Infecte par downloeder agent

Résolu
pepe1311 Messages postés 93 Statut Membre -  
 Utilisateur anonyme -
Bonjour,
quelqu un peu t il maider voici un log avg anti spyware tout ca revien a chaque fois et un log hijacthiset suis je bien protege---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 19:02:16 29/04/2008

+ Résultat de l'analyse:

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
HKU\S-1-5-18\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Erreur lors du nettoyage.
HKU\S-1-5-21-1356556597-89525135-1248686724-1006\Software\Microsoft\Internet Explorer\Extensions\CmdMapping\\{c95fe080-8f5d-11d2-a20b-00aa003c157a} -> Adware.Generic : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\mazurier sylvie\Local Settings\Temporary Internet Files\Content.IE5\9YER5TYX\billiards[1].htm -> Downloader.Agent.ij : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@mediaplex[1].txt -> TrackingCookie.Mediaplex : Nettoyé.
C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@auto.search.msn[2].txt -> TrackingCookie.Msn : Nettoyé.
C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@smartadserver[2].txt -> TrackingCookie.Smartadserver : Nettoyé.
C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Nettoyé.
C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@bnpparibasnet.solution.weborama[2].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@weborama[1].txt -> TrackingCookie.Weborama : Nettoyé.
C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@yadro[2].txt -> TrackingCookie.Yadro : Nettoyé.
C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.

Fin du rapport

?Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:49:35, on 29/04/2008
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\WINDOWS\System32\VNICMon.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Documents and Settings\mazurier sylvie\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [NIC Monitor] VNICMon.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\MSMSGS.EXE" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Related - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra 'Tools' menuitem: Show &Related Links - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINDOWS\web\related.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe

--
End of file - 4270 bytes
Configuration: Windows XP
Internet Explorer 6.0

10 réponses

  1. dimi-srfc
     
    telecharge spyware doctor avec le google pack et supprime tous
    0
    1. pepe1311 Messages postés 93 Statut Membre
       
      merci je le fais de suite
      0
  2. pepe1311 Messages postés 93 Statut Membre
     
    ca yest j ai scanner avec spyware doctor 3 cookies niveau faible je suis perplexe il n a pas trouver grand chose
    0
  3. dimi-srfc
     
    ok telecharge trojanremover qui élimine les chevaux de troie
    http://www.commentcamarche.net/telecharger/telecharger 34055042 trojan remover
    0
    1. pepe1311 Messages postés 93 Statut Membre
       
      ***** NORMAL SCAN FOR ACTIVE MALWARE *****
      Trojan Remover Ver 6.5.9, Build 2457. For information, email simplysupsupport@aol.com
      [Unregistered version]
      Scan started at: 30/04/2008 19:09:07
      Using Database v6759
      Operating System: Windows XP Home Edition Service Pack 2 (Build 2600)
      Using data directory: C:\Documents and Settings\mazurier sylvie\Application Data\Simply Super Software\Trojan Remover\
      Logfile directory: C:\Documents and Settings\mazurier sylvie\Mes documents\Simply Super Software\Trojan Remover Logfiles\
      Running with Administrator privileges


      **************************************************
      Checking Registry exefile command for modifications
      Checking Registry comfile command for modifications
      Checking Registry piffile command for modifications
      Checking Registry batfile command for modifications
      Checking Registry regfile command for modifications
      Checking Registry cmdfile command for modifications
      Checking Registry scrfile command for modifications

      ******************************
      19:09:07: Scanning ----------WIN.INI-----------
      WIN.INI found in C:\WINDOWS

      ******************************
      19:09:07: Scanning --------SYSTEM.INI---------
      SYSTEM.INI found in C:\WINDOWS

      ******************************
      19:09:07: ----- SCANNING FOR ROOTKIT SERVICES -----
      No hidden Services were detected.

