webcheck.dll
C:\Windows\system32\webcheck.dll
232960 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------

**************************************************
17:29:22: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value: {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment: Component Categories cache daemon
File: %SystemRoot%\system32\browseui.dll
C:\Windows\system32\browseui.dll
1321472 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------

**************************************************
17:29:22: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
17:29:22: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL]
File: C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL
163328 bytes
Created: 1/12/2007
Modified: 1/12/2007
Company: Google
----------

**************************************************
17:29:23: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: credssp.dll
C:\Windows\system32\credssp.dll
15360 bytes
Created: 2/11/2006
Modified: 2/11/2006
Company: Microsoft Corporation
----------

**************************************************
17:29:23: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 2/11/2006
Modified: 1/12/2007
Company:
--------------------

**************************************************
17:29:23: Scanning ----- USER STARTUP GROUPS -----
Checking Startup Group for: albuk
[C:\Users\albuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup]
C:\Users\albuk\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-HS- 174 bytes
Created: 8/03/2008
Modified: 8/03/2008
Company:
----------
--------------------

**************************************************
17:29:24: Scanning ----- SCHEDULED TASKS -----
Taskname: Antispyware Scheduled Scan.job
File: C:\Program Files\AntiSpywareApp\AntiSpyware.exe
Parameters: scheduled
Next Run Time: 7/04/2008 3:00:00
Status: Une ou plusieurs des propriétés nécessaires pour exécuter cette tâche suivant un calendrier n'ont pas été définies
Creator: albuk
Comments: Runs Antispyware to scan your computer for malicious and potenially unwanted programs.
C:\Program Files\AntiSpywareApp\AntiSpyware.exe [file not found to scan]
----------
Taskname: Extension de garantie.job
File: C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
Parameters: [blank]
Next Run Time: 6/04/2008 17:30:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: albuk
Comments: [blank]
C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe [file not found to scan]
----------
Taskname: Recovery DVD Creator.job
File: C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe
Parameters: [blank]
Next Run Time: 6/04/2008 17:30:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: albuk
Comments: [blank]
C:\Program Files\Packard Bell\SetupMyPc\MCDCheck.exe [file not found to scan]
----------
Taskname: Uniblue SpeedUpMyPC Nag.job
File: C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
Parameters: -s
Next Run Time: 9/04/2008 17:15:00
Status: Une ou plusieurs des propriétés nécessaires pour exécuter cette tâche suivant un calendrier n'ont pas été définies
Creator: albuk
Comments: [blank]
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [file not found to scan]
----------
Taskname: Uniblue SpeedUpMyPC.job
File: C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe
Parameters: -s
Next Run Time: Never
Status: Une ou plusieurs des propriétés nécessaires pour exécuter cette tâche suivant un calendrier n'ont pas été définies
Creator: albuk
Comments: Uniblue SpeedUpMyPC Scheduler
C:\Program Files\Uniblue\SpeedUpMyPC 3\SpeedUpMyPC.exe [file not found to scan]
----------
Taskname: Vérifier les mises à jour de Windows Live Toolbar.job
File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
99856 bytes
Created: 19/10/2007
Modified: 19/10/2007
Company: Microsoft Corporation
Parameters: [blank]
Next Run Time: 6/04/2008 17:35:00
Status: La tâche n'a pas encore été exécutée
Creator: albuk
Comments: [blank]
----------

**************************************************
17:29:24: ----- ADDITIONAL CHECKS -----
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
---------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Users\albuk\Pictures\ELIE17.jpg
C:\Users\albuk\Pictures\ELIE17.jpg
31077 bytes
Created: 2/04/2008
Modified: 2/04/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Pictures\ELIE17.jpg
C:\Users\albuk\Pictures\ELIE17.jpg
31077 bytes
Created: 2/04/2008
Modified: 2/04/2008
Company:
----------
Additional file checks completed
---------

**************************************************
17:29:24: Scanning ----- RUNNING PROCESSES -----
[Only loaded modules not scanned already
during this scan will be scanned here]

