Besoin de logiciel anti cheval de troie
Résolu/Fermé
marley
-
16 juil. 2008 à 23:11
tiloup88 Messages postés 1 Date d'inscription mardi 17 février 2009 Statut Membre Dernière intervention 17 février 2009 - 17 févr. 2009 à 09:18
tiloup88 Messages postés 1 Date d'inscription mardi 17 février 2009 Statut Membre Dernière intervention 17 février 2009 - 17 févr. 2009 à 09:18
Bonjour,
j ai mcafe a jour et enregistrer avec une licence pour 1 pc mais il n arrive pas a supprimer definitivement le cheval de troie VANTI et vraiment ca commence a me derranger j ai besoin d aide SVP
merci
j ai mcafe a jour et enregistrer avec une licence pour 1 pc mais il n arrive pas a supprimer definitivement le cheval de troie VANTI et vraiment ca commence a me derranger j ai besoin d aide SVP
merci
A voir également:
- Besoin de logiciel anti cheval de troie
- Logiciel de sauvegarde gratuit - Guide
- Money logiciel - Télécharger - Comptabilité & Facturation
- Logiciel montage vidéo gratuit windows 10 - Guide
- Logiciel - Guide
- Logiciel spss - Télécharger - Outils professionnels
8 réponses
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 juil. 2008 à 23:21
16 juil. 2008 à 23:21
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
---> Trojan.PWS.Onlinegames.NXE est une infection qui se propage par disques amovibles.
Il se copie sur les supports amovibles telles que les flash drives, cds, memory cards, usb disks.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
---> Trojan.PWS.Onlinegames.NXE est une infection qui se propage par disques amovibles.
Il se copie sur les supports amovibles telles que les flash drives, cds, memory cards, usb disks.
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 juil. 2008 à 23:12
16 juil. 2008 à 23:12
Salut,
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
voici le copi coller
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:11 PM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CHRISTIAN\Local Settings\Temporary Internet Files\Content.IE5\8TMR09U3\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:11 PM, on 7/16/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\SiteAdvisor\6261\SiteAdv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\Program Files\SiteAdvisor\6261\SAService.exe
C:\WINDOWS\System32\alg.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\CHRISTIAN\Local Settings\Temporary Internet Files\Content.IE5\8TMR09U3\HiJackThis[1].exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: McAfee SiteAdvisor - {0BF43445-2F28-4351-9252-17FE6E806AA0} - C:\Program Files\SiteAdvisor\6261\SiteAdv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [SiteAdvisor] "C:\Program Files\SiteAdvisor\6261\SiteAdv.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [amva] C:\WINDOWS\system32\amvo.exe
O4 - HKCU\..\Run: [kamsoft] C:\WINDOWS\system32\ckvo.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O23 - Service: ASP.NET State Service (aspnet_state) - Unknown owner - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: Service SiteAdvisor (SiteAdvisor Service) - Unknown owner - C:\Program Files\SiteAdvisor\6261\SAService.exe
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 juil. 2008 à 23:59
16 juil. 2008 à 23:59
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Bonjour,
Destrio, j'ai une question.
Moi aussi j'ai ete infecté par le meme type de virus (CKVO.EXE, FFOJC.COM, AUTORUN.INF)
J'ai reussi a le supprimer avec Malwarebytes-anti-malware recommende sur beacoup de forums.
Pourquoi demande tu de supprimer le trojan avec Combo-Fix ET Malwarebytes-anti-malware? Il faut le faire avec les deux? Un seul suffit? Est ce une precaution supplementaire?
A bientot
AJO
Destrio, j'ai une question.
Moi aussi j'ai ete infecté par le meme type de virus (CKVO.EXE, FFOJC.COM, AUTORUN.INF)
J'ai reussi a le supprimer avec Malwarebytes-anti-malware recommende sur beacoup de forums.
Pourquoi demande tu de supprimer le trojan avec Combo-Fix ET Malwarebytes-anti-malware? Il faut le faire avec les deux? Un seul suffit? Est ce une precaution supplementaire?
A bientot
AJO
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
17 juil. 2008 à 14:20
17 juil. 2008 à 14:20
C'est juste ma méthode.
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Destrio5
Messages postés
85985
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
27 août 2008 à 00:14
27 août 2008 à 00:14
linas ---> Merci de créer ton propre topic.
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\3.bin\MWSBAR.DLL
O3 - Toolbar: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Hotbar\bin\10.2.232.0\HostIE.dll
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Documents and Settings\All Users\Documents\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [PlatriumWeather] "C:\Program Files\Platrium\bin\1.2.103.0\Weather.exe" -auto
O4 - HKLM\..\Run: [PlatriumSA] "C:\Program Files\Platrium\bin\1.2.103.0\PlatriumSA.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [HotbarOE] C:\Program Files\Hotbar\bin\10.2.232.0\OEAddOn.exe
O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.2.232.0\HotbarSA.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mmksy] "c:\documents and settings\lili\local settings\application data\mmksy.exe" mmksy
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; SIMBAR={8D0CB1D0-A9BF-11DD-8A1F-000D61E427A4}; Platrium 1.2.103.0; P_IT_EF70077EB4765A5430AE98; Hotbar 10.2.232.0)" -"http://www.internetgamebox.com/igb/content/new/motocross/motocross.html"
O4 - HKUS\S-1-5-21-1935655697-2049760794-682003330-1003\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Martine')
O4 - HKUS\S-1-5-21-1935655697-2049760794-682003330-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Martine')
O4 - HKUS\S-1-5-21-1935655697-2049760794-682003330-1003\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User 'Martine')
O4 - HKUS\S-1-5-21-1935655697-2049760794-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Martine')
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
O3 - Toolbar: Hotbar - {90B8B761-DF2B-48AC-BBE0-BCC03A819B3B} - C:\Program Files\Hotbar\bin\10.2.232.0\HostIE.dll
O3 - Toolbar: iWin Toolbar - {ce0c2586-da36-452b-acdb-320d9bcb19bf} - C:\Program Files\iWin\tbiWin.dll
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [EoEngine] "C:\Program Files\EoRezo\EoEngine.exe"
O4 - HKLM\..\Run: [ItsTV] "C:\Program Files\ItsLabel\ItsTV.exe"
O4 - HKLM\..\Run: [Picasa Media Detector] C:\Documents and Settings\All Users\Documents\Picasa2\PicasaMediaDetector.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [VX3000] C:\WINDOWS\vVX3000.exe
O4 - HKLM\..\Run: [MyWebSearch Plugin] rundll32 C:\PROGRA~1\MYWEBS~1\bar\3.bin\M3PLUGIN.DLL,UPF
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwsoemon.exe
O4 - HKLM\..\Run: [PlatriumWeather] "C:\Program Files\Platrium\bin\1.2.103.0\Weather.exe" -auto
O4 - HKLM\..\Run: [PlatriumSA] "C:\Program Files\Platrium\bin\1.2.103.0\PlatriumSA.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\3.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [HotbarOE] C:\Program Files\Hotbar\bin\10.2.232.0\OEAddOn.exe
O4 - HKLM\..\Run: [HotbarSA] "C:\Program Files\Hotbar\bin\10.2.232.0\HotbarSA.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [HiYo] C:\Program Files\HiYo\bin\HiYo.exe /RunFromStartup
O4 - HKCU\..\Run: [msnmsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [mmksy] "c:\documents and settings\lili\local settings\application data\mmksy.exe" mmksy
O4 - HKCU\..\RunOnce: [Shockwave Updater] C:\WINDOWS\system32\Adobe\SHOCKW~1\SWHELP~2.EXE -Update -1100465 -"Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; FunWebProducts; SIMBAR={8D0CB1D0-A9BF-11DD-8A1F-000D61E427A4}; Platrium 1.2.103.0; P_IT_EF70077EB4765A5430AE98; Hotbar 10.2.232.0)" -"http://www.internetgamebox.com/igb/content/new/motocross/motocross.html"
O4 - HKUS\S-1-5-21-1935655697-2049760794-682003330-1003\..\Run: [MsnMsgr] ~"C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background (User 'Martine')
O4 - HKUS\S-1-5-21-1935655697-2049760794-682003330-1003\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'Martine')
O4 - HKUS\S-1-5-21-1935655697-2049760794-682003330-1003\..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe /c (User 'Martine')
O4 - HKUS\S-1-5-21-1935655697-2049760794-682003330-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User 'Martine')
O4 - Startup: iWin Desktop Alerts.lnk = C:\Documents and Settings\All Users\Application Data\iWin Games\DesktopAlerts\DesktopAlerts.exe
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O9 - Extra button: SmartShopper - Compare product prices - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEBF} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: SmartShopper - Compare travel rates - {3CC3D8FE-F0E0-4dd1-A69A-8C56BCC7BEC0} - C:\Program Files\SmartShopper\Bin\2.5.0\SmrtShpr.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://www.files-ftp.com/~unicorni/phpBB2/index.php
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/FR-FR/a-UNO1/GAME_UNO1.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D8089245-3211-40F6-819B-9E5E92CD61A2} (FlashXControl Object) - https://signin2.valueactive.eu/Register/Branding/olr3313/OCX/v1018/flashax.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iWinGamesInstaller - iWin Inc. - C:\Program Files\iWin Games\iWinGamesInstaller.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\3.bin\mwssvc.exe
O23 - Service: SmartLinkService (SLService) - Smart Link - C:\WINDOWS\SYSTEM32\slserv.exe
Je vous signale que bien que payant la license a BidefenderIS V2009
celui ci a ete tout a fait incapable de lutter contre le"system KAMSOFT"
MON SAUVEUR a ete " TROJAN REMOVER" grand merci a lui
la version demo 30j suffit amplement
Bert
celui ci a ete tout a fait incapable de lutter contre le"system KAMSOFT"
MON SAUVEUR a ete " TROJAN REMOVER" grand merci a lui
la version demo 30j suffit amplement
Bert
tiloup88
Messages postés
1
Date d'inscription
mardi 17 février 2009
Statut
Membre
Dernière intervention
17 février 2009
17 févr. 2009 à 09:18
17 févr. 2009 à 09:18
***** THE SYSTEM HAS BEEN RESTARTED *****
2009-02-17 03:10:30: Trojan Remover has been restarted
The AppInitDLLs Registry entry has been reset
=======================================================
Removing the following registry keys:
HKCR\CLSID\{6230596F-3A44-4CDF-815B-372FA03C75D6} - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\clbdriver.sys - already removed (or did not exist)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mlJCTMcY - already removed (or did not exist)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1110380F-241D-47FE-B4A5-D3ACF1279C97} - already removed (or did not exist)
HKCR\CLSID\{1110380F-241D-47FE-B4A5-D3ACF1279C97} - already removed (or did not exist)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4253FCA-971C-42E3-99A3-8096A125935B} - already removed (or did not exist)
HKCR\CLSID\{F4253FCA-971C-42E3-99A3-8096A125935B} - already removed (or did not exist)
=======================================================
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[Windows UDP Control Center] - already deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\[{6230596F-3A44-4CDF-815B-372FA03C75D6}] - already deleted
HKLM\SYSTEM\CurrentControlSet\Services\clbdriver\[ImagePath] - already deleted
=======================================================
Unable to rename C:\WINDOWS\system32\drivers\clbdriver.sys to C:\WINDOWS\system32\drivers\clbdriver.sys.vir
(C:\WINDOWS\system32\drivers\clbdriver.sys does not appear to exist)
2009-02-17 03:10:30: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2563. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 03:01:32 17 févr. 2009
Using Database v7287
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Pascal\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Pascal\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus
AVG Anti-Virus
************************************************************
************************************************************
03:01:32: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
03:01:32: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
03:01:32: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
03:01:37: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 2006-03-02 07:00
Modified: 2008-04-13 21:34
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 2006-03-02 07:00
Modified: 2008-04-13 21:34
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 2006-03-02 07:00
Modified: 2008-04-13 21:34
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: RemoteControl
Value Data: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
56928 bytes
Created: 2007-07-09 14:06
Modified: 2006-11-23 14:10
Company: Cyberlink Corp.