      ******************************
      19:09:09: Scanning -----WINDOWS REGISTRY-----
      --------------------
      Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
      This key's "Shell" value calls the following program(s):
      Explorer.exe - this entry has been left in place
      ----------
      This key's "Userinit" value calls the following program(s):
      C:\WINDOWS\system32\userinit.exe - this entry has been left in place
      ----------
      This key's "System" value appears to be blank
      ----------
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      --------------------
      Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      Value Name = load
      The Data Value for this entry appears to be blank
      --------------------
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      This Registry Key attempts to run the following program(s):
      Value Name = NvCplDaemon
      Value Data = RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup - this command has been left in place
      --------------------
      Value Name = nwiz
      Value Data = nwiz.exe /install - this command has been left in place
      --------------------
      Value Name = NvMediaCenter
      Value Data = RUNDLL32.EXE C:\WINDOWS\System32\NvMcTray.dll,NvTaskbarInit - this command has been left in place
      --------------------
      Value Name = avast!
      Value Data = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - this command has been left in place
      --------------------
      Value Name = !AVG Anti-Spyware
      Value Data = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized - this command has been left in place
      --------------------
      Value Name = NIC Monitor
      Value Data = VNICMon.exe - this command has been left in place
      --------------------
      Value Name = SunJavaUpdateSched
      Value Data = C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe - this command has been left in place
      --------------------
      Value Name = TrojanScanner
      Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
      --------------------
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      This Registry Key appears to be empty
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
      This Registry Key appears to be empty
      --------------------
      Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
      This Registry Key attempts to run the following program(s):
      Value Name = CTFMON.EXE
      Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
      --------------------
      Value Name = MSMSGS
      Value Data = C:\Program Files\Messenger\MSMSGS.EXE" /background - this command has been left in place
      --------------------
      Value Name = Sonic RecordNow!
      The Value Data for this entry appears to be blank
      --------------------
      Value Name = swg
      Value Data = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - this command has been left in place
      --------------------

      ******************************
      19:09:11: Scanning -----SHELLEXECUTEHOOKS-----
      ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
      File: shell32.dll - this file is expected and has been left in place
      ----------
      ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
      Value: AVG Anti-Spyware 7.5
      File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll - this ShellExecuteHook has been left in place
      ----------

      ******************************
      19:09:11: Scanning -----HIDDEN REGISTRY ENTRIES-----
      Taskdir check completed
      ----------
      No Registry Run Keys Hidden Entries found
      ----------

      ******************************
      19:09:11: Scanning -----ACTIVE SCREENSAVER-----
      ScreenSaver=C:\WINDOWS\System32\logon.scr - this command has been left in place
      --------------------

      ******************************
      19:09:11: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
      Checking the StubPath calls in the Active Setup\Installed Components registry keys:
      Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
      StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
      ----------
      Key=>{26923b43-4d38-484f-9b9e-de460746276c}
      StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
      ----------
      Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
      StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
      ----------
      Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
      StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
      ----------
      Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
      StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
      ----------
      Key={7790769C-0471-11d2-AF11-00C04FA35D02}
      StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
      ----------
      Key={89820200-ECBD-11cf-8B85-00AA005B4340}
      StubPath=regsvr32.exe - this reference has been left in place
      ----------
      Key={89820200-ECBD-11cf-8B85-00AA005B4383}
      StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
      ----------

      ******************************
      19:09:13: Scanning ----- SERVICEDLL REGISTRY KEYS -----
      Checking DLL files called from the CurrentControlSet\Services Keys:
      --------------------
      Key=Alerter
      ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
      --------------------
      Key=AppMgmt
      ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this file is globally excluded (file cannot be found)
      --------------------
      Key=AudioSrv
      ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
      --------------------
      Key=BITS
      ServiceDLL=C:\WINDOWS\System32\qmgr.dll - this reference has been left in place
      --------------------
      Key=Browser
      ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
      --------------------
      Key=CryptSvc
      ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
      --------------------
      Key=DcomLaunch
      ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
      --------------------
      Key=Dhcp
      ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
      --------------------
      Key=dmserver
      ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
      --------------------
      Key=Dnscache
      ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
      --------------------
      Key=ERSvc
      ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
      --------------------
      Key=EventSystem
      ServiceDLL=C:\WINDOWS\System32\es.dll - this reference has been left in place
      --------------------
      Key=FastUserSwitchingCompatibility
      ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
      --------------------
      Key=helpsvc
      ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
      --------------------
      Key=HidServ
      ServiceDLL=%SystemRoot%\System32\hidserv.dll - this file is globally excluded (file cannot be found)
      --------------------
      Key=HTTPFilter
      ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
      --------------------
      Key=lanmanserver
      ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
      --------------------
      Key=lanmanworkstation
      ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
      --------------------
      Key=LmHosts
      ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
      --------------------
      Key=Messenger
      ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
      --------------------
      Key=Netman
      ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
      --------------------
      Key=Nla
      ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
      --------------------
      Key=NtmsSvc
      ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
      --------------------
      Key=RasAuto
      ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
      --------------------
      Key=RasMan
      ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
      --------------------
      Key=RemoteAccess
      ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
      --------------------
      Key=RpcSs
      ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
      --------------------
      Key=Schedule
      ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
      --------------------
      Key=seclogon
      ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
      --------------------
      Key=SENS
      ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
      --------------------
      Key=SharedAccess
      ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
      --------------------
      Key=ShellHWDetection
      ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
      --------------------
      Key=srservice
      ServiceDLL=C:\WINDOWS\System32\srsvc.dll - this reference has been left in place
      --------------------
      Key=SSDPSRV
      ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
      --------------------
      Key=stisvc
      ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
      --------------------
      Key=TapiSrv
      ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
      --------------------
      Key=TermService
      ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
      --------------------
      Key=Themes
      ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
      --------------------
      Key=TrkWks
      ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
      --------------------
      Key=upnphost
      ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
      --------------------
      Key=UxTuneUp
      ServiceDLL=%SystemRoot%\System32\uxtuneup.dll - this reference has been left in place
      --------------------
      Key=W32Time
      ServiceDLL=C:\WINDOWS\System32\w32time.dll - this reference has been left in place
      --------------------
      Key=WebClient
      ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
      --------------------
      Key=winmgmt
      ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
      --------------------
      Key=WmdmPmSN
      ServiceDLL=C:\WINDOWS\System32\mspmsnsv.dll - this reference has been left in place
      --------------------
      Key=wscsvc
      ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
      --------------------
      Key=wuauserv
      ServiceDLL=C:\WINDOWS\System32\wuauserv.dll - this reference has been left in place
      --------------------
      Key=WZCSVC
      ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
      --------------------
      Key=xmlprov
      ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place