C:\Windows\System32\smss.exe
[1 loaded module]
--------------------
C:\Windows\system32\csrss.exe
[13 loaded modules in total]
--------------------
C:\Windows\system32\wininit.exe
[25 loaded modules in total]
--------------------
C:\Windows\system32\csrss.exe
[13 loaded modules in total]
--------------------
C:\Windows\system32\winlogon.exe
[29 loaded modules in total]
--------------------
C:\Windows\system32\services.exe
[34 loaded modules in total]
--------------------
C:\Windows\system32\lsass.exe
[59 loaded modules in total]
--------------------
C:\Windows\system32\lsm.exe
[21 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[44 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[38 loaded modules in total]
--------------------
C:\Windows\System32\svchost.exe
[50 loaded modules in total]
--------------------
C:\Windows\System32\svchost.exe
[61 loaded modules in total]
--------------------
C:\Windows\System32\svchost.exe
[111 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[152 loaded modules in total]
--------------------
C:\Windows\system32\SLsvc.exe
[22 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[78 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[86 loaded modules in total]
--------------------
C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
[145 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
[19 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\ashServ.exe
[66 loaded modules in total]
--------------------
C:\Windows\System32\spoolsv.exe
[77 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[54 loaded modules in total]
--------------------
C:\Windows\system32\taskeng.exe
[79 loaded modules in total]
--------------------
C:\Windows\system32\Dwm.exe
[36 loaded modules in total]
--------------------
C:\Windows\Explorer.EXE
[136 loaded modules in total]
--------------------
C:\Program Files\Windows Defender\MSASCui.exe
[38 loaded modules in total]
--------------------
C:\Windows\System32\rundll32.exe
[35 loaded modules in total]
--------------------
C:\Program Files\Realtek Semiconductor Corp\Realtek Card Reader Monitor\CardReaderMonitor.exe
[26 loaded modules in total]
--------------------
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
[62 loaded modules in total]
--------------------
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[37 loaded modules in total]
--------------------
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
[86 loaded modules in total]
--------------------
C:\Program Files\Powercinema\PCMService.exe
[99 loaded modules in total]
--------------------
C:\Program Files\Picasa2\PicasaMediaDetector.exe
[27 loaded modules in total]
--------------------
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
[20 loaded modules in total]
--------------------
C:\Program Files\Windows Live\Contrôle parental\fssui.exe
[41 loaded modules in total]
--------------------
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
[31 loaded modules in total]
--------------------
C:\Windows\System32\rundll32.exe
[45 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
[47 loaded modules in total]
--------------------
C:\Program Files\Windows Sidebar\sidebar.exe
[57 loaded modules in total]
--------------------
C:\ProgramData\Macrovision\FLEXnet Connect\6\ISUSPM.exe
[25 loaded modules in total]
--------------------
C:\ProgramData\eqervsma\byzihcry.exe
[15 loaded modules in total]
--------------------
C:\ProgramData\dgxihohm\bkjytonw.exe
[66 loaded modules in total]
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
[148 loaded modules in total]
--------------------
C:\Program Files\Windows Media Player\wmpnscfg.exe
[28 loaded modules in total]
--------------------
C:\Program Files\Google\Google Desktop Search\GoogleDesktopIndex.exe
[49 loaded modules in total]
--------------------
c:\Program Files\Powercinema\Kernel\TV\CLCapSvc.exe
[72 loaded modules in total]
--------------------
C:\Program Files\Windows Live\Contrôle parental\fsssvc.exe
[72 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[38 loaded modules in total]
--------------------
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
[50 loaded modules in total]
--------------------
C:\Windows\system32\svchost.exe
[60 loaded modules in total]
--------------------
C:\Windows\System32\svchost.exe
[6 loaded modules in total]
--------------------
C:\Windows\system32\SearchIndexer.exe
[61 loaded modules in total]
--------------------
C:\Program Files\Windows Sidebar\sidebar.exe
[64 loaded modules in total]
--------------------
C:\Program Files\Google\Google Desktop Search\GoogleDesktopCrawl.exe
[40 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
[51 loaded modules in total]
--------------------
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
[35 loaded modules in total]
--------------------
C:\Windows\system32\wbem\wmiprvse.exe
[30 loaded modules in total]
--------------------
C:\Program Files\Windows Media Player\wmpnetwk.exe
[72 loaded modules in total]
--------------------
C:\Windows\system32\taskeng.exe
[47 loaded modules in total]
--------------------
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
[39 loaded modules in total]
--------------------
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
[20 loaded modules in total]
--------------------
C:\Windows\system32\wbem\unsecapp.exe
[27 loaded modules in total]
--------------------
E:\PhoneConnectorVMC.exe
[58 loaded modules in total]
--------------------
C:\Program Files\vodafone\vmclite\vmc.exe
[57 loaded modules in total]
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe
[16 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\IEUser.exe
[64 loaded modules in total]
--------------------
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
[47 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
[179 loaded modules in total]
--------------------
C:\Windows\system32\taskeng.exe
[63 loaded modules in total]
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 2478656
[This is a Trojan Remover component]
[35 loaded modules in total]
--------------------
C:\Windows\system32\conime.exe
[15 loaded modules in total]
--------------------