--------------------
Value Name: LanguageShortcut
Value Data: "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
54832 bytes
Created: 2007-07-09 14:06
Modified: 2006-12-05 21:55
Company:
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7311360 bytes
Created: 2006-01-24 05:15
Modified: 2006-01-24 05:15
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1519616 bytes
Created: 2006-01-24 05:15
Modified: 2006-01-24 05:15
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 2006-01-24 05:15
Modified: 2006-01-24 05:15
Company: NVIDIA Corporation
--------------------
Value Name: NeroFilterCheck
Value Data: C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
155648 bytes
Created: 2006-01-12 14:40
Modified: 2006-01-12 14:40
Company: Nero AG
--------------------
Value Name: High Definition Audio Property Page Shortcut
Value Data: HDAShCut.exe
C:\WINDOWS\system32\HDAShCut.exe
61952 bytes
Created: 2004-10-27 14:21
Modified: 2004-10-27 14:21
Company: Windows (R) Server 2003 DDK provider
--------------------
Value Name: VX1000
Value Data: C:\WINDOWS\vVX1000.exe
C:\WINDOWS\vVX1000.exe
707376 bytes
Created: 2006-06-29 18:42
Modified: 2006-10-13 16:04
Company: Microsoft Corporation
--------------------
Value Name: LifeCam
Value Data: "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
C:\Program Files\Microsoft LifeCam\LifeExp.exe
277296 bytes
Created: 2006-10-13 16:01
Modified: 2006-10-13 16:01
Company: Microsoft Corporation
--------------------
Value Name: HP Software Update
Value Data: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
49152 bytes
Created: 2006-12-10 20:52
Modified: 2006-12-10 20:52
Company: Hewlett-Packard Co.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
136600 bytes
Created: 2008-12-15 11:07
Modified: 2008-12-15 11:07
Company: Sun Microsystems, Inc.
--------------------
Value Name: SoundMAXPnP
Value Data: C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
-R- 925696 bytes
Created: 2008-09-09 14:39
Modified: 2005-05-19 20:11
Company: Analog Devices, Inc.
--------------------
Value Name: SoundMAX
Value Data: "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
716800 bytes
Created: 2008-09-09 14:39
Modified: 2005-09-07 14:35
Company: Analog Devices, Inc.
--------------------
Value Name: WinampAgent
Value Data: "C:\Program Files\Winamp\winampa.exe"
C:\Program Files\Winamp\winampa.exe [file not found to scan]
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
413696 bytes
Created: 2008-11-04 10:30
Modified: 2008-11-04 10:30
Company: Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
290088 bytes
Created: 2008-11-20 13:20
Modified: 2008-11-20 13:20
Company: Apple Inc.
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1601304 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:16
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: Locks open bore help
Value Data: C:\Documents and Settings\All Users\Application Data\Dumb Save Locks Open\dent bin.exe
C:\Documents and Settings\All Users\Application Data\Dumb Save Locks Open\dent bin.exe
716800 bytes
Created: 2009-02-03 13:01
Modified: 2009-02-17 02:56
Company: Ttanp renwire boithewb
--------------------
Value Name: Windows UDP Control Center
Value Data: fxstaller.exe
C:\WINDOWS\fxstaller.exe
-RHS- 48690 bytes
Created: 2009-02-16 19:36
Modified: 2009-02-16 15:36
Company: [no info]
fxstaller.exe - this registry value has been removed
C:\WINDOWS\fxstaller.exe - running process located and terminated
C:\WINDOWS\fxstaller.exe - READ-ONLY, HIDDEN and SYSTEM file attributes removed
C:\WINDOWS\fxstaller.exe - file renamed to: C:\WINDOWS\fxstaller.exe.vir
--------------------
Value Name: EoEngine
Value Data: "C:\Program Files\EoRezo\EoEngine.exe"
C:\Program Files\EoRezo\EoEngine.exe
472872 bytes
Created: 2009-02-16 22:24
Modified: 2008-11-25 15:56
Company:
--------------------
Value Name: SoftwareHelper
Value Data: C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
368224 bytes
Created: 2009-02-16 22:25
Modified: 2008-12-09 10:13
Company: EoRezo
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1237896 bytes
Created: 2009-02-17 02:59
Modified: 2009-02-05 19:52
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
Value Data: "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
143360 bytes
Created: 2006-12-23 17:05
Modified: 2006-12-23 17:05
Company: Nero AG
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 2006-03-02 07:00
Modified: 2008-04-13 21:33
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
3885408 bytes
Created: 2009-02-06 18:51
Modified: 2009-02-06 18:51
Company: Microsoft Corporation
--------------------
Value Name: SRS Audio Sandbox
Value Data: "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [file not found to scan]
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
68856 bytes
Created: 2007-07-27 12:42
Modified: 2007-07-27 12:42
Company: Google Inc.
--------------------
Value Name: ares vista
Value Data: "C:\Program Files\Ares Vista\AresVista.exe" -h
C:\Program Files\Ares Vista\AresVista.exe [file not found to scan]
--------------------
Value Name: Google Update
Value Data: "C:\Documents and Settings\Pascal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
C:\Documents and Settings\Pascal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 2009-01-06 12:15
Modified: 2009-01-06 12:15
Company: Google Inc.
--------------------
Value Name: Drvpeak
Value Data: C:\DOCUME~1\Pascal\APPLIC~1\ARMYSP~1\MAPI PROGRAM CAMP.exe
C:\DOCUME~1\Pascal\APPLIC~1\ARMYSP~1\MAPI PROGRAM CAMP.exe
569344 bytes
Created: 2009-01-09 12:44
Modified: 2009-02-03 13:00
Company: Anca
--------------------
Value Name: WMPNSCFG
Value Data: C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
204288 bytes
Created: 2006-11-03 08:59
Modified: 2006-11-03 08:59
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
************************************************************
03:01:54: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {6230596F-3A44-4CDF-815B-372FA03C75D6}
File: C:\WINDOWS\system32\mlJCTMcY.dll
C:\WINDOWS\system32\mlJCTMcY.dll - this registry value has been removed [file not found to scan]
HKCR\CLSID\{6230596F-3A44-4CDF-815B-372FA03C75D6} - this key has been removed
----------
************************************************************
03:01:58: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
03:01:58: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\PHOTOI~1.SCR
C:\WINDOWS\system32\PHOTOI~1.SCR
163840 bytes
Created: 2008-04-05 11:09
Modified: 2001-11-02 14:10
Company: ArcSoft Inc.
--------------------
************************************************************
03:01:58: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}
Path: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
C:\WINDOWS\system32\rundll32.exe
33792 bytes
Created: 2006-03-02 07:00
Modified: 2008-04-13 21:34
Company: Microsoft Corporation
----------
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 2006-11-03 09:03
Modified: 2006-11-03 09:03
Company: [no info]
----------
************************************************************
03:01:59: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
03:01:59: Scanning ----- SERVICES REGISTRY KEYS -----
Key: aawservice
ImagePath: "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
611664 bytes
Created: 2008-05-12 12:38
Modified: 2009-02-16 23:35
Company: Lavasoft
----------
Key: ADIHdAudAddService
ImagePath: system32\drivers\ADIHdAud.sys
C:\WINDOWS\system32\drivers\ADIHdAud.sys
-R- 141312 bytes
Created: 2008-09-09 14:39
Modified: 2005-10-05 04:21
Company: Analog Devices, Inc.
----------
Key: AEAudioService
ImagePath: system32\drivers\AEAudio.sys
C:\WINDOWS\system32\drivers\AEAudio.sys
-R- 127872 bytes
Created: 2008-09-09 14:39
Modified: 2005-03-04 07:53
Company: Andrea Electronics Corporation
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
132424 bytes
Created: 2008-11-07 14:28
Modified: 2008-11-07 14:28
Company: Apple Inc.
----------
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
903960 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:15
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
298264 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:15
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys
325128 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:16
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys
27656 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:16
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
107272 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:16
Company: AVG Technologies CZ, s.r.o.
----------
Key: BCM42RLY
ImagePath: \??\C:\WINDOWS\System32\BCM42RLY.SYS
C:\WINDOWS\System32\BCM42RLY.SYS
17992 bytes
Created: 2007-07-09 14:23
Modified: 2005-02-01 17:18
Company: Broadcom Corporation
----------
Key: Bonjour Service
ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created: 2008-12-12 11:17
Modified: 2008-12-12 11:17
Company: Apple Inc.
----------
Key: clbdriver
ImagePath: \??\globalroot\systemroot\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\drivers\clbdriver.sys - has a *known* Malware filename: ROOTKIT.AGENT
C:\WINDOWS\system32\drivers\clbdriver.sys - this registry value has been removed [file not found to scan]
"SafeBoot\Minimal" registry entry for [clbdriver.sys] removed
"SafeBoot\Network" registry entry for [clbdriver.sys] removed
C:\WINDOWS\system32\drivers\clbdriver.sys - unable to take ownership/change permissions
C:\WINDOWS\system32\drivers\clbdriver.sys - marked for renaming when the PC is restarted (if it exists)
----------
Key: fssfltr
ImagePath: system32\DRIVERS\fssfltr_tdi.sys
C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
55152 bytes
Created: 2009-02-16 21:56
Modified: 2009-02-06 18:08
Company: Microsoft Corporation
----------
Key: fsssvc
ImagePath: "C:\Program Files\Windows Live\Family Safety\fsssvc.exe"
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
533360 bytes
Created: 2009-02-06 18:08
Modified: 2009-02-06 18:08
Company: Microsoft Corporation
----------
Key: grmnusb
ImagePath: system32\drivers\grmnusb.sys
C:\WINDOWS\system32\drivers\grmnusb.sys
7296 bytes
Created: 2008-07-06 13:06
Modified: 2003-09-23 09:42
Company: GARMIN Corp.
----------
Key: GTNDIS5
ImagePath: \??\C:\WINDOWS\system32\GTNDIS5.SYS
C:\WINDOWS\system32\GTNDIS5.SYS
15872 bytes
Created: 2007-07-09 14:23
Modified: 2003-09-25 21:15
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: gupdate1c98e0e58c1f5c4
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 2009-02-13 14:07
Modified: 2009-02-13 14:07
Company: Google Inc.
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
182768 bytes
Created: 2007-07-16 19:44
Modified: 2009-02-13 14:06
Company: Google
----------
Key: HdAudAddService
ImagePath: system32\drivers\HdAudio.sys
C:\WINDOWS\system32\drivers\HdAudio.sys
145920 bytes
Created: 2004-10-27 14:21
Modified: 2004-10-27 14:21
Company: Windows (R) Server 2003 DDK provider
----------
Key: HPZid412
ImagePath: system32\DRIVERS\HPZid412.sys
C:\WINDOWS\system32\DRIVERS\HPZid412.sys
-R- 49920 bytes
Created: 2008-07-19 16:50
Modified: 2006-12-06 01:02
Company: HP
----------
Key: HPZipr12
ImagePath: system32\DRIVERS\HPZipr12.sys
C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
-R- 16496 bytes
Created: 2008-07-19 16:50
Modified: 2006-12-06 01:02
Company: HP
----------
Key: HPZius12
ImagePath: system32\DRIVERS\HPZius12.sys
C:\WINDOWS\system32\DRIVERS\HPZius12.sys
-R- 21568 bytes
Created: 2008-07-19 16:49
Modified: 2006-12-06 01:02
Company: HP
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 2008-12-15 11:07
Modified: 2008-12-15 11:07
Company: Sun Microsystems, Inc.