      ******************************
      19:09:18: Scanning ----- SERVICES REGISTRY KEYS -----
      Checking files called from the CurrentControlSet\Services Keys:
      Key=ACPI
      ImagePath=System32\DRIVERS\ACPI.sys - this reference has been left in place
      ----------
      Key=aec
      ImagePath=system32\drivers\aec.sys - this reference has been left in place
      ----------
      Key=AFD
      ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
      ----------
      Key=ALG
      ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
      ----------
      Key=aspnet_state
      ImagePath=%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe - this reference has been left in place
      ----------
      Key=aswUpdSv
      ImagePath="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" - this reference has been left in place
      ----------
      Key=AsyncMac
      ImagePath=System32\DRIVERS\asyncmac.sys - this reference has been left in place
      ----------
      Key=atapi
      ImagePath=System32\DRIVERS\atapi.sys - this reference has been left in place
      ----------
      Key=Atmarpc
      ImagePath=System32\DRIVERS\atmarpc.sys - this reference has been left in place
      ----------
      Key=audstub
      ImagePath=System32\DRIVERS\audstub.sys - this reference has been left in place
      ----------
      Key=avast! Antivirus
      ImagePath="C:\Program Files\Alwil Software\Avast4\ashServ.exe" - this reference has been left in place
      ----------
      Key=avast! Mail Scanner
      ImagePath="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service - this reference has been left in place
      ----------
      Key=avast! Web Scanner
      ImagePath="C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service - this reference has been left in place
      ----------
      Key=AVG Anti-Spyware Driver
      ImagePath=\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys - this reference has been left in place
      ----------
      Key=AVG Anti-Spyware Guard
      ImagePath=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - this reference has been left in place
      ----------
      Key=AvgAsCln
      ImagePath=System32\DRIVERS\AvgAsCln.sys - this reference has been left in place
      ----------
      Key=Cdrom
      ImagePath=System32\DRIVERS\cdrom.sys - this reference has been left in place
      ----------
      Key=CiSvc
      ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
      ----------
      Key=ClipSrv
      ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
      ----------
      Key=COMSysApp
      ImagePath=C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
      ----------
      Key=Disk
      ImagePath=System32\DRIVERS\disk.sys - this reference has been left in place
      ----------
      Key=DiskFilter
      ImagePath=System32\DRIVERS\DiskFilter.sys - this reference has been left in place
      ----------
      Key=dmadmin
      ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
      ----------
      Key=dmboot
      ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
      ----------
      Key=dmio
      ImagePath=System32\drivers\dmio.sys - this reference has been left in place
      ----------
      Key=dmload
      ImagePath=System32\drivers\dmload.sys - this reference has been left in place
      ----------
      Key=DMusic
      ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
      ----------
      Key=drmkaud
      ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
      ----------
      Key=Eventlog
      ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
      ----------
      Key=Fdc
      ImagePath=System32\DRIVERS\fdc.sys - this reference has been left in place
      ----------
      Key=FETNDIS
      ImagePath=System32\DRIVERS\fetnd5.sys - this reference has been left in place
      ----------
      Key=FETNDISB
      ImagePath=System32\DRIVERS\fetnd5b.sys - this reference has been left in place
      ----------
      Key=Flpydisk
      ImagePath=System32\DRIVERS\flpydisk.sys - this reference has been left in place
      ----------
      Key=FltMgr
      ImagePath=system32\drivers\fltmgr.sys - this reference has been left in place
      ----------
      Key=Ftdisk
      ImagePath=System32\DRIVERS\ftdisk.sys - this reference has been left in place
      ----------
      Key=gameenum
      ImagePath=System32\DRIVERS\gameenum.sys - this reference has been left in place
      ----------
      Key=Gpc
      ImagePath=System32\DRIVERS\msgpc.sys - this reference has been left in place
      ----------
      Key=gusvc
      ImagePath="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
      ----------
      Key=HTTP
      ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
      ----------
      Key=i8042prt
      ImagePath=System32\DRIVERS\i8042prt.sys - this reference has been left in place
      ----------
      Key=Imapi
      ImagePath=System32\DRIVERS\imapi.sys - this reference has been left in place
      ----------
      Key=ImapiService
      ImagePath=C:\WINDOWS\System32\imapi.exe - this reference has been left in place
      ----------
      Key=intelppm
      ImagePath=System32\DRIVERS\intelppm.sys - this reference has been left in place
      ----------
      Key=Ip6Fw
      ImagePath=system32\drivers\ip6fw.sys - this reference has been left in place
      ----------
      Key=IpFilterDriver
      ImagePath=System32\DRIVERS\ipfltdrv.sys - this reference has been left in place
      ----------
      Key=IpInIp
      ImagePath=System32\DRIVERS\ipinip.sys - this reference has been left in place
      ----------
      Key=IpNat
      ImagePath=System32\DRIVERS\ipnat.sys - this reference has been left in place