**************************************************
17:30:54: Checking HOSTS file
No malicious entries were found in the HOSTS file

**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\Windows\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

**************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 6/04/2008 17:30:54
************************************************************


***** INDIVIDUAL FILE SCAN *****
Trojan Remover Ver 6.6.8.2524. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 6/04/2008 16:57:45
Using Database v6965
Operating System: Windows Vista [Windows Vista (Build 6000)]
Edition: Windows Vista (TM) Home Basic
File System: NTFS
User Account Control is Enabled.
Data directory: C:\Users\albuk\AppData\Roaming\Simply Super Software\Trojan Remover\
Logfile directory: C:\Users\albuk\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges


**************************************************
The following Anti-Malware program(s) are loaded:
Microsoft Windows Defender
Avast! Antivirus
Nortons Anti-Virus

**************************************************

Carrying out individual file scan on C:\Users\albuk\Desktop\HJTInstall.exe
This file appears to be OK
************************************************************
0
Réponse 2 / 14
zzzzzzz
31 mars 2008 à 15:05
merci a toi jlpjlp
voila le rappport combofix
ComboFix 08-03-30.3 - MIKI 2008-03-31 14:55:35.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.666 [GMT 2:00]
Endroit: C:\Documents and Settings\MIKI\Bureau\Combo__Fix.exe
* Création d'un nouveau point de restauration

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
TimedOut: progfile.dat

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\seekmo
C:\Program Files\seekmo\seekmohook.dll
C:\WINDOWS\180ax.exe
C:\WINDOWS\2020search.dll
C:\WINDOWS\2020search2.dll
C:\WINDOWS\bjam.dll
C:\WINDOWS\bokja.exe
C:\WINDOWS\cdsm32.dll
C:\WINDOWS\default.htm
C:\WINDOWS\mspphe.dll
C:\WINDOWS\mssvr.exe
C:\WINDOWS\saiemod.dll
C:\WINDOWS\salm.exe
C:\WINDOWS\stcloader.exe
C:\WINDOWS\swin32.dll
C:\WINDOWS\system32\lsprst7.dll
C:\WINDOWS\system32\msixu.dll
C:\WINDOWS\system32\ssprs.dll
C:\WINDOWS\system32\wer8274.dll
C:\WINDOWS\TEMP\salm.exe
C:\WINDOWS\updatetc.exe
C:\WINDOWS\voiceip.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-28 to 2008-03-31 ))))))))))))))))))))))))))))))))))))
.