----------
Key: MS1000
ImagePath: System32\DRIVERS\MS1000.sys
C:\WINDOWS\System32\DRIVERS\MS1000.sys
5376 bytes
Created: 2009-02-16 22:49
Modified: 2009-02-16 22:49
Company: [no info]
----------
Key: MSCamSvc
ImagePath: "C:\Program Files\Microsoft LifeCam\MSCamS32.exe"
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
207664 bytes
Created: 2006-10-13 16:01
Modified: 2006-10-13 16:01
Company: Microsoft Corporation
----------
Key: MTsensor
ImagePath: system32\DRIVERS\ASACPI.sys
C:\WINDOWS\system32\DRIVERS\ASACPI.sys
-R- 5810 bytes
Created: 2007-07-09 14:04
Modified: 2004-08-12 21:56
Company:
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
262144 bytes
Created: 2006-12-23 16:54
Modified: 2006-12-23 16:54
Company: Nero AG
----------
Key: NVENETFD
ImagePath: system32\DRIVERS\NVENETFD.sys
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
-R- 34176 bytes
Created: 2007-07-09 14:05
Modified: 2006-02-16 21:28
Company: NVIDIA Corporation
----------
Key: nvnetbus
ImagePath: system32\DRIVERS\nvnetbus.sys
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
-R- 13056 bytes
Created: 2007-07-09 14:05
Modified: 2006-02-16 21:28
Company: NVIDIA Corporation
----------
Key: RichVideo
ImagePath: "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
167936 bytes
Created: 2007-07-09 14:06
Modified: 2005-08-07 07:54
Company:
----------
Key: RT61
ImagePath: system32\DRIVERS\RT61.sys
C:\WINDOWS\system32\DRIVERS\RT61.sys
356096 bytes
Created: 2007-07-09 14:23
Modified: 2005-10-27 14:06
Company: Ralink Technology Inc.
----------
Key: SeaPort
ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
226656 bytes
Created: 2009-01-14 17:53
Modified: 2009-01-14 17:53
Company: Microsoft Corp.
----------
Key: SenFiltService
ImagePath: system32\drivers\Senfilt.sys
C:\WINDOWS\system32\drivers\Senfilt.sys
-R- 393088 bytes
Created: 2008-09-09 14:39
Modified: 2005-08-11 00:49
Company: Sensaura
----------
Key: SQTECH905C
ImagePath: System32\Drivers\Capt905c.sys
C:\WINDOWS\System32\Drivers\Capt905c.sys
33890 bytes
Created: 2008-04-05 11:12
Modified: 2005-07-13 10:08
Company: Service & Quality Technology.
----------
Key: SRS_SSCFilter
ImagePath: system32\drivers\srs_sscfilter_i386.sys
C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
-R- 39552 bytes
Created: 2007-07-13 11:12
Modified: 2007-05-03 09:28
Company:
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{401EB1D0-84F1-41F8-895E-FE35F5B899C8}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 2006-03-02 07:00
Modified: 2008-04-13 21:34
Company: Microsoft Corporation
----------
Key: VX1000
ImagePath: system32\DRIVERS\VX1000.sys
C:\WINDOWS\system32\DRIVERS\VX1000.sys
1966000 bytes
Created: 2006-06-29 18:42
Modified: 2006-10-13 16:04
Company: Microsoft Corporation
----------
Key: WMP54Gv4SVC
ImagePath: "C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe"
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
41025 bytes
Created: 2007-07-09 14:23
Modified: 2004-02-06 21:56
Company: GEMTEKS
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 2004-08-11 00:45
Modified: 2006-10-18 19:00
Company: Microsoft Corporation
----------
************************************************************
03:02:27: Scanning -----VXD ENTRIES-----
************************************************************
03:02:27: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : avgrsstarter
DLLName: avgrsstx.dll
C:\WINDOWS\system32\avgrsstx.dll
10520 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:16
Company: AVG Technologies CZ, s.r.o.
----------
Key : mlJCTMcY
DLLName: mlJCTMcY.dll
mlJCTMcY.dll - this reference has been removed [file not found to scan]
----------
************************************************************
03:02:33: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
117528 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:15
Company: AVG Technologies CZ, s.r.o.
----------
************************************************************
03:02:33: Scanning ----- FOLDER\COLUMNHANDLERS -----
************************************************************
03:02:33: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {1110380F-241D-47FE-B4A5-D3ACF1279C97}
BHO: C:\WINDOWS\system32\wvUmjKbb.dll
C:\WINDOWS\system32\wvUmjKbb.dll - this BHO was being loaded by the following key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1110380F-241D-47FE-B4A5-D3ACF1279C97} - this key has been removed [file not found to scan]
C:\WINDOWS\system32\wvUmjKbb.dll - this BHO was referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{1110380F-241D-47FE-B4A5-D3ACF1279C97} - this key has been removed
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
1078552 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:15
Company: AVG Technologies CZ, s.r.o.
----------
Key: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
BHO: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
92504 bytes
Created: 2009-01-14 17:49
Modified: 2009-01-14 17:49
Company: Microsoft Corp.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 2008-12-15 11:07
Modified: 2008-12-15 11:07
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
408448 bytes
Created: 2009-01-22 15:41
Modified: 2009-01-22 15:41
Company: Microsoft Corporation
----------
Key: {A057A204-BACC-4D26-9990-79A187E2698E}
BHO: C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
1968920 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:16
Company: [COMPANYNAME]----------------------------
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
251504 bytes
Created: 2009-01-17 03:21
Modified: 2009-01-16 22:49
Company: [no info]
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
657904 bytes
Created: 2009-01-17 03:21
Modified: 2009-01-17 03:21
Company: Google Inc.
----------
Key: {C7B76B90-3455-4AE6-A752-EAC4D19689E5}
BHO: C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
42792 bytes
Created: 2009-02-16 22:25
Modified: 2008-11-18 15:15
Company: EoRezo
----------
Key: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
BHO: C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
522224 bytes
Created: 2009-01-16 22:49
Modified: 2009-01-16 22:49
Company: Google Inc.
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 2008-12-15 11:07
Modified: 2008-12-15 11:07
Company: Sun Microsystems, Inc.
----------
Key: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
BHO: C:\Program Files\Windows Live\Toolbar\wltcore.dll
C:\Program Files\Windows Live\Toolbar\wltcore.dll
1068904 bytes
Created: 2009-02-06 18:17
Modified: 2009-02-06 18:17
Company: Microsoft Corporation
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 2008-12-15 11:07
Modified: 2008-12-15 11:07
Company: Sun Microsystems, Inc.
----------
Key: {F4253FCA-971C-42E3-99A3-8096A125935B}
BHO: C:\WINDOWS\nfavxwdbsbq.dll
C:\WINDOWS\nfavxwdbsbq.dll - this BHO was being loaded by the following key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4253FCA-971C-42E3-99A3-8096A125935B} - this key has been removed [file not found to scan]
C:\WINDOWS\nfavxwdbsbq.dll - this BHO was referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{F4253FCA-971C-42E3-99A3-8096A125935B} - this key has been removed
----------
************************************************************
03:02:39: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
03:02:39: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
03:02:39: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
03:02:39: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [rgonbf.dll,cwgudx.dll]
rgonbf.dll - this reference will be removed [file not found to scan]
----------
cwgudx.dll - this reference will be removed [file not found to scan]
----------
************************************************************
03:02:43: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
03:02:44: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 2007-07-09 09:31
Modified: 2007-07-09 13:47
Company: [no info]
--------------------
HP Digital Imaging Monitor.lnk - links to C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
210520 bytes
Created: 2007-01-02 20:40
Modified: 2007-01-02 20:40
Company: Hewlett-Packard Co.
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
03:02:44: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 2008-07-30 11:34
Modified: 2008-07-30 11:34
Company: Apple Inc.
Parameters: -task
Next Run Time: 2009-02-18 17:26:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
----------
Taskname: B412DC9491854640.job
File: c:\docume~1\pascal\applic~1\armysp~1\proxybikebib.exe
c:\docume~1\pascal\applic~1\armysp~1\proxybikebib.exe
450560 bytes
Created: 2009-01-09 12:45
Modified: 2009-02-03 13:01
Company: Tessu dse
Parameters: [blank]
Next Run Time: 2009-02-17 04:00:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Pascal
Comments: [blank]
----------
Taskname: Google Software Updater.job
File: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
182768 bytes
Created: 2007-07-16 19:44
Modified: 2009-02-13 14:06
Company: Google
Parameters: scheduled_start
Next Run Time: 2009-02-17 10:38:00
Status: La tâche n'a pas encore été exécutée
Creator: SYSTEM
Comments: Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.
----------
Taskname: GoogleUpdateTaskMachine.job
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 2009-02-13 14:07
Modified: 2009-02-13 14:07
Company: Google Inc.
Parameters: /c
Next Run Time: Never
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Pascal
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: GoogleUpdateTaskUserS-1-5-21-682003330-179605362-725345543-1004.job
File: C:\Documents and Settings\Pascal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Pascal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 2009-01-06 12:15
Modified: 2009-01-06 12:15
Company: Google Inc.
Parameters: /c
Next Run Time: Never
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Pascal
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: User_Feed_Synchronization-{3536C6D3-C7EC-437A-9E7F-DB4442020AEE}.job
File: C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\system32\msfeedssync.exe
13312 bytes
Created: 2006-10-17 10:58
Modified: 2009-01-15 02:01
Company: Microsoft Corporation
Parameters: sync
Next Run Time: 2009-02-17 03:17:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Pascal
Comments: Met à jour les flux système obsolètes.