      ----------
      Key=IPSec
      ImagePath=System32\DRIVERS\ipsec.sys - this reference has been left in place
      ----------
      Key=IRENUM
      ImagePath=System32\DRIVERS\irenum.sys - this reference has been left in place
      ----------
      Key=isapnp
      ImagePath=System32\DRIVERS\isapnp.sys - this reference has been left in place
      ----------
      Key=Kbdclass
      ImagePath=System32\DRIVERS\kbdclass.sys - this reference has been left in place
      ----------
      Key=kmixer
      ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
      ----------
      Key=mnmsrvc
      ImagePath=C:\WINDOWS\System32\mnmsrvc.exe - this reference has been left in place
      ----------
      Key=MODEMCSA
      ImagePath=system32\drivers\MODEMCSA.sys - this reference has been left in place
      ----------
      Key=Mouclass
      ImagePath=System32\DRIVERS\mouclass.sys - this reference has been left in place
      ----------
      Key=MRxDAV
      ImagePath=System32\DRIVERS\mrxdav.sys - this reference has been left in place
      ----------
      Key=MRxSmb
      ImagePath=System32\DRIVERS\mrxsmb.sys - this reference has been left in place
      ----------
      Key=MSDTC
      ImagePath=C:\WINDOWS\System32\msdtc.exe - this reference has been left in place
      ----------
      Key=MSIServer
      ImagePath=C:\WINDOWS\System32\msiexec.exe /V - this reference has been left in place
      ----------
      Key=MSKSSRV
      ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
      ----------
      Key=MSPCLOCK
      ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
      ----------
      Key=MSPQM
      ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
      ----------
      Key=mssmbios
      ImagePath=System32\DRIVERS\mssmbios.sys - this reference has been left in place
      ----------
      Key=ms_mpu401
      ImagePath=system32\drivers\msmpu401.sys - this reference has been left in place
      ----------
      Key=Mtlmnt5
      ImagePath=System32\DRIVERS\Mtlmnt5.sys - this reference has been left in place
      ----------
      Key=Mtlstrm
      ImagePath=System32\DRIVERS\Mtlstrm.sys - this reference has been left in place
      ----------
      Key=NdisTapi
      ImagePath=System32\DRIVERS\ndistapi.sys - this reference has been left in place
      ----------
      Key=Ndisuio
      ImagePath=System32\DRIVERS\ndisuio.sys - this reference has been left in place
      ----------
      Key=NdisWan
      ImagePath=System32\DRIVERS\ndiswan.sys - this reference has been left in place
      ----------
      Key=NetBIOS
      ImagePath=System32\DRIVERS\netbios.sys - this reference has been left in place
      ----------
      Key=NetBT
      ImagePath=System32\DRIVERS\netbt.sys - this reference has been left in place
      ----------
      Key=NetDDE
      ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
      ----------
      Key=NetDDEdsdm
      ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
      ----------
      Key=Netlogon
      ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
      ----------
      Key=NtLmSsp
      ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
      ----------
      Key=NtMtlFax
      ImagePath=System32\DRIVERS\NtMtlFax.sys - this reference has been left in place
      ----------
      Key=NTSIM
      ImagePath=\??\C:\WINDOWS\System32\ntsim.sys - this reference has been left in place
      ----------
      Key=nv
      ImagePath=System32\DRIVERS\nv4_mini.sys - this reference has been left in place
      ----------
      Key=NVSvc
      ImagePath=%SystemRoot%\System32\nvsvc32.exe - this reference has been left in place
      ----------
      Key=NwlnkFlt
      ImagePath=System32\DRIVERS\nwlnkflt.sys - this reference has been left in place
      ----------
      Key=NwlnkFwd
      ImagePath=System32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
      ----------
      Key=Parport
      ImagePath=System32\DRIVERS\parport.sys - this reference has been left in place
      ----------
      Key=PCI
      ImagePath=System32\DRIVERS\pci.sys - this reference has been left in place
      ----------
      Key=PlugPlay
      ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
      ----------
      Key=PolicyAgent
      ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
      ----------
      Key=PptpMiniport
      ImagePath=System32\DRIVERS\raspptp.sys - this reference has been left in place
      ----------
      Key=Processor
      ImagePath=System32\DRIVERS\processr.sys - this reference has been left in place
      ----------
      Key=ProtectedStorage
      ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
      ----------
      Key=PSched
      ImagePath=System32\DRIVERS\psched.sys - this reference has been left in place
      ----------
      Key=Ptilink
      ImagePath=System32\DRIVERS\ptilink.sys - this reference has been left in place
      ----------
      Key=PxHelp20
      ImagePath=System32\DRIVERS\PxHelp20.sys - this reference has been left in place
      ----------
      Key=RasAcd
      ImagePath=System32\DRIVERS\rasacd.sys - this reference has been left in place
      ----------
      Key=Rasl2tp
      ImagePath=System32\DRIVERS\rasl2tp.sys - this reference has been left in place
      ----------
      Key=RasPppoe
      ImagePath=System32\DRIVERS\raspppoe.sys - this reference has been left in place
      ----------
      Key=Raspti
      ImagePath=System32\DRIVERS\raspti.sys - this reference has been left in place
      ----------
      Key=Rdbss
      ImagePath=System32\DRIVERS\rdbss.sys - this reference has been left in place
      ----------
      Key=RDPCDD
      ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
      ----------