2008-03-31 04:53 . 2008-03-31 04:53 <REP> d-------- C:\Program Files\zango
2008-03-31 04:53 . 2008-03-31 04:53 <REP> d-------- C:\Program Files\Sysmnt
2008-03-31 04:53 . 2008-03-31 04:53 <REP> d-------- C:\Program Files\stc
2008-03-31 04:53 . 2008-03-31 04:53 <REP> d-------- C:\Program Files\180solutions
2008-03-31 04:53 . 2008-03-31 04:53 <REP> d-------- C:\Program Files\180searchassistant
2008-03-31 04:53 . 2008-03-31 04:53 <REP> d-------- C:\Program Files\180search assistant
2008-03-31 04:26 . 2008-03-31 04:26 <REP> d-------- C:\Program Files\Lavasoft
2008-03-31 04:26 . 2008-03-31 04:26 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Lavasoft
2008-03-31 03:44 . 2008-03-31 03:44 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-03-31 03:38 . 2008-03-31 03:38 15,872 --a------ C:\WINDOWS\123messenger.per
2008-03-31 01:34 . 2008-03-31 01:34 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-03-31 01:01 . 2008-03-31 01:01 <REP> d--h----- C:\WINDOWS\PIF
2008-03-31 00:13 . 2008-03-31 02:14 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-03-31 00:13 . 2008-03-31 00:13 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-31 00:13 . 2008-03-31 00:13 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-31 00:13 . 2008-03-31 00:13 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-31 00:13 . 2008-03-31 05:05 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-31 00:13 . 2008-03-31 00:13 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\InstallShield
2008-03-31 00:13 . 2008-03-31 00:13 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
2008-03-30 22:12 . 2008-03-31 00:13 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-30 22:12 . 2008-03-31 03:44 <REP> d-------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-30 22:12 . 2008-03-31 00:13 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-30 22:12 . 2007-07-25 04:18 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Roxio
2008-03-30 22:12 . 2008-03-30 22:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-03-30 22:12 . 2007-07-25 04:14 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\GTek
2008-03-30 20:59 . 2008-03-30 20:59 <REP> d-------- C:\Documents and Settings\MIKI\Application Data\Malwarebytes
2008-03-30 19:26 . 2008-03-30 19:42 <REP> d-------- C:\Documents and Settings\MIKI\Application Data\AVGTOOLBAR
2008-03-30 19:22 . 2008-03-30 19:22 90,537 --a------ C:\WINDOWS\system32\sbwltbxa.exe
2008-03-15 19:32 . 2008-03-15 19:32 <REP> d-------- C:\Documents and Settings\MIKI\Images
2008-03-15 19:32 . 2008-03-15 19:32 <REP> d-------- C:\Documents and Settings\MIKI\Audio
2008-03-12 20:15 . 2004-08-04 01:54 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-12 20:15 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-03-12 20:15 . 2004-08-03 23:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-03-12 20:15 . 2001-08-23 18:47 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-31 02:26 --------- d-----w C:\Documents and Settings\MIKI\Application Data\Lavasoft
2008-03-31 02:14 --------- d-----w C:\Documents and Settings\MIKI\Application Data\Azureus
2008-03-03 20:13 --------- d-----w C:\Program Files\GameSpy Arcade
2008-03-03 20:12 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-03 20:10 --------- d-----w C:\Program Files\Universalis 8
2008-03-03 20:10 --------- d-----w C:\Program Files\Spamihilator
2008-02-25 14:33 --------- d-----w C:\Program Files\M-Audio
2008-01-11 05:36 44,544 ----a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
2007-12-19 22:53 347,136 ----a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
2007-12-18 09:51 179,584 ------w C:\WINDOWS\system32\dllcache\mrxdav.sys
2007-12-09 21:01 3,342 ----a-w C:\Documents and Settings\MIKI\Application Data\wklnhst.dat
2007-12-08 05:08 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-06 11:03 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2007-12-06 11:02 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2007-12-06 11:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2007-12-06 04:59 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 18:41 550,912 ------w C:\WINDOWS\system32\dllcache\oleaut32.dll
2007-03-14 19:36 2,228,534 ----a-w C:\Documents and Settings\instal\audacity-win-1.2.6.exe
2006-03-02 02:12 2,917,130 ----a-w C:\Documents and Settings\instal\EasyCleaner2_0.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 13:09 460784]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-08-01 20:02 68856]
"Spamihilator"="C:\Program Files\Spamihilator\spamihilator.exe" [ ]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:55 5674352]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 02:11 132496]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 11:20 282624 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2007-03-21 14:00 174872]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 18:41 45056]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 04:12 94208]
"ISUSPM Startup"="C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 12:35 221184]
"ISUSScheduler"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2006-10-03 12:37 81920]
"RoxWatchTray"="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2006-11-05 12:22 221184]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2006-08-17 10:00 1116920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 06:24 286720]
"DeltTray"="DeltTray.exe" [2004-08-26 22:43 56320 C:\WINDOWS\system32\delttray.exe]
"DigidesignMMERefresh"="C:\Program Files\Digidesign\Drivers\MMERefresh.exe" [2006-11-14 00:05 61440]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-09-07 16:55 267064]
"svchost.exe"="C:\WINDOWS\svchost.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2007-07-28 10:05:47 110592]
Assistant d'Acrobat.lnk - C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe [2003-05-15 01:19:50 217193]
Lancement rapide d'Adobe Reader.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 22:05:26 29696]
LoopBe1 Monitor.lnk - C:\Program Files\nerds.de\LoopBe1\loopBeMon.exe [2005-04-20 19:10:22 225280]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\[u]0[/u]]
Source= C:\Documents and Settings\MIKI\Bureau\mouvement T@nk\léa\origine.jpg
FriendlyName=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"=
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R0 DigiFilter;DigiFilter;C:\WINDOWS\system32\drivers\DigiFilt.sys [2006-11-13 21:38]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2006-08-11 11:35]
R3 USBSTOR;Pilote de stockage de masse USB;C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 23:08]
S3 C-Dilla;C-Dilla;C:\WINDOWS\system32\drivers\CDANT.SYS [2001-09-10 19:09]
S3 MA_CMIDI;M-Audio USB Driver;C:\WINDOWS\system32\drivers\ma_cmidi.sys []
S3 MBAMCatchMe;MBAMCatchMe;C:\Program Files\Malwarebytes' Anti-Malware\catchme.sys []
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 04:39]
S3 usbscan;Pilote de scanneur USB;C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 23:58]