----------
************************************************************
03:02:46: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
03:02:46: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
921654 bytes
Created: 2007-07-10 18:00
Modified: 2009-02-09 19:48
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
921654 bytes
Created: 2007-07-10 18:00
Modified: 2009-02-09 19:48
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed
************************************************************
03:02:50: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[13 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[69 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[26 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[57 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[49 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[37 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[154 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[29 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[31 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[46 loaded modules in total]
--------------------
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe - file already scanned
[30 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[52 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe - file already scanned
[24 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe - file already scanned
[28 loaded modules in total]
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe - file already scanned
[31 loaded modules in total]
--------------------
C:\Program Files\Google\Update\GoogleUpdate.exe - file already scanned
[25 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
[109 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[40 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[33 loaded modules in total]
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
[82 loaded modules in total]
--------------------
C:\Program Files\Microsoft LifeCam\MSCamS32.exe - file already scanned
[15 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[29 loaded modules in total]
--------------------
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe - file already scanned
[21 loaded modules in total]
--------------------
C:\WINDOWS\system32\nvsvc32.exe
[33 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[34 loaded modules in total]
--------------------
C:\Program Files\CyberLink\Shared Files\RichVideo.exe - file already scanned
[18 loaded modules in total]
--------------------
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file already scanned
[39 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[39 loaded modules in total]
--------------------
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe - file already scanned
[9 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgemc.exe - file already scanned
[53 loaded modules in total]
--------------------
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
[81 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
[7 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
[31 loaded modules in total]
--------------------
C:\Program Files\Windows Media Player\WMPNetwk.exe
[67 loaded modules in total]
--------------------
C:\WINDOWS\vVX1000.exe - file already scanned
[22 loaded modules in total]
--------------------
C:\Program Files\AVG\AVG8\avgcsrvx.exe
[7 loaded modules in total]
--------------------
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe - file already scanned
[18 loaded modules in total]
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
[39 loaded modules in total]
--------------------
C:\Program Files\Analog Devices\Core\smax4pnp.exe - file already scanned
[33 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[30 loaded modules in total]
--------------------
C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
[50 loaded modules in total]
--------------------
C:\WINDOWS\system32\wbem\wmiapsrv.exe
[42 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgtray.exe - file already scanned
[35 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE
[39 loaded modules in total]
--------------------
C:\Program Files\EoRezo\EoEngine.exe - file already scanned
[58 loaded modules in total]
--------------------
C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe - file already scanned
[27 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe - file already scanned
[41 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
[24 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
[44 loaded modules in total]
--------------------
C:\Program Files\iPod\bin\iPodService.exe
[26 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe - file already scanned
[33 loaded modules in total]
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - file already scanned
[51 loaded modules in total]
--------------------
C:\Documents and Settings\Pascal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - file already scanned
[25 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE
[45 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE
[45 loaded modules in total]
--------------------
C:\Program Files\Windows Media Player\WMPNSCFG.exe - file already scanned
[24 loaded modules in total]
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[62 loaded modules in total]
--------------------
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
[25 loaded modules in total]
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
[70 loaded modules in total]
--------------------
C:\Program Files\AVG\AVG8\avgscanx.exe
[22 loaded modules in total]
--------------------
C:\Program Files\AVG\AVG8\avgcsrvx.exe
[7 loaded modules in total]
--------------------
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
[41 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
[55 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
[150 loaded modules in total]
--------------------
C:\Program Files\Windows Live\Toolbar\wltuser.exe
[39 loaded modules in total]
--------------------
C:\Program Files\AVG\AVG8\avgui.exe
[38 loaded modules in total]
--------------------
C:\Documents and Settings\Pascal\Application Data\Simply Super Software\Trojan Remover\ydc715.exe
FileSize: 2929528
[This is a Trojan Remover component]
[65 loaded modules in total]
--------------------
************************************************************
03:04:25: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
03:04:25: Scanning ------ %TEMP% DIRECTORY ------
C:\DOCUME~1\Pascal\LOCALS~1\Temp\0c4550fd-b9b0-4690-b0f8-deddf8d273f5.tmp appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\755dde5b-d4cb-46b3-ae52-595fef83688b.tmp appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\lqtuipja.dll
56732 bytes
Created: 2008-07-29 21:45
Modified: 2008-07-30 00:09
Company: [no info]
C:\DOCUME~1\Pascal\LOCALS~1\Temp\lqtuipja.dll appears to contain: TROJAN.VIRTUMONDE
C:\DOCUME~1\Pascal\LOCALS~1\Temp\lqtuipja.dll - file renamed to: C:\DOCUME~1\Pascal\LOCALS~1\Temp\lqtuipja.dll.vir
--------------------
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~107a7a81668d61c7c355c5b5a200?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~107a7a81668d61c7c355c5b5a200?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1233d77624a74e1c7c749540c9800?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1233d77624a74e1c7c749540c9800?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1387e9911c48e1c7ffd74d1ac500?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1387e9911c48e1c7ffd74d1ac500?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1433d7718a5c41c7c74950791100?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1433d7718a5c41c7c74950791100?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~153e59c8111d91c8960084120900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~153e59c8111d91c8960084120900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1773a07dc441c836269fefa900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1773a07dc441c836269fefa900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~18b1c74a1e191c8a6855101e900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~18b1c74a1e191c8a6855101e900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1c1ffce71263b1c7c355bd5d6700?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1c1ffce71263b1c7c355bd5d6700?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1d3e59fc10bca1c89603c91a900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1d3e59fc10bca1c89603c91a900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2171ba20221501c89832cd499f00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2171ba20221501c89832cd499f00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~233e59fcfde51c89602fab00600?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~233e59fcfde51c89602fab00600?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~25bfb8ee9be11c8a6107ef91600?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~25bfb8ee9be11c8a6107ef91600?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~261ffce094f71c7c355c2221b00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~261ffce094f71c7c355c2221b00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2828a77673931c8a6854182a000?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2828a77673931c8a6854182a000?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~293e59c8fe951c89602d5bb9300?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~293e59c8fe951c89602d5bb9300?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~29663520a3b01c7ca50f762f300?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~29663520a3b01c7ca50f762f300?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~29a3c946a1711c85e2490b9fa00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~29a3c946a1711c85e2490b9fa00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2b825435db7c1c7c355b5052c00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2b825435db7c1c7c355b5052c00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2b8257f57f6341c8aa6f61dca100?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2b8257f57f6341c8aa6f61dca100?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2d147ce6a3a81c85e2491eb2700?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2d147ce6a3a81c85e2491eb2700?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2d15f07c206131c7e75b4b9d7900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2d15f07c206131c7e75b4b9d7900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2de030d11afd61c89357a8978800?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2de030d11afd61c89357a8978800?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2f3e59c3117d11c8960311565d00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2f3e59c3117d11c8960311565d00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2f3e59fdf7961c89602e409af00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2f3e59fdf7961c89602e409af00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~32cefacf877f1c7c81f5fca8e00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~32cefacf877f1c7c81f5fca8e00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~335a1fe294481c81dd2d68d9600?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~335a1fe294481c81dd2d68d9600?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~338f9c62d26f51c7c353da913600?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~338f9c62d26f51c7c353da913600?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~36768b9adc61c89f4fb4866b00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~36768b9adc61c89f4fb4866b00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3affb60fedf6f1c7d4ade2a14900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3affb60fedf6f1c7d4ade2a14900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3bd5606e98951c7c415e7765e00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3bd5606e98951c7c415e7765e00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3c1ffce798651c7c355bd5d6700?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3c1ffce798651c7c355bd5d6700?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3cffb635e7c921c8317cf79c9900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3cffb635e7c921c8317cf79c9900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3d61e7721c0f81c7ffd94fca200?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3d61e7721c0f81c7ffd94fca200?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3db71f0a517c61c7c74f1dd21700?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3db71f0a517c61c7c74f1dd21700?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3dfb6dd1a97401c7c353e0871700?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3dfb6dd1a97401c7c353e0871700?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3f4d89cee7491c836d2afc4c700?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3f4d89cee7491c836d2afc4c700?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~40416f60a2e01c7ca50f762f300?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~40416f60a2e01c7ca50f762f300?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~406ac489c011c7c4163c19d900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~406ac489c011c7c4163c19d900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~438f9c7fd2891c7c353cfd6a100?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~438f9c7fd2891c7c353cfd6a100?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~45be84bfcbffd1c7c4c6fec15400?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~45be84bfcbffd1c7c4c6fec15400?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~45e512bd55921c8524abdab800?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~45e512bd55921c8524abdab800?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~49bfb8ef961d1c8a6108e785f00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~49bfb8ef961d1c8a6108e785f00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a021fe4179681c8992f960ce800?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a021fe4179681c8992f960ce800?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a026be412eda1c8992f8c838000?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a026be412eda1c8992f8c838000?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a0275e4164da1c8992f9ad19c00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a0275e4164da1c8992f9ad19c00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a027be418a2c1c8992f87becc00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a027be418a2c1c8992f87becc00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a0283e417e0b1c8992f81c8eb00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a0283e417e0b1c8992f81c8eb00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a02cde4193ca1c8992f91483400?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a02cde4193ca1c8992f91483400?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a02cfe4179191c8992f9f965000?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a02cfe4179191c8992f9f965000?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a186fe415ff91c8992f7aa1dd00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a186fe415ff91c8992f7aa1dd00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a18d5e415cd61c8992f75dd2900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a18d5e415cd61c8992f75dd2900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a18f6e416d2e1c8992fd79d9300?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a18f6e416d2e1c8992fd79d9300?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a4b9fe4187d81c8992f534b1000?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a4b9fe4187d81c8992f534b1000?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a4ba4e4177fe1c8992f3a425f00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a4ba4e4177fe1c8992f3a425f00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a4bd6e41914b1c8992f40384000?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a4bd6e41914b1c8992f40384000?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a4bf5e418cb01c8992f5cd47800?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a4bf5e418cb01c8992f5cd47800?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a5103e4fdd31c8992fa91fb800?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a5103e4fdd31c8992fa91fb800?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a5150e4159f91c8992fb177f300?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a5150e4159f91c8992fb177f300?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a51fbe415cad1c8992fab821200?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a51fbe415cad1c8992fab821200?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a5c0de41829e1c
2009-02-17 03:10:30: Trojan Remover has been restarted
The AppInitDLLs Registry entry has been reset
=======================================================
Removing the following registry keys:
HKCR\CLSID\{6230596F-3A44-4CDF-815B-372FA03C75D6} - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\clbdriver.sys - already removed (or did not exist)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\clbdriver.sys - already removed (or did not exist)
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon\Notify\mlJCTMcY - already removed (or did not exist)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1110380F-241D-47FE-B4A5-D3ACF1279C97} - already removed (or did not exist)
HKCR\CLSID\{1110380F-241D-47FE-B4A5-D3ACF1279C97} - already removed (or did not exist)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4253FCA-971C-42E3-99A3-8096A125935B} - already removed (or did not exist)
HKCR\CLSID\{F4253FCA-971C-42E3-99A3-8096A125935B} - already removed (or did not exist)
=======================================================
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[Windows UDP Control Center] - already deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\[{6230596F-3A44-4CDF-815B-372FA03C75D6}] - already deleted
HKLM\SYSTEM\CurrentControlSet\Services\clbdriver\[ImagePath] - already deleted
=======================================================
Unable to rename C:\WINDOWS\system32\drivers\clbdriver.sys to C:\WINDOWS\system32\drivers\clbdriver.sys.vir
(C:\WINDOWS\system32\drivers\clbdriver.sys does not appear to exist)
2009-02-17 03:10:30: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.5.2563. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 03:01:32 17 févr. 2009
Using Database v7287
Operating System: Windows XP Home Edition (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\Pascal\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Pascal\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus
AVG Anti-Virus
AVG Anti-Virus
************************************************************
************************************************************
03:01:32: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
03:01:32: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
03:01:32: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
03:01:37: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 2006-03-02 07:00
Modified: 2008-04-13 21:34
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 2006-03-02 07:00
Modified: 2008-04-13 21:34
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 2006-03-02 07:00
Modified: 2008-04-13 21:34
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: RemoteControl
Value Data: "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe
56928 bytes
Created: 2007-07-09 14:06
Modified: 2006-11-23 14:10
Company: Cyberlink Corp.