      Key=RDSessMgr
      ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
      ----------
      Key=RecAgent
      ImagePath=System32\DRIVERS\RecAgent.sys - this reference has been left in place
      ----------
      Key=redbook
      ImagePath=System32\DRIVERS\redbook.sys - this reference has been left in place
      ----------
      Key=RpcLocator
      ImagePath=%SystemRoot%\System32\locator.exe - this reference has been left in place
      ----------
      Key=RSVP
      ImagePath=%SystemRoot%\System32\rsvp.exe - this reference has been left in place
      ----------
      Key=S3Psddr
      ImagePath=System32\DRIVERS\s3gnbm.sys - this reference has been left in place
      ----------
      Key=SamSs
      ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
      ----------
      Key=SCardSvr
      ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
      ----------
      Key=ScsiPort
      ImagePath=%SystemRoot%\system32\drivers\scsiport.sys - this reference has been left in place
      ----------
      Key=sdAuxService
      ImagePath=C:\Program Files\Spyware Doctor\pctsAuxs.exe - this reference has been left in place
      ----------
      Key=sdCoreService
      ImagePath=C:\Program Files\Spyware Doctor\pctsSvc.exe - this reference has been left in place
      ----------
      Key=Secdrv
      ImagePath=System32\DRIVERS\secdrv.sys - this reference has been left in place
      ----------
      Key=serenum
      ImagePath=System32\DRIVERS\serenum.sys - this reference has been left in place
      ----------
      Key=Serial
      ImagePath=System32\DRIVERS\serial.sys - this reference has been left in place
      ----------
      Key=Slntamr
      ImagePath=System32\DRIVERS\slntamr.sys - this reference has been left in place
      ----------
      Key=SlNtHal
      ImagePath=System32\DRIVERS\Slnthal.sys - this reference has been left in place
      ----------
      Key=SLService
      ImagePath=slserv.exe - this reference has been left in place
      ----------
      Key=SlWdmSup
      ImagePath=System32\DRIVERS\SlWdmSup.sys - this reference has been left in place
      ----------
      Key=splitter
      ImagePath=system32\drivers\splitter.sys - this reference has been left in place
      ----------
      Key=Spooler
      ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
      ----------
      Key=sr
      ImagePath=System32\DRIVERS\sr.sys - this reference has been left in place
      ----------
      Key=Srv
      ImagePath=System32\DRIVERS\srv.sys - this reference has been left in place
      ----------
      Key=swenum
      ImagePath=System32\DRIVERS\swenum.sys - this reference has been left in place
      ----------
      Key=swmidi
      ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
      ----------
      Key=SwPrv
      ImagePath=C:\WINDOWS\System32\dllhost.exe /Processid:{A460AB8F-D74F-40D6-B5F1-B6974BBF2103} - this reference has been left in place
      ----------
      Key=sysaudio
      ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
      ----------
      Key=SysmonLog
      ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
      ----------
      Key=Tcpip
      ImagePath=System32\DRIVERS\tcpip.sys - this reference has been left in place
      ----------
      Key=TermDD
      ImagePath=System32\DRIVERS\termdd.sys - this reference has been left in place
      ----------
      Key=TuneUp.Defrag
      ImagePath=%SystemRoot%\System32\TuneUpDefragService.exe - this reference has been left in place
      ----------
      Key=Update
      ImagePath=System32\DRIVERS\update.sys - this reference has been left in place
      ----------
      Key=UPS
      ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
      ----------
      Key=usbehci
      ImagePath=System32\DRIVERS\usbehci.sys - this reference has been left in place
      ----------
      Key=usbhub
      ImagePath=System32\DRIVERS\usbhub.sys - this reference has been left in place
      ----------
      Key=usbstor
      ImagePath=System32\DRIVERS\USBSTOR.SYS - this reference has been left in place
      ----------
      Key=usbuhci
      ImagePath=System32\DRIVERS\usbuhci.sys - this reference has been left in place
      ----------
      Key=VgaSave
      ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
      ----------
      Key=viaagp
      ImagePath=System32\DRIVERS\viaagp.sys - this reference has been left in place
      ----------
      Key=viaagp1
      ImagePath=System32\DRIVERS\viaagp1.sys - this reference has been left in place
      ----------
      Key=ViaIde
      ImagePath=System32\DRIVERS\viaide.sys - this reference has been left in place
      ----------
      Key=VIAudio
      ImagePath=system32\drivers\viaudio.sys - this reference has been left in place
      ----------
      Key=VNICPKT5
      ImagePath=\??\C:\WINDOWS\System32\VNICPKT5.SYS - this reference has been left in place
      ----------
      Key=VolumeFilter
      ImagePath=System32\DRIVERS\VolumeFilter.sys - this reference has been left in place
      ----------
      Key=VSS
      ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
      ----------
      Key=vulfnths
      ImagePath=\SystemRoot\System32\Drivers\vulfnth.sys - this reference has been left in place
      ----------
      Key=vulfntrs
      ImagePath=\SystemRoot\System32\Drivers\vulfntr.sys - this reference has been left in place
      ----------
      Key=Wanarp
      ImagePath=System32\DRIVERS\wanarp.sys - this reference has been left in place
      ----------
      Key=wdmaud
      ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
      ----------
      Key=WmiApSrv
      ImagePath=C:\WINDOWS\System32\wbem\wmiapsrv.exe - this reference has been left in place
      ----------