*Newly Created Service* - CATCHME
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-03-22 12:53:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 14:57:54
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-31 14:58:08
ComboFix-quarantined-files.txt 2008-03-31 12:58:06
Pre-Run: 239,182,405,632 octets libres
Post-Run: 239,170,994,176 octets libres
.
2008-02-13 12:48:11 --- E O F ---

et voila le rapport hijackthis
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:59:07, on 31/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\WINDOWS\system32\sbwltbxa.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Crystal Clear\RocketDock\RocketDock.exe
C:\Program Files\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\nanana\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070725
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070725
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\sbwltbxa.exe,
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [svchost.exe] C:\WINDOWS\svchost.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Startup: RocketDock.lnk = C:\Program Files\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\Program Files\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LoopBe1 Monitor.lnk = C:\Program Files\nerds.de\LoopBe1\loopBeMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\MIKI\Bureau\mouvement T@nk\léa\origine.jpg
0
Réponse 3 / 14
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
31 mars 2008 à 15:15
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

_________

analyse ces deux fichiers sur virus total et si inféctés tu les rajoutent dans la citation otmovit

https://www.virustotal.com/gui/


C:\Program Files\Sysmnt
C:\Program Files\stc

_________


télécharge OTMoveIt
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. Ou sur https://www.luanagames.com/index.fr.html
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.

Citation :
C:\WINDOWS\system32\sbwltbxa.exe,
C:\Program Files\180solutions
C:\Program Files\180searchassistant



clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

__________________

vire ce qui est dans moved fiels en allant dans psote de travail puis c puis otmovit

_________________

Mettre a jour java:
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

mettre à jour adobe reader
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

___________________
recolle un nouveau hijakchits et dis tes soucis actuels
0
Réponse 4 / 14
zzzzzzz
31 mars 2008 à 16:17
voila le rapport de sdfx
[b]SDFix: Version 1.165 [/b]

Run by Administrateur on 31/03/2008 at 15:55

Microsoft Windows XP [version 5.1.2600]
Running From: C:\DOCUME~1\ADMINI~1\Bureau\SDFix

[b]Checking Services [/b]:

Killing PID 800 'sbwltbxa.exe'

Restoring Windows Registry Values
Restoring Windows Default Hosts File
Restoring Default Desktop Wallpaper

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\autorun.PNF - Deleted
C:\WINDOWS\AdobeR.exe - Deleted
C:\WINDOWS\default.htm - Deleted
C:\WINDOWS\system32\sbwltbxa.exe - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-31 16:03:59
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

scanning hidden registry entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:



Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\Program Files\\iTunes\\iTunes.exe"="C:\\Program Files\\iTunes\\iTunes.exe:*:Enabled:iTunes"
"C:\\Program Files\\Azureus\\Azureus.exe"="C:\\Program Files\\Azureus\\Azureus.exe:*:Enabled:Azureus"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\Win32\\RpcDataSrv.exe:*:Enabled:SiSoftware Database Agent Service"
"C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe"="C:\\Program Files\\SiSoftware\\SiSoftware Sandra Lite XIIc\\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

[b]Remaining Files [/b]:


File Backups: - C:\DOCUME~1\ADMINI~1\Bureau\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:

Tue 9 Oct 2007 348,160 ..SH. --- "C:\msvcr71.dll"
Sat 28 Jul 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Mon 29 May 2006 1,191 A..H. --- "C:\Documents and Settings\MIKI\Application Data\PACE Anti-Piracy\hmwDMglbYcUPrq\hsRb8yjbTWc.tmp"
Sat 28 Jul 2007 8 A..H. --- "C:\Documents and Settings\MIKI\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u1\lock.tmp"
Sat 28 Jul 2007 8 A..H. --- "C:\Documents and Settings\MIKI\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u2\lock.tmp"
Sat 28 Jul 2007 8 A..H. --- "C:\Documents and Settings\MIKI\Application Data\GTek\GTUpdate\AUpdate\Channels\ch_u3\lock.tmp"

[b]Finished![/b]
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
31 mars 2008 à 16:58
fais tout ce qui est indiqué et
Télécharge RavAntivirus d'Evosla :
http://ww25.evosla.com/compteur.php?soft=rav_antivirus

# Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
# Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
# Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
# Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
# Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
# Retire tes disques amovibles et redémarrez votre ordinateur.
# Poste le rapport, si infection!
0
Réponse 6 / 14
zzzzzzz
31 mars 2008 à 19:18
sa sarrète pas rav détecte toujours le même virus l'éfface puis le redétecte au même endroit depuis une heure. c adobeR.exe voila
0
Réponse 7 / 14
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
31 mars 2008 à 19:23
arrete rav
et passe a ceci:

Télécharge sur le bureau Flash Disinfector (de SUBS) à cette adresse : http://www.techsupportforum.com/sectools/sUBs/Flash_Disinfector.exe

Double-clique sur l’icône.
Les icônes vont disparaître. C’est normal.
Si un rapport est généré en cas d'infection, sauvegarde-le sur le bureau, et poste le ensuite
Redémarre ensuite le PC.

_________

scan avec: rjump:

https://www.broadcom.com/support/security-center


__________



colle le rapport d'un scan en ligne
avec un des suivants:


bitdefender en ligne :
http://www.bitdefender.fr/scan_fr/scan8/ie.html
0
Réponse 8 / 14
zzzzzzz
31 mars 2008 à 20:58
salut....
heu pour les scan le premier n'a rien dit il dit"done" et s'éteint
le second me dit qu'il ne trouve pas W32.rajump.et s'éteint
et le dernier ne dit rien.....

c bon signe?
ma configuration a changer les icones sont redevenue normaux
et y a plus de message sur le fond d'écran
mais toujours pas possibilité d'aller sur le web

merci encore pour ta patience et ton aide
0
Réponse 9 / 14
zzzzzzz Messages postés 7 Date d'inscription lundi 31 mars 2008 Statut Membre Dernière intervention 30 juin 2008
31 mars 2008 à 22:59
en fait voicile rapport de bit defender
tout est rétablie sauf internet est-ce que le virus aurais put modifier mon adresse IP? ou autre....
merci merci merci

//-----------------------------------------------------------------
//
// Produit BitDefender Free Edition v10
// Produit 10.2
//
// Créé le: 31/03/2008 21:57:45
//
//-----------------------------------------------------------------


Statistiques

Chemin cible: C:\
Dossiers : 9706
Fichiers : 327004
Processus Mémoire analysés : 51
Archives : 3558
Fichiers enpaquetés : 20414
Virus trouvés : 1
Fichiers infectés : 2
Processus Mémoire infectés : 0
Fichiers suspects : 0
Alertes : 0
Fichiers désinfectés : 0
Fichiers effacés : 0
Fichiers déplacés : 2
Erreurs I/O : 32
Temps d'analyse :=00:46:28
Fichiers/seconde :117