--------------------
Value Name: LanguageShortcut
Value Data: "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
C:\Program Files\CyberLink\PowerDVD\Language\Language.exe
54832 bytes
Created: 2007-07-09 14:06
Modified: 2006-12-05 21:55
Company:
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7311360 bytes
Created: 2006-01-24 05:15
Modified: 2006-01-24 05:15
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1519616 bytes
Created: 2006-01-24 05:15
Modified: 2006-01-24 05:15
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 2006-01-24 05:15
Modified: 2006-01-24 05:15
Company: NVIDIA Corporation
--------------------
Value Name: NeroFilterCheck
Value Data: C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
155648 bytes
Created: 2006-01-12 14:40
Modified: 2006-01-12 14:40
Company: Nero AG
--------------------
Value Name: High Definition Audio Property Page Shortcut
Value Data: HDAShCut.exe
C:\WINDOWS\system32\HDAShCut.exe
61952 bytes
Created: 2004-10-27 14:21
Modified: 2004-10-27 14:21
Company: Windows (R) Server 2003 DDK provider
--------------------
Value Name: VX1000
Value Data: C:\WINDOWS\vVX1000.exe
C:\WINDOWS\vVX1000.exe
707376 bytes
Created: 2006-06-29 18:42
Modified: 2006-10-13 16:04
Company: Microsoft Corporation
--------------------
Value Name: LifeCam
Value Data: "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
C:\Program Files\Microsoft LifeCam\LifeExp.exe
277296 bytes
Created: 2006-10-13 16:01
Modified: 2006-10-13 16:01
Company: Microsoft Corporation
--------------------
Value Name: HP Software Update
Value Data: C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
49152 bytes
Created: 2006-12-10 20:52
Modified: 2006-12-10 20:52
Company: Hewlett-Packard Co.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre6\bin\jusched.exe"
C:\Program Files\Java\jre6\bin\jusched.exe
136600 bytes
Created: 2008-12-15 11:07
Modified: 2008-12-15 11:07
Company: Sun Microsystems, Inc.
--------------------
Value Name: SoundMAXPnP
Value Data: C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
-R- 925696 bytes
Created: 2008-09-09 14:39
Modified: 2005-05-19 20:11
Company: Analog Devices, Inc.
--------------------
Value Name: SoundMAX
Value Data: "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
C:\Program Files\Analog Devices\SoundMAX\Smax4.exe
716800 bytes
Created: 2008-09-09 14:39
Modified: 2005-09-07 14:35
Company: Analog Devices, Inc.
--------------------
Value Name: WinampAgent
Value Data: "C:\Program Files\Winamp\winampa.exe"
C:\Program Files\Winamp\winampa.exe [file not found to scan]
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
413696 bytes
Created: 2008-11-04 10:30
Modified: 2008-11-04 10:30
Company: Apple Inc.
--------------------
Value Name: iTunesHelper
Value Data: "C:\Program Files\iTunes\iTunesHelper.exe"
C:\Program Files\iTunes\iTunesHelper.exe
290088 bytes
Created: 2008-11-20 13:20
Modified: 2008-11-20 13:20
Company: Apple Inc.
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1601304 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:16
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: Locks open bore help
Value Data: C:\Documents and Settings\All Users\Application Data\Dumb Save Locks Open\dent bin.exe
C:\Documents and Settings\All Users\Application Data\Dumb Save Locks Open\dent bin.exe
716800 bytes
Created: 2009-02-03 13:01
Modified: 2009-02-17 02:56
Company: Ttanp renwire boithewb
--------------------
Value Name: Windows UDP Control Center
Value Data: fxstaller.exe
C:\WINDOWS\fxstaller.exe
-RHS- 48690 bytes
Created: 2009-02-16 19:36
Modified: 2009-02-16 15:36
Company: [no info]
fxstaller.exe - this registry value has been removed
C:\WINDOWS\fxstaller.exe - running process located and terminated
C:\WINDOWS\fxstaller.exe - READ-ONLY, HIDDEN and SYSTEM file attributes removed
C:\WINDOWS\fxstaller.exe - file renamed to: C:\WINDOWS\fxstaller.exe.vir
--------------------
Value Name: EoEngine
Value Data: "C:\Program Files\EoRezo\EoEngine.exe"
C:\Program Files\EoRezo\EoEngine.exe
472872 bytes
Created: 2009-02-16 22:24
Modified: 2008-11-25 15:56
Company:
--------------------
Value Name: SoftwareHelper
Value Data: C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe
368224 bytes
Created: 2009-02-16 22:25
Modified: 2008-12-09 10:13
Company: EoRezo
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1237896 bytes
Created: 2009-02-17 02:59
Modified: 2009-02-05 19:52
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
Value Data: "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
143360 bytes
Created: 2006-12-23 17:05
Modified: 2006-12-23 17:05
Company: Nero AG
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 2006-03-02 07:00
Modified: 2008-04-13 21:33
Company: Microsoft Corporation
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
3885408 bytes
Created: 2009-02-06 18:51
Modified: 2009-02-06 18:51
Company: Microsoft Corporation
--------------------
Value Name: SRS Audio Sandbox
Value Data: "C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe" /hideme
C:\Program Files\SRS Labs\Audio Sandbox\SRSSSC.exe [file not found to scan]
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
68856 bytes
Created: 2007-07-27 12:42
Modified: 2007-07-27 12:42
Company: Google Inc.
--------------------
Value Name: ares vista
Value Data: "C:\Program Files\Ares Vista\AresVista.exe" -h
C:\Program Files\Ares Vista\AresVista.exe [file not found to scan]
--------------------
Value Name: Google Update
Value Data: "C:\Documents and Settings\Pascal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
C:\Documents and Settings\Pascal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 2009-01-06 12:15
Modified: 2009-01-06 12:15
Company: Google Inc.
--------------------
Value Name: Drvpeak
Value Data: C:\DOCUME~1\Pascal\APPLIC~1\ARMYSP~1\MAPI PROGRAM CAMP.exe
C:\DOCUME~1\Pascal\APPLIC~1\ARMYSP~1\MAPI PROGRAM CAMP.exe
569344 bytes
Created: 2009-01-09 12:44
Modified: 2009-02-03 13:00
Company: Anca
--------------------
Value Name: WMPNSCFG
Value Data: C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
204288 bytes
Created: 2006-11-03 08:59
Modified: 2006-11-03 08:59
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
************************************************************
03:01:54: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {6230596F-3A44-4CDF-815B-372FA03C75D6}
File: C:\WINDOWS\system32\mlJCTMcY.dll
C:\WINDOWS\system32\mlJCTMcY.dll - this registry value has been removed [file not found to scan]
HKCR\CLSID\{6230596F-3A44-4CDF-815B-372FA03C75D6} - this key has been removed
----------
************************************************************
03:01:58: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
03:01:58: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\PHOTOI~1.SCR
C:\WINDOWS\system32\PHOTOI~1.SCR
163840 bytes
Created: 2008-04-05 11:09
Modified: 2001-11-02 14:10
Company: ArcSoft Inc.
--------------------
************************************************************
03:01:58: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}
Path: "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
C:\WINDOWS\system32\rundll32.exe
33792 bytes
Created: 2006-03-02 07:00
Modified: 2008-04-13 21:34
Company: Microsoft Corporation
----------
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 2006-11-03 09:03
Modified: 2006-11-03 09:03
Company: [no info]
----------
************************************************************
03:01:59: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
03:01:59: Scanning ----- SERVICES REGISTRY KEYS -----
Key: aawservice
ImagePath: "C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe"
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
611664 bytes
Created: 2008-05-12 12:38
Modified: 2009-02-16 23:35
Company: Lavasoft
----------
Key: ADIHdAudAddService
ImagePath: system32\drivers\ADIHdAud.sys
C:\WINDOWS\system32\drivers\ADIHdAud.sys
-R- 141312 bytes
Created: 2008-09-09 14:39
Modified: 2005-10-05 04:21
Company: Analog Devices, Inc.
----------
Key: AEAudioService
ImagePath: system32\drivers\AEAudio.sys
C:\WINDOWS\system32\drivers\AEAudio.sys
-R- 127872 bytes
Created: 2008-09-09 14:39
Modified: 2005-03-04 07:53
Company: Andrea Electronics Corporation
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
132424 bytes
Created: 2008-11-07 14:28
Modified: 2008-11-07 14:28
Company: Apple Inc.
----------
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
903960 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:15
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
298264 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:15
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys
325128 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:16
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys
27656 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:16
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
107272 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:16
Company: AVG Technologies CZ, s.r.o.
----------
Key: BCM42RLY
ImagePath: \??\C:\WINDOWS\System32\BCM42RLY.SYS
C:\WINDOWS\System32\BCM42RLY.SYS
17992 bytes
Created: 2007-07-09 14:23
Modified: 2005-02-01 17:18
Company: Broadcom Corporation
----------
Key: Bonjour Service
ImagePath: "C:\Program Files\Bonjour\mDNSResponder.exe"
C:\Program Files\Bonjour\mDNSResponder.exe
238888 bytes
Created: 2008-12-12 11:17
Modified: 2008-12-12 11:17
Company: Apple Inc.
----------
Key: clbdriver
ImagePath: \??\globalroot\systemroot\system32\drivers\clbdriver.sys
C:\WINDOWS\system32\drivers\clbdriver.sys - has a *known* Malware filename: ROOTKIT.AGENT
C:\WINDOWS\system32\drivers\clbdriver.sys - this registry value has been removed [file not found to scan]
"SafeBoot\Minimal" registry entry for [clbdriver.sys] removed
"SafeBoot\Network" registry entry for [clbdriver.sys] removed
C:\WINDOWS\system32\drivers\clbdriver.sys - unable to take ownership/change permissions
C:\WINDOWS\system32\drivers\clbdriver.sys - marked for renaming when the PC is restarted (if it exists)
----------
Key: fssfltr
ImagePath: system32\DRIVERS\fssfltr_tdi.sys
C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys
55152 bytes
Created: 2009-02-16 21:56
Modified: 2009-02-06 18:08
Company: Microsoft Corporation
----------
Key: fsssvc
ImagePath: "C:\Program Files\Windows Live\Family Safety\fsssvc.exe"
C:\Program Files\Windows Live\Family Safety\fsssvc.exe
533360 bytes
Created: 2009-02-06 18:08
Modified: 2009-02-06 18:08
Company: Microsoft Corporation
----------
Key: grmnusb
ImagePath: system32\drivers\grmnusb.sys
C:\WINDOWS\system32\drivers\grmnusb.sys
7296 bytes
Created: 2008-07-06 13:06
Modified: 2003-09-23 09:42
Company: GARMIN Corp.
----------
Key: GTNDIS5
ImagePath: \??\C:\WINDOWS\system32\GTNDIS5.SYS
C:\WINDOWS\system32\GTNDIS5.SYS
15872 bytes
Created: 2007-07-09 14:23
Modified: 2003-09-25 21:15
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: gupdate1c98e0e58c1f5c4
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 2009-02-13 14:07
Modified: 2009-02-13 14:07
Company: Google Inc.
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
182768 bytes
Created: 2007-07-16 19:44
Modified: 2009-02-13 14:06
Company: Google
----------
Key: HdAudAddService
ImagePath: system32\drivers\HdAudio.sys
C:\WINDOWS\system32\drivers\HdAudio.sys
145920 bytes
Created: 2004-10-27 14:21
Modified: 2004-10-27 14:21
Company: Windows (R) Server 2003 DDK provider
----------
Key: HPZid412
ImagePath: system32\DRIVERS\HPZid412.sys
C:\WINDOWS\system32\DRIVERS\HPZid412.sys
-R- 49920 bytes
Created: 2008-07-19 16:50
Modified: 2006-12-06 01:02
Company: HP
----------
Key: HPZipr12
ImagePath: system32\DRIVERS\HPZipr12.sys
C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
-R- 16496 bytes
Created: 2008-07-19 16:50
Modified: 2006-12-06 01:02
Company: HP
----------
Key: HPZius12
ImagePath: system32\DRIVERS\HPZius12.sys
C:\WINDOWS\system32\DRIVERS\HPZius12.sys
-R- 21568 bytes
Created: 2008-07-19 16:49
Modified: 2006-12-06 01:02
Company: HP
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre6\bin\jqs.exe
152984 bytes
Created: 2008-12-15 11:07
Modified: 2008-12-15 11:07
Company: Sun Microsystems, Inc.