      ******************************
      19:09:41: Scanning -----VXD ENTRIES-----
      Checking the following VxD entries:
      VxD Key = JAVASUP
      Vxd = JAVASUP.VXD - this command has been left in place
      ---------
      Checking VMM32 VxD files being loaded

      ******************************
      19:09:41: Scanning ----- WINLOGON\NOTIFY DLLS -----
      Checking DLLs called from the Winlogon\Notify key:
      Key=crypt32chain
      DLLName=crypt32.dll - this reference has been left in place
      ----------
      Key=cryptnet
      DLLName=cryptnet.dll - this reference has been left in place
      ----------
      Key=cscdll
      DLLName=cscdll.dll - this reference has been left in place
      ----------
      Key=ScCertProp
      DLLName=wlnotify.dll - this reference has been left in place
      ----------
      Key=Schedule
      DLLName=wlnotify.dll - this reference has been left in place
      ----------
      Key=sclgntfy
      DLLName=sclgntfy.dll - this reference has been left in place
      ----------
      Key=SensLogn
      DLLName=WlNotify.dll - this reference has been left in place
      ----------
      Key=termsrv
      DLLName=wlnotify.dll - this reference has been left in place
      ----------
      Key=wlballoon
      DLLName=wlnotify.dll - this reference has been left in place
      ----------