Statistiques Spywares

Registres analysés : 326
Registres infectés : 0
Cookies analysés : 0
Cookies infectés : 0
Fichiers spyware infectés : 0
Menaces Spyware détectées : 0


Définitions virus : 962929
Plugins d'analyse : 16
Plugins archives : 41
Plug-ins décompression : 7
Plug-ins messagerie : 6
Plug-ins système : 5

Options d'analyse

Détection
[X] Analyser le secteur de boot
[X] Processus mémoire
[X] Analyser les archives
[X] Analyser les fichiers enpaquetés
[X] Analyser la messagerie

Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;

Action

Objets infectés
[ ] Ignorer
[X] Désinfecter
[ ] Effacer
[ ] Mettre en quarantaine
[ ] Demander l'action

Seconde action
[ ] Ignorer
[ ] Effacer
[X] Mettre en quarantaine
[ ] Demander l'action

Options d'analyse
[X] Activer les alertes
[X] Activer l'heuristique
[ ] Afficher tous les fichiers dans le journal
[X] Fichier journal: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1206993465.log

Options d'analyse Spyware

[X] Analyse contre les risques non-viraux
[ ] Ecarter de l'analyse les dialers et les applications
[X] Clés de registres
[X] Cookies


Résumé:

C:\Documents and Settings\MIKI\Mes documents\Azureus Downloads\Cubase VST-VSTi Collection\VST\Voxengo CurveEQ VST v2.0d\keygen.exe Infecté: Packer.PESpin.A
C:\Documents and Settings\MIKI\Mes documents\Azureus Downloads\Cubase VST-VSTi Collection\VST\Voxengo CurveEQ VST v2.0d\keygen.exe Désinfection impossible
C:\Documents and Settings\MIKI\Mes documents\Azureus Downloads\Cubase VST-VSTi Collection\VST\Voxengo CurveEQ VST v2.0d\keygen.exe Déplacé
C:\Documents and Settings\MIKI\Mes documents\Azureus Downloads\Cubase VST-VSTi Collection\VST\Voxengo Elephant VST v1.4a\keygen.exe Infecté: Packer.PESpin.A
C:\Documents and Settings\MIKI\Mes documents\Azureus Downloads\Cubase VST-VSTi Collection\VST\Voxengo Elephant VST v1.4a\keygen.exe Désinfection impossible
C:\Documents and Settings\MIKI\Mes documents\Azureus Downloads\Cubase VST-VSTi Collection\VST\Voxengo Elephant VST v1.4a\keygen.exe Déplacé
0
Réponse 10 / 14
zzzzzzz Messages postés 7 Date d'inscription lundi 31 mars 2008 Statut Membre Dernière intervention 30 juin 2008
31 mars 2008 à 23:53
heyyy!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
c bon g trouvé pour le net c'était juste mon parfeu qui bloquais l'accès
problème résolu
merci beau_coup jpljpl pour ton aide et ta patience.......
et je me demandais si tu était payer pour donner de ton temps comme sa./..

merci merci et bonne soirée
0
Réponse 11 / 14
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
1 avril 2008 à 09:07
vire si encore presents ces deux fichiers de ton ordi et ce qui est en quarantaine dans bitdefender

C:\Documents and Settings\MIKI\Mes documents\Azureus Downloads\Cubase VST-VSTi Collection\VST\Voxengo CurveEQ VST v2.0d\keygen.exe

C:\Documents and Settings\MIKI\Mes documents\Azureus Downloads\Cubase VST-VSTi Collection\VST\Voxengo Elephant VST v1.4a\keygen.exe