----------
Key: MS1000
ImagePath: System32\DRIVERS\MS1000.sys
C:\WINDOWS\System32\DRIVERS\MS1000.sys
5376 bytes
Created: 2009-02-16 22:49
Modified: 2009-02-16 22:49
Company: [no info]
----------
Key: MSCamSvc
ImagePath: "C:\Program Files\Microsoft LifeCam\MSCamS32.exe"
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
207664 bytes
Created: 2006-10-13 16:01
Modified: 2006-10-13 16:01
Company: Microsoft Corporation
----------
Key: MTsensor
ImagePath: system32\DRIVERS\ASACPI.sys
C:\WINDOWS\system32\DRIVERS\ASACPI.sys
-R- 5810 bytes
Created: 2007-07-09 14:04
Modified: 2004-08-12 21:56
Company:
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe
262144 bytes
Created: 2006-12-23 16:54
Modified: 2006-12-23 16:54
Company: Nero AG
----------
Key: NVENETFD
ImagePath: system32\DRIVERS\NVENETFD.sys
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
-R- 34176 bytes
Created: 2007-07-09 14:05
Modified: 2006-02-16 21:28
Company: NVIDIA Corporation
----------
Key: nvnetbus
ImagePath: system32\DRIVERS\nvnetbus.sys
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
-R- 13056 bytes
Created: 2007-07-09 14:05
Modified: 2006-02-16 21:28
Company: NVIDIA Corporation
----------
Key: RichVideo
ImagePath: "C:\Program Files\CyberLink\Shared Files\RichVideo.exe"
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
167936 bytes
Created: 2007-07-09 14:06
Modified: 2005-08-07 07:54
Company:
----------
Key: RT61
ImagePath: system32\DRIVERS\RT61.sys
C:\WINDOWS\system32\DRIVERS\RT61.sys
356096 bytes
Created: 2007-07-09 14:23
Modified: 2005-10-27 14:06
Company: Ralink Technology Inc.
----------
Key: SeaPort
ImagePath: "C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe"
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
226656 bytes
Created: 2009-01-14 17:53
Modified: 2009-01-14 17:53
Company: Microsoft Corp.
----------
Key: SenFiltService
ImagePath: system32\drivers\Senfilt.sys
C:\WINDOWS\system32\drivers\Senfilt.sys
-R- 393088 bytes
Created: 2008-09-09 14:39
Modified: 2005-08-11 00:49
Company: Sensaura
----------
Key: SQTECH905C
ImagePath: System32\Drivers\Capt905c.sys
C:\WINDOWS\System32\Drivers\Capt905c.sys
33890 bytes
Created: 2008-04-05 11:12
Modified: 2005-07-13 10:08
Company: Service & Quality Technology.
----------
Key: SRS_SSCFilter
ImagePath: system32\drivers\srs_sscfilter_i386.sys
C:\WINDOWS\system32\drivers\srs_sscfilter_i386.sys
-R- 39552 bytes
Created: 2007-07-13 11:12
Modified: 2007-05-03 09:28
Company:
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{401EB1D0-84F1-41F8-895E-FE35F5B899C8}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 2006-03-02 07:00
Modified: 2008-04-13 21:34
Company: Microsoft Corporation
----------
Key: VX1000
ImagePath: system32\DRIVERS\VX1000.sys
C:\WINDOWS\system32\DRIVERS\VX1000.sys
1966000 bytes
Created: 2006-06-29 18:42
Modified: 2006-10-13 16:04
Company: Microsoft Corporation
----------
Key: WMP54Gv4SVC
ImagePath: "C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe" "WMP54Gv4.exe"
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
41025 bytes
Created: 2007-07-09 14:23
Modified: 2004-02-06 21:56
Company: GEMTEKS
----------
Key: WpdUsb
ImagePath: system32\DRIVERS\wpdusb.sys
C:\WINDOWS\system32\DRIVERS\wpdusb.sys
38528 bytes
Created: 2004-08-11 00:45
Modified: 2006-10-18 19:00
Company: Microsoft Corporation
----------
************************************************************
03:02:27: Scanning -----VXD ENTRIES-----
************************************************************
03:02:27: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : avgrsstarter
DLLName: avgrsstx.dll
C:\WINDOWS\system32\avgrsstx.dll
10520 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:16
Company: AVG Technologies CZ, s.r.o.
----------
Key : mlJCTMcY
DLLName: mlJCTMcY.dll
mlJCTMcY.dll - this reference has been removed [file not found to scan]
----------
************************************************************
03:02:33: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
117528 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:15
Company: AVG Technologies CZ, s.r.o.
----------
************************************************************
03:02:33: Scanning ----- FOLDER\COLUMNHANDLERS -----
************************************************************
03:02:33: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {1110380F-241D-47FE-B4A5-D3ACF1279C97}
BHO: C:\WINDOWS\system32\wvUmjKbb.dll
C:\WINDOWS\system32\wvUmjKbb.dll - this BHO was being loaded by the following key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1110380F-241D-47FE-B4A5-D3ACF1279C97} - this key has been removed [file not found to scan]
C:\WINDOWS\system32\wvUmjKbb.dll - this BHO was referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{1110380F-241D-47FE-B4A5-D3ACF1279C97} - this key has been removed
----------
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
1078552 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:15
Company: AVG Technologies CZ, s.r.o.
----------
Key: {6EBF7485-159F-4bff-A14F-B9E3AAC4465B}
BHO: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
92504 bytes
Created: 2009-01-14 17:49
Modified: 2009-01-14 17:49
Company: Microsoft Corp.
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre6\bin\ssv.dll
C:\Program Files\Java\jre6\bin\ssv.dll
320920 bytes
Created: 2008-12-15 11:07
Modified: 2008-12-15 11:07
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
408448 bytes
Created: 2009-01-22 15:41
Modified: 2009-01-22 15:41
Company: Microsoft Corporation
----------
Key: {A057A204-BACC-4D26-9990-79A187E2698E}
BHO: C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
1968920 bytes
Created: 2008-12-19 22:52
Modified: 2009-01-30 16:16
Company: [COMPANYNAME]----------------------------
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
251504 bytes
Created: 2009-01-17 03:21
Modified: 2009-01-16 22:49
Company: [no info]
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
657904 bytes
Created: 2009-01-17 03:21
Modified: 2009-01-17 03:21
Company: Google Inc.
----------
Key: {C7B76B90-3455-4AE6-A752-EAC4D19689E5}
BHO: C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
C:\Program Files\EoRezo\EoAdv\EoRezoBHO.dll
42792 bytes
Created: 2009-02-16 22:25
Modified: 2008-11-18 15:15
Company: EoRezo
----------
Key: {C84D72FE-E17D-4195-BB24-76C02E2E7C4E}
BHO: C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
522224 bytes
Created: 2009-01-16 22:49
Modified: 2009-01-16 22:49
Company: Google Inc.
----------
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre6\bin\jp2ssv.dll
C:\Program Files\Java\jre6\bin\jp2ssv.dll
34816 bytes
Created: 2008-12-15 11:07
Modified: 2008-12-15 11:07
Company: Sun Microsystems, Inc.
----------
Key: {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}
BHO: C:\Program Files\Windows Live\Toolbar\wltcore.dll
C:\Program Files\Windows Live\Toolbar\wltcore.dll
1068904 bytes
Created: 2009-02-06 18:17
Modified: 2009-02-06 18:17
Company: Microsoft Corporation
----------
Key: {E7E6F031-17CE-4C07-BC86-EABFE594F69C}
BHO: C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
73728 bytes
Created: 2008-12-15 11:07
Modified: 2008-12-15 11:07
Company: Sun Microsystems, Inc.
----------
Key: {F4253FCA-971C-42E3-99A3-8096A125935B}
BHO: C:\WINDOWS\nfavxwdbsbq.dll
C:\WINDOWS\nfavxwdbsbq.dll - this BHO was being loaded by the following key:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4253FCA-971C-42E3-99A3-8096A125935B} - this key has been removed [file not found to scan]
C:\WINDOWS\nfavxwdbsbq.dll - this BHO was referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{F4253FCA-971C-42E3-99A3-8096A125935B} - this key has been removed
----------
************************************************************
03:02:39: Scanning ----- SHELLSERVICEOBJECTS -----
************************************************************
03:02:39: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
03:02:39: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
03:02:39: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [rgonbf.dll,cwgudx.dll]
rgonbf.dll - this reference will be removed [file not found to scan]
----------
cwgudx.dll - this reference will be removed [file not found to scan]
----------
************************************************************
03:02:43: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
03:02:44: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 2007-07-09 09:31
Modified: 2007-07-09 13:47
Company: [no info]
--------------------
HP Digital Imaging Monitor.lnk - links to C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
210520 bytes
Created: 2007-01-02 20:40
Modified: 2007-01-02 20:40
Company: Hewlett-Packard Co.
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
03:02:44: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 2008-07-30 11:34
Modified: 2008-07-30 11:34
Company: Apple Inc.
Parameters: -task
Next Run Time: 2009-02-18 17:26:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
----------
Taskname: B412DC9491854640.job
File: c:\docume~1\pascal\applic~1\armysp~1\proxybikebib.exe
c:\docume~1\pascal\applic~1\armysp~1\proxybikebib.exe
450560 bytes
Created: 2009-01-09 12:45
Modified: 2009-02-03 13:01
Company: Tessu dse
Parameters: [blank]
Next Run Time: 2009-02-17 04:00:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Pascal
Comments: [blank]
----------
Taskname: Google Software Updater.job
File: C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
182768 bytes
Created: 2007-07-16 19:44
Modified: 2009-02-13 14:06
Company: Google
Parameters: scheduled_start
Next Run Time: 2009-02-17 10:38:00
Status: La tâche n'a pas encore été exécutée
Creator: SYSTEM
Comments: Google Updater keeps your Google software up to date. If Google Updater Service is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work.
----------
Taskname: GoogleUpdateTaskMachine.job
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 2009-02-13 14:07
Modified: 2009-02-13 14:07
Company: Google Inc.
Parameters: /c
Next Run Time: Never
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Pascal
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: GoogleUpdateTaskUserS-1-5-21-682003330-179605362-725345543-1004.job
File: C:\Documents and Settings\Pascal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
C:\Documents and Settings\Pascal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
133104 bytes
Created: 2009-01-06 12:15
Modified: 2009-01-06 12:15
Company: Google Inc.
Parameters: /c
Next Run Time: Never
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Pascal
Comments: Keeps your Google software up to date. If this task is disabled or stopped, your Google software will not be kept up to date, meaning security vulnerabilities that may arise cannot be fixed and features may not work. This task uninstalls itself when there is no Google software using it.
----------
Taskname: User_Feed_Synchronization-{3536C6D3-C7EC-437A-9E7F-DB4442020AEE}.job
File: C:\WINDOWS\system32\msfeedssync.exe
C:\WINDOWS\system32\msfeedssync.exe
13312 bytes
Created: 2006-10-17 10:58
Modified: 2009-01-15 02:01
Company: Microsoft Corporation
Parameters: sync
Next Run Time: 2009-02-17 03:17:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Pascal
Comments: Met à jour les flux système obsolètes.