      ******************************
      19:09:42: Scanning ----- CONTEXTMENUHANDLERS -----
      Key = avast
      CLSID = {472083B0-C522-11CF-8763-00608CC02F24}
      C:\Program Files\Alwil Software\Avast4\ashShell.dll - this ContextMenuHandler has been left in place
      ----------
      Key = AVG Anti-Spyware
      CLSID = {8934FCEF-F5B8-468f-951F-78A921CD3920}
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll - this ContextMenuHandler has been left in place
      ----------
      Key = Offline Files
      CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
      %SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
      ----------
      Key = Open With
      CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
      %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
      ----------
      Key = Open With EncryptionMenu
      CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
      %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
      ----------
      Key = Trojan Remover
      CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
      C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
      ----------
      Key = TuneUp Shredder Shell Extension
      CLSID = {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
      C:\Program Files\TuneUp Utilities 2008\SDShelEx-win32.dll - this ContextMenuHandler has been left in place
      ----------
      Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
      %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
      ----------

      ******************************
      19:09:43: Scanning ----- FOLDER\COLUMNHANDLERS -----
      Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
      %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
      ----------
      Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
      %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
      ----------
      Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
      %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
      ----------
      Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
      %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
      ----------

      ******************************
      19:09:43: Scanning ----- BROWSER HELPER OBJECTS -----
      Key = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
      C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll - this Browser Helper Object has been left in place
      ----------
      Key = {AA58ED58-01DD-4d91-8333-CF10577473F7}
      c:\program files\google\googletoolbar2.dll - this Browser Helper Object has been left in place
      ----------
      Key = {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
      C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll - this Browser Helper Object has been left in place
      ----------

      ******************************
      19:09:44: Scanning ----- SHELLSERVICEOBJECTS -----
      Key = PostBootReminder
      %SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
      ----------
      Key = CDBurn
      %SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
      ----------
      Key = WebCheck
      %SystemRoot%\System32\webcheck.dll - this ShellServiceObject has been left in place
      ----------
      Key = SysTray
      C:\WINDOWS\System32\stobject.dll - this ShellServiceObject has been left in place
      ----------

      ******************************
      19:09:44: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
      Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
      Comment = Pré-chargeur Browseui
      File: %SystemRoot%\System32\browseui.dll - this SharedTaskScheduler entry has been left in place
      ----------
      Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
      Comment = Démon de cache des catégories de composant
      File: %SystemRoot%\System32\browseui.dll - this SharedTaskScheduler entry has been left in place
      ----------

      ******************************
      19:09:44: Scanning ----- IMAGEFILE DEBUGGERS -----
      No "Debugger" entries found.

      ******************************
      19:09:44: Scanning ----- APPINIT_DLLS -----
      The AppInit_DLLs value is blank

      ******************************
      19:09:44: Scanning ------ COMMON STARTUP GROUP ------
      [C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
      The Common Startup Group attempts to load the following file(s) at boot time:
      desktop.ini - this file is expected and has been left in place
      --------------------
      Outil de mise à jour Google.lnk - this links to C:\Program Files\Google\Google Updater\GoogleUpdater.exe and has been left in place
      --------------------

      ******************************
      No User Startup Groups were located to check

      ******************************
      19:09:44: Scanning ----- SCHEDULED TASKS -----

      ******************************
      19:09:44: ----- EXTRA CHECKS -----
      PE386 rootkit checks completed
      ----------
      Winlogon registry rootkit checks completed
      ----------
      Heuristic checks for hidden files/drivers completed
      ----------

      ******************************
      19:09:45: Scanning ------ DOWNLOADED PROGRAM FILES ------
      The following files are located in the DOWNLOADED PROGRAM FILES directory:
      C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
      C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - this file has been left in place
      C:\WINDOWS\Downloaded Program Files\iuctl.inf - this file has been left in place
      C:\WINDOWS\Downloaded Program Files\jinstall-6u5.inf - this file has been left in place
      C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd - this file has been left in place
      C:\WINDOWS\Downloaded Program Files\muweb.inf - this file has been left in place
      C:\WINDOWS\Downloaded Program Files\swflash.inf - this file has been left in place

      ******************************
      19:09:46: Scanning ----- RUNNING PROCESSES -----

      C:\WINDOWS\System32\smss.exe
      --------------------
      C:\WINDOWS\system32\csrss.exe
      --------------------
      C:\WINDOWS\system32\winlogon.exe
      --------------------
      C:\WINDOWS\system32\services.exe
      --------------------
      C:\WINDOWS\system32\lsass.exe
      --------------------
      C:\WINDOWS\system32\svchost.exe
      --------------------
      C:\WINDOWS\system32\svchost.exe
      --------------------
      C:\WINDOWS\System32\svchost.exe
      --------------------
      C:\WINDOWS\System32\svchost.exe
      --------------------
      C:\WINDOWS\System32\svchost.exe
      --------------------
      C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
      --------------------
      C:\Program Files\Alwil Software\Avast4\ashServ.exe
      --------------------
      C:\WINDOWS\system32\spoolsv.exe
      --------------------
      C:\WINDOWS\Explorer.EXE
      --------------------
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      --------------------
      C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
      --------------------
      C:\WINDOWS\System32\nvsvc32.exe
      --------------------
      C:\WINDOWS\system32\slserv.exe
      --------------------
      C:\WINDOWS\system32\RUNDLL32.EXE
      --------------------
      C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
      --------------------
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      --------------------
      C:\WINDOWS\system32\VNICMon.exe
      --------------------
      C:\WINDOWS\system32\ctfmon.exe
      --------------------
      C:\Program Files\Google\Google Updater\GoogleUpdater.exe
      --------------------
      C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
      --------------------
      C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
      --------------------
      C:\WINDOWS\System32\alg.exe
      --------------------
      C:\Program Files\Internet Explorer\iexplore.exe
      --------------------
      C:\Documents and Settings\mazurier sylvie\Application Data\Simply Super Software\Trojan Remover\gtu40.exe
      FileSize: 1 782 336
      [This is a Trojan Remover component]
      --------------------