_______


recolle un rapport hijackthis pour verifier si il reste rien


rq: non je fais ça bénévolement!
0
Réponse 12 / 14
zzzzzzz
1 avril 2008 à 13:29
voila le rapportLogfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:27:30, on 01/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\WINDOWS\system32\DeltTray.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
C:\Program Files\Crystal Clear\RocketDock\RocketDock.exe
C:\Program Files\Crystal Clear\UberIcon\UberIcon Manager.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
C:\Program Files\Digidesign\Drivers\MMERefresh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\MSN Messenger\livecall.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070725
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [DeltTray] DeltTray.exe
O4 - HKLM\..\Run: [DigidesignMMERefresh] C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [Spamihilator] "C:\Program Files\Spamihilator\spamihilator.exe"
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Startup: RocketDock.lnk = C:\Program Files\Crystal Clear\RocketDock\RocketDock.exe
O4 - Startup: UberIcon.lnk = C:\Program Files\Crystal Clear\UberIcon\UberIcon Manager.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Assistant d'Acrobat.lnk = C:\Program Files\Adobe\Adobe Acrobat 6.0\Distillr\acrotray.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LoopBe1 Monitor.lnk = C:\Program Files\nerds.de\LoopBe1\loopBeMon.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: C-DillaSrv - C-Dilla Ltd - C:\WINDOWS\system32\DRIVERS\CDANTSRV.EXE
O23 - Service: Digidesign MME Refresh Service (DigiRefresh) - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Drivers\MMERefresh.exe
O23 - Service: digiSPTIService - Digidesign, A Division of Avid Technology, Inc. - C:\Program Files\Digidesign\Pro Tools\digiSPTIService.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SiSoftware Database Agent Service (SandraDataSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\Win32\RpcDataSrv.exe
O23 - Service: SiSoftware Sandra Agent Service (SandraTheSrv) - SiSoftware - C:\Program Files\SiSoftware\SiSoftware Sandra Lite XIIc\RpcSandraSrv.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
O24 - Desktop Component 0: (no name) - C:\Documents and Settings\MIKI\Bureau\mouvement T@nk\léa\origine.jpg
0
Réponse 13 / 14
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
1 avril 2008 à 13:50
Relance HijackThis, choisis "do a scan only" coche la case devant les lignes ci-dessous et clic en bas sur "fix checked".


R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=4070725
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {00000250-0320-4dd4-be4f-7566d2314352} - (no file)
O2 - BHO: (no name) - {13197ace-6851-45c3-a7ff-c281324d5489} - (no file)
O2 - BHO: (no name) - {4e1075f4-eec4-4a86-add7-cd5f52858c31} - (no file)
O2 - BHO: (no name) - {5929cd6e-2062-44a4-b2c5-2c7e78fbab38} - (no file)
O2 - BHO: (no name) - {5dafd089-24b1-4c5e-bd42-8ca72550717b} - (no file)
O2 - BHO: (no name) - {5fa6752a-c4a0-4222-88c2-928ae5ab4966} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {8674aea0-9d3d-11d9-99dc-00600f9a01f1} - (no file)
O2 - BHO: (no name) - {cf021f40-3e14-23a5-cba2-717765728274} - (no file)
O2 - BHO: (no name) - {ffff0001-0002-101a-a3c9-08002b2f49fb} - (no file)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - Startup: Bat - Auto Update.lnk = C:\Program Files\Bat\Bat.exe
O4 - Startup: RocketDock.lnk = C:\Program Files\Crystal Clear\RocketDock\RocketDock.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LoopBe1 Monitor.lnk = C:\Program Files\nerds.de\LoopBe1\loopBeMon.exe

__________________


Mettre a jour java:
https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

mettre à jour adobe reader
https://acrobat.adobe.com/fr/fr/acrobat/pdf-reader.html

____________________

installe spywareblaster pour te proteger de vundo que tu avais



SPYWAREBLASTER pour immuniser le système contre vundo notamment mais en anglais (mais facile d'utilisation : il suffit de faire "update" pour mettre à jour tous les mois et ensuite" enable all protection" pour immuniser)...

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/28872.html
____________________


encore des soucis?????????,
0
Réponse 14 / 14
zzzzzzz Messages postés 7 Date d'inscription lundi 31 mars 2008 Statut Membre Dernière intervention 30 juin 2008
1 avril 2008 à 14:09
ok c bon tout fonctionne
pas d'autre probleme
une éfficacité pareil sa se paye.............


tres bonne journée a toi.
0