----------
************************************************************
03:02:46: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
03:02:46: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
921654 bytes
Created: 2007-07-10 18:00
Modified: 2009-02-09 19:48
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Pascal\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
921654 bytes
Created: 2007-07-10 18:00
Modified: 2009-02-09 19:48
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
----------
Additional checks completed
************************************************************
03:02:50: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[13 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[69 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[26 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[57 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[49 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[37 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[154 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[29 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[31 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[46 loaded modules in total]
--------------------
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe - file already scanned
[30 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[52 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe - file already scanned
[24 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe - file already scanned
[28 loaded modules in total]
--------------------
C:\Program Files\Bonjour\mDNSResponder.exe - file already scanned
[31 loaded modules in total]
--------------------
C:\Program Files\Google\Update\GoogleUpdate.exe - file already scanned
[25 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
[109 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[40 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[33 loaded modules in total]
--------------------
C:\Program Files\Java\jre6\bin\jqs.exe - file already scanned
[82 loaded modules in total]
--------------------
C:\Program Files\Microsoft LifeCam\MSCamS32.exe - file already scanned
[15 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[29 loaded modules in total]
--------------------
C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe - file already scanned
[21 loaded modules in total]
--------------------
C:\WINDOWS\system32\nvsvc32.exe
[33 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
[34 loaded modules in total]
--------------------
C:\Program Files\CyberLink\Shared Files\RichVideo.exe - file already scanned
[18 loaded modules in total]
--------------------
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe - file already scanned
[39 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
[39 loaded modules in total]
--------------------
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe - file already scanned
[9 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgemc.exe - file already scanned
[53 loaded modules in total]
--------------------
C:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
[81 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
[7 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
[31 loaded modules in total]
--------------------
C:\Program Files\Windows Media Player\WMPNetwk.exe
[67 loaded modules in total]
--------------------
C:\WINDOWS\vVX1000.exe - file already scanned
[22 loaded modules in total]
--------------------
C:\Program Files\AVG\AVG8\avgcsrvx.exe
[7 loaded modules in total]
--------------------
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe - file already scanned
[18 loaded modules in total]
--------------------
C:\Program Files\Java\jre6\bin\jusched.exe - file already scanned
[39 loaded modules in total]
--------------------
C:\Program Files\Analog Devices\Core\smax4pnp.exe - file already scanned
[33 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[30 loaded modules in total]
--------------------
C:\Program Files\iTunes\iTunesHelper.exe - file already scanned
[50 loaded modules in total]
--------------------
C:\WINDOWS\system32\wbem\wmiapsrv.exe
[42 loaded modules in total]
--------------------
C:\PROGRA~1\AVG\AVG8\avgtray.exe - file already scanned
[35 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE
[39 loaded modules in total]
--------------------
C:\Program Files\EoRezo\EoEngine.exe - file already scanned
[58 loaded modules in total]
--------------------
C:\Documents and Settings\Pascal\Application Data\eoRezo\SoftwareUpdate\SoftwareUpdateHP.exe - file already scanned
[27 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe - file already scanned
[41 loaded modules in total]
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
[24 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe
[44 loaded modules in total]
--------------------
C:\Program Files\iPod\bin\iPodService.exe
[26 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe - file already scanned
[33 loaded modules in total]
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - file already scanned
[51 loaded modules in total]
--------------------
C:\Documents and Settings\Pascal\Local Settings\Application Data\Google\Update\GoogleUpdate.exe - file already scanned
[25 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE
[45 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\IEXPLORE.EXE
[45 loaded modules in total]
--------------------
C:\Program Files\Windows Media Player\WMPNSCFG.exe - file already scanned
[24 loaded modules in total]
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
[62 loaded modules in total]
--------------------
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
[25 loaded modules in total]
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
[70 loaded modules in total]
--------------------
C:\Program Files\AVG\AVG8\avgscanx.exe
[22 loaded modules in total]
--------------------
C:\Program Files\AVG\AVG8\avgcsrvx.exe
[7 loaded modules in total]
--------------------
C:\Program Files\Lavasoft\Ad-Aware\Ad-Aware.exe
[41 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
[55 loaded modules in total]
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
[150 loaded modules in total]
--------------------
C:\Program Files\Windows Live\Toolbar\wltuser.exe
[39 loaded modules in total]
--------------------
C:\Program Files\AVG\AVG8\avgui.exe
[38 loaded modules in total]
--------------------
C:\Documents and Settings\Pascal\Application Data\Simply Super Software\Trojan Remover\ydc715.exe
FileSize: 2929528
[This is a Trojan Remover component]
[65 loaded modules in total]
--------------------
************************************************************
03:04:25: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
03:04:25: Scanning ------ %TEMP% DIRECTORY ------
C:\DOCUME~1\Pascal\LOCALS~1\Temp\0c4550fd-b9b0-4690-b0f8-deddf8d273f5.tmp appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\755dde5b-d4cb-46b3-ae52-595fef83688b.tmp appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\lqtuipja.dll
56732 bytes
Created: 2008-07-29 21:45
Modified: 2008-07-30 00:09
Company: [no info]
C:\DOCUME~1\Pascal\LOCALS~1\Temp\lqtuipja.dll appears to contain: TROJAN.VIRTUMONDE
C:\DOCUME~1\Pascal\LOCALS~1\Temp\lqtuipja.dll - file renamed to: C:\DOCUME~1\Pascal\LOCALS~1\Temp\lqtuipja.dll.vir
--------------------
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~107a7a81668d61c7c355c5b5a200?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~107a7a81668d61c7c355c5b5a200?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1233d77624a74e1c7c749540c9800?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1233d77624a74e1c7c749540c9800?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1387e9911c48e1c7ffd74d1ac500?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1387e9911c48e1c7ffd74d1ac500?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1433d7718a5c41c7c74950791100?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1433d7718a5c41c7c74950791100?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~153e59c8111d91c8960084120900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~153e59c8111d91c8960084120900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1773a07dc441c836269fefa900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1773a07dc441c836269fefa900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~18b1c74a1e191c8a6855101e900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~18b1c74a1e191c8a6855101e900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1c1ffce71263b1c7c355bd5d6700?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1c1ffce71263b1c7c355bd5d6700?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1d3e59fc10bca1c89603c91a900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~1d3e59fc10bca1c89603c91a900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2171ba20221501c89832cd499f00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2171ba20221501c89832cd499f00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~233e59fcfde51c89602fab00600?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~233e59fcfde51c89602fab00600?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~25bfb8ee9be11c8a6107ef91600?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~25bfb8ee9be11c8a6107ef91600?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~261ffce094f71c7c355c2221b00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~261ffce094f71c7c355c2221b00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2828a77673931c8a6854182a000?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2828a77673931c8a6854182a000?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~293e59c8fe951c89602d5bb9300?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~293e59c8fe951c89602d5bb9300?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~29663520a3b01c7ca50f762f300?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~29663520a3b01c7ca50f762f300?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~29a3c946a1711c85e2490b9fa00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~29a3c946a1711c85e2490b9fa00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2b825435db7c1c7c355b5052c00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2b825435db7c1c7c355b5052c00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2b8257f57f6341c8aa6f61dca100?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2b8257f57f6341c8aa6f61dca100?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2d147ce6a3a81c85e2491eb2700?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2d147ce6a3a81c85e2491eb2700?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2d15f07c206131c7e75b4b9d7900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2d15f07c206131c7e75b4b9d7900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2de030d11afd61c89357a8978800?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2de030d11afd61c89357a8978800?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2f3e59c3117d11c8960311565d00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2f3e59c3117d11c8960311565d00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2f3e59fdf7961c89602e409af00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~2f3e59fdf7961c89602e409af00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~32cefacf877f1c7c81f5fca8e00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~32cefacf877f1c7c81f5fca8e00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~335a1fe294481c81dd2d68d9600?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~335a1fe294481c81dd2d68d9600?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~338f9c62d26f51c7c353da913600?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~338f9c62d26f51c7c353da913600?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~36768b9adc61c89f4fb4866b00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~36768b9adc61c89f4fb4866b00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3affb60fedf6f1c7d4ade2a14900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3affb60fedf6f1c7d4ade2a14900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3bd5606e98951c7c415e7765e00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3bd5606e98951c7c415e7765e00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3c1ffce798651c7c355bd5d6700?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3c1ffce798651c7c355bd5d6700?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3cffb635e7c921c8317cf79c9900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3cffb635e7c921c8317cf79c9900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3d61e7721c0f81c7ffd94fca200?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3d61e7721c0f81c7ffd94fca200?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3db71f0a517c61c7c74f1dd21700?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3db71f0a517c61c7c74f1dd21700?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3dfb6dd1a97401c7c353e0871700?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3dfb6dd1a97401c7c353e0871700?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3f4d89cee7491c836d2afc4c700?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~3f4d89cee7491c836d2afc4c700?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~40416f60a2e01c7ca50f762f300?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~40416f60a2e01c7ca50f762f300?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~406ac489c011c7c4163c19d900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~406ac489c011c7c4163c19d900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~438f9c7fd2891c7c353cfd6a100?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~438f9c7fd2891c7c353cfd6a100?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~45be84bfcbffd1c7c4c6fec15400?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~45be84bfcbffd1c7c4c6fec15400?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~45e512bd55921c8524abdab800?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~45e512bd55921c8524abdab800?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~49bfb8ef961d1c8a6108e785f00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~49bfb8ef961d1c8a6108e785f00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a021fe4179681c8992f960ce800?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a021fe4179681c8992f960ce800?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a026be412eda1c8992f8c838000?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a026be412eda1c8992f8c838000?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a0275e4164da1c8992f9ad19c00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a0275e4164da1c8992f9ad19c00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a027be418a2c1c8992f87becc00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a027be418a2c1c8992f87becc00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a0283e417e0b1c8992f81c8eb00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a0283e417e0b1c8992f81c8eb00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a02cde4193ca1c8992f91483400?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a02cde4193ca1c8992f91483400?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a02cfe4179191c8992f9f965000?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a02cfe4179191c8992f9f965000?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a186fe415ff91c8992f7aa1dd00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a186fe415ff91c8992f7aa1dd00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a18d5e415cd61c8992f75dd2900?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a18d5e415cd61c8992f75dd2900?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a18f6e416d2e1c8992fd79d9300?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a18f6e416d2e1c8992fd79d9300?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a4b9fe4187d81c8992f534b1000?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a4b9fe4187d81c8992f534b1000?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a4ba4e4177fe1c8992f3a425f00?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a4ba4e4177fe1c8992f3a425f00?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a4bd6e41914b1c8992f40384000?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a4bd6e41914b1c8992f40384000?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a4bf5e418cb01c8992f5cd47800?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a4bf5e418cb01c8992f5cd47800?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a5103e4fdd31c8992fa91fb800?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a5103e4fdd31c8992fa91fb800?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a5150e4159f91c8992fb177f300?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a5150e4159f91c8992fb177f300?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a51fbe415cad1c8992fab821200?d appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a51fbe415cad1c8992fab821200?g appears to be in-use/locked
C:\DOCUME~1\Pascal\LOCALS~1\Temp\~4a5c0de41829e1c
16 juil. 2008 à 23:56
tu es genial ca a marcher le cheval de troie n apparait plus c cool. voici le rapport:
ComboFix 08-07-15.4 - CHRISTIAN 2008-07-16 22:36:00.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.508 [GMT 1:00]
Running from: C:\Documents and Settings\CHRISTIAN\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active
[color=red][b]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/b][/color]
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\autorun.inf
C:\WINDOWS\system32\amvo.exe
C:\WINDOWS\system32\amvo0.dll
C:\WINDOWS\system32\amvo1.dll
C:\WINDOWS\system32\ckvo.exe
C:\WINDOWS\system32\ckvo0.dll
D:\Autorun.inf
E:\Autorun.inf
F:\Autorun.inf
.