      ******************************
      19:09:52: Checking AUTOEXEC.BAT file
      AUTOEXEC.BAT found in C:\
      No malicious entries were found in the AUTOEXEC.BAT file

      ******************************
      19:09:52: Checking AUTOEXEC.NT file
      AUTOEXEC.NT found in C:\WINDOWS\system32
      No malicious entries were found in the AUTOEXEC.NT file

      ******************************
      ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
      http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
      %SystemRoot%\system32\blank.htm
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
      http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
      http://www.google.com/toolbar/ie8/sidebar.html
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
      https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
      http://www.google.com/toolbar/ie8/sidebar.html
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
      https://www.free.fr/freebox/index.html
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
      C:\WINDOWS\system32\blank.htm
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
      https://www.google.com/?gws_rd=ssl

      ******************************
      === NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
      Scan completed at: 30/04/2008 19:09:52
      ************************************************************

      jje viens de scaner avec egv voila le rapport---------------------------------------------------------
      AVG Anti-Spyware - Rapport d'analyse
      ---------------------------------------------------------

      + Créé à: 19:20:40 30/04/2008

      + Résultat de l'analyse:



      C:\Documents and Settings\mazurier sylvie\Local Settings\Temporary Internet Files\Content.IE5\PNRXN1NK\billiards[1].htm -> Downloader.Agent.ij : Nettoyé et sauvegardé (mise en quarantaine).
      C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@2o7[1].txt -> TrackingCookie.2o7 : Nettoyé.
      C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@bluestreak[1].txt -> TrackingCookie.Bluestreak : Nettoyé.
      C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@doubleclick[1].txt -> TrackingCookie.Doubleclick : Nettoyé.
      C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@estat[1].txt -> TrackingCookie.Estat : Nettoyé.
      C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@ads.pointroll[1].txt -> TrackingCookie.Pointroll : Nettoyé.
      C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@smartadserver[1].txt -> TrackingCookie.Smartadserver : Nettoyé.
      C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@tradedoubler[1].txt -> TrackingCookie.Tradedoubler : Nettoyé.
      C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@m.webtrends[2].txt -> TrackingCookie.Webtrends : Nettoyé.
      C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@yadro[2].txt -> TrackingCookie.Yadro : Nettoyé.
      C:\Documents and Settings\mazurier sylvie\Cookies\mazurier sylvie@zedo[2].txt -> TrackingCookie.Zedo : Nettoyé.


      Fin du rapport
      0
  4. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  5. dimi-srfc
     
    il ta éliminé plein de truc qui ne devait pas etre ton probleme est résolu?
    0
  6. pepe1311 Messages postés 93 Statut Membre
     
    non a chaque foi ca revient avg scannne j enleve et ca revient j ai meme fait une restauration au niveau de la configuration initiale sans pour autant avoir resolu ces problemes tous ce qui est soit disant nettoye revient sans cesses je pense meme qu au fil du temps il y a des petits nouveaux qui s invitent a croire que je ne suis pas protege
    0
  7. pepe1311 Messages postés 93 Statut Membre
     
    ca a dejas ete fait bien avant j ai desinstaler par crainte de conflits j avais spybot ad aware cc cleaner evilog panda eet j en oublie
    0
  8. dimi-srfc
     
    je vois pas ce que je peux faire de plus
    0
    1. pepe1311 Messages postés 93 Statut Membre
       
      par contre je viens de constate hier que les fenetres internet etaient fermees et iexplorer .exe fonctionnait toujours a100pour 100 est ce normal ca plantait un max j ai arrete le processus et ca allait mieux aussi j ai changer d antivirus pour voir j ai pris a l essai trend micro +anti spyware sans amelioration j ai apercu msie. exe ce processus est il sain il n est apparu qu un bref instant au demarage
      0
  9. Utilisateur anonyme
     
    Le fameux trojan downloader m'a été supprimer par Kaspersky Antivirus 7.0

    C'est juste pour te conseiller =)
    0