((((((((((((((((((((((((( Files Created from 2008-06-16 to 2008-07-16 )))))))))))))))))))))))))))))))
.
2008-07-16 21:25 . 2008-07-16 21:25 268 --ah----- C:\sqmdata05.sqm
2008-07-16 21:25 . 2008-07-16 21:25 244 --ah----- C:\sqmnoopt05.sqm
2008-07-16 21:22 . 2008-07-16 21:23 <DIR> d-------- C:\WINDOWS\system32\URTTemp
2008-07-16 20:51 . 2008-07-16 20:51 268 --ah----- C:\sqmdata04.sqm
2008-07-16 20:51 . 2008-07-16 20:51 244 --ah----- C:\sqmnoopt04.sqm
2008-07-16 20:47 . 2008-07-16 20:47 <DIR> d-------- C:\Program Files\Common Files\InstallShield
2008-07-16 20:47 . 2005-10-15 18:20 12,106 --a------ C:\WINDOWS\system32\drivers\OsaFsLoc.sys
2008-07-16 20:47 . 2005-06-30 16:58 7,296 --a------ C:\WINDOWS\system32\drivers\osaio.sys
2008-07-16 20:47 . 2005-09-13 15:34 4,392 --a------ C:\WINDOWS\system32\drivers\NdisFilt.sys
2008-07-16 20:47 . 2005-01-14 15:57 4,010 --a------ C:\WINDOWS\system32\drivers\osanbm.sys
2008-07-16 19:56 . 2008-07-16 19:57 <DIR> d-------- C:\Documents and Settings\LocalService\Application Data\SiteAdvisor
2008-07-16 19:56 . 2008-07-16 19:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2008-07-16 19:04 . 2008-07-16 19:04 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-07-16 19:03 . 2008-07-16 19:03 <DIR> d-------- C:\Program Files\Real
2008-07-16 19:03 . 2008-07-16 19:04 <DIR> d-------- C:\Program Files\Common Files\Real
2008-07-16 18:52 . 2008-07-16 18:53 <DIR> d-------- C:\Program Files\Google
2008-07-16 18:52 . 2008-07-16 19:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Google Updater
2008-07-16 18:34 . 2008-07-16 21:58 115,233 -r-hs---- C:\p83gjy.exe
2008-07-16 18:31 . 2008-07-16 18:31 268 --ah----- C:\sqmdata03.sqm
2008-07-16 18:31 . 2008-07-16 18:31 244 --ah----- C:\sqmnoopt03.sqm
2008-07-16 18:30 . 2008-07-16 18:30 <DIR> d-------- C:\Program Files\Common Files\Adobe
2008-07-16 18:25 . 2008-07-16 18:25 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-16 18:23 . 2008-07-16 18:23 <DIR> d-------- C:\Program Files\SuperCopier2
2008-07-16 18:20 . 2008-07-16 18:20 <DIR> d-------- C:\Program Files\MSECache
2008-07-16 12:44 . 2008-07-16 12:44 268 --ah----- C:\sqmdata02.sqm
2008-07-16 12:44 . 2008-07-16 12:44 244 --ah----- C:\sqmnoopt02.sqm
2008-07-16 10:25 . 2008-07-16 10:25 268 --ah----- C:\sqmdata01.sqm
2008-07-16 10:25 . 2008-07-16 10:25 244 --ah----- C:\sqmnoopt01.sqm
2008-07-16 00:53 . 2008-07-16 00:53 268 --ah----- C:\sqmdata00.sqm
2008-07-16 00:53 . 2008-07-16 00:53 244 --ah----- C:\sqmnoopt00.sqm
2008-07-16 00:38 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-16 00:38 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-16 00:38 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-16 00:16 . 2008-07-16 00:16 <DIR> d-------- C:\Documents and Settings\CHRISTIAN\Application Data\Yahoo!
2008-07-16 00:16 . 2008-07-16 00:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-16 00:14 . 2008-07-16 00:14 <DIR> d-------- C:\Program Files\Windows Live Favorites
2008-07-16 00:13 . 2008-07-16 00:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
2008-07-16 00:12 . 2008-07-16 00:15 <DIR> d-------- C:\Program Files\Windows Live Toolbar
2008-07-16 00:10 . 2008-07-16 00:10 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-16 00:09 . 2008-07-16 00:10 <DIR> d-------- C:\Program Files\MSN Messenger
2008-07-15 23:52 . 2008-07-15 23:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-15 23:49 . 2008-07-15 23:50 <DIR> d-------- C:\Program Files\Yahoo!
2008-07-15 23:13 . 2008-07-15 23:13 162 --a------ C:\WINDOWS\ODBC.INI
2008-07-15 23:04 . 2008-07-15 23:04 <DIR> d-------- C:\Program Files\Microsoft Works
2008-07-15 23:03 . 2008-07-15 23:03 <DIR> d-------- C:\Program Files\MSBuild
2008-07-15 23:02 . 2008-07-15 23:02 <DIR> d-------- C:\Program Files\Microsoft.NET
2008-07-15 23:00 . 2008-07-15 23:00 <DIR> d-------- C:\Program Files\Microsoft Visual Studio 8
2008-07-15 22:59 . 2008-07-15 23:03 <DIR> d-------- C:\WINDOWS\SHELLNEW
2008-07-15 22:59 . 2008-07-15 23:15 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-15 22:58 . 2008-07-15 22:58 <DIR> dr-h----- C:\MSOCache
2008-07-15 22:53 . 2008-07-16 21:28 77,312 -r-hs---- C:\WINDOWS\system32\ckvo1.dll
2008-07-15 22:52 . 2008-07-15 22:53 116,862 -r-hs---- C:\k.com
2008-07-15 21:55 . 2004-08-03 23:15 82,944 --a------ C:\WINDOWS\system32\drivers\wdmaud.sys
2008-07-15 21:55 . 2004-08-03 23:15 82,944 --a--c--- C:\WINDOWS\system32\dllcache\wdmaud.sys
2008-07-15 21:55 . 2001-08-17 14:00 54,272 --a------ C:\WINDOWS\system32\drivers\swmidi.sys
2008-07-15 21:55 . 2001-08-17 14:00 54,272 --a--c--- C:\WINDOWS\system32\dllcache\swmidi.sys
2008-07-15 21:55 . 2004-08-03 23:07 52,864 --a------ C:\WINDOWS\system32\drivers\DMusic.sys
2008-07-15 21:55 . 2004-08-03 23:07 52,864 --a--c--- C:\WINDOWS\system32\dllcache\dmusic.sys
2008-07-15 21:55 . 2004-08-03 23:07 6,400 --a------ C:\WINDOWS\system32\drivers\splitter.sys
2008-07-15 21:55 . 2004-08-03 23:07 6,400 --a--c--- C:\WINDOWS\system32\dllcache\splitter.sys
2008-07-15 21:54 . 2004-08-03 23:07 171,776 --a------ C:\WINDOWS\system32\drivers\kmixer.sys
2008-07-15 21:54 . 2004-08-03 23:07 171,776 --a--c--- C:\WINDOWS\system32\dllcache\kmixer.sys
2008-07-15 21:54 . 2004-08-03 22:39 142,464 --a------ C:\WINDOWS\system32\drivers\aec.sys
2008-07-15 21:54 . 2004-08-03 22:39 142,464 --a--c--- C:\WINDOWS\system32\dllcache\aec.sys
2008-07-15 21:54 . 2004-08-03 23:15 60,800 --a------ C:\WINDOWS\system32\drivers\sysaudio.sys
2008-07-15 21:54 . 2004-08-03 23:15 60,800 --a--c--- C:\WINDOWS\system32\dllcache\sysaudio.sys
2008-07-15 21:54 . 2004-08-03 22:58 7,552 --a------ C:\WINDOWS\system32\drivers\MSKSSRV.sys
2008-07-15 21:54 . 2004-08-03 22:58 7,552 --a--c--- C:\WINDOWS\system32\dllcache\mskssrv.sys
2008-07-15 21:54 . 2004-08-03 23:07 2,944 --a------ C:\WINDOWS\system32\drivers\drmkaud.sys
2008-07-15 21:54 . 2004-08-03 23:07 2,944 --a--c--- C:\WINDOWS\system32\dllcache\drmkaud.sys
2008-07-15 21:53 . 2008-07-15 21:53 <DIR> d-------- C:\Program Files\CONEXANT
2008-07-15 21:53 . 2004-08-03 22:58 5,376 --a------ C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2008-07-15 21:53 . 2004-08-03 22:58 5,376 --a--c--- C:\WINDOWS\system32\dllcache\mspclock.sys
2008-07-15 21:53 . 2004-08-03 22:58 4,992 --a------ C:\WINDOWS\system32\drivers\MSPQM.sys
2008-07-15 21:53 . 2004-08-03 22:58 4,992 --a--c--- C:\WINDOWS\system32\dllcache\mspqm.sys
2008-07-15 21:52 . 2008-07-15 21:52 <DIR> d-------- C:\WINDOWS\system32\RTCOM
2008-07-15 21:51 . 2004-08-03 23:15 145,792 --a------ C:\WINDOWS\system32\drivers\portcls.sys
2008-07-15 21:51 . 2004-08-03 23:15 145,792 --a--c--- C:\WINDOWS\system32\dllcache\portcls.sys
2008-07-15 21:51 . 2004-08-04 00:56 130,048 --a------ C:\WINDOWS\system32\ksproxy.ax
2008-07-15 21:51 . 2004-08-04 00:56 130,048 --a--c--- C:\WINDOWS\system32\dllcache\ksproxy.ax
2008-07-15 21:51 . 2004-08-03 23:08 60,288 --a------ C:\WINDOWS\system32\drivers\drmk.sys
2008-07-15 21:51 . 2004-08-03 23:08 60,288 --a--c--- C:\WINDOWS\system32\dllcache\drmk.sys
2008-07-15 21:51 . 2004-08-04 00:56 4,096 --a------ C:\WINDOWS\system32\ksuser.dll
2008-07-15 21:51 . 2004-08-04 00:56 4,096 --a--c--- C:\WINDOWS\system32\dllcache\ksuser.dll
2008-07-15 21:32 . 2008-07-15 21:32 <DIR> d-------- C:\WINDOWS\Options
2008-07-15 21:27 . 2008-07-15 21:27 <DIR> d-------- C:\Program Files\My Drivers
2008-07-15 21:09 . 2008-07-16 20:50 <DIR> d-------- C:\Program Files\InstallShield Installation Information
2008-07-15 21:08 . 2008-07-15 21:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
2008-07-15 19:48 . 2008-07-02 18:21 113,731 -r-hs---- C:\xmnm2.cmd
2008-07-15 19:47 . 2008-07-15 19:53 <DIR> d-------- C:\Documents and Settings\CHRISTIAN\Application Data\U3
2008-07-15 13:05 . 2004-08-03 23:08 26,496 --a--c--- C:\WINDOWS\system32\dllcache\usbstor.sys
2008-07-15 00:45 . 2008-07-15 00:45 <DIR> d-------- C:\Program Files\Windows Media Connect 2
2008-07-15 00:44 . 2008-07-15 00:44 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-07-15 00:44 . 2008-07-15 00:45 <DIR> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-15 00:30 . 2008-07-16 21:28 15,778 --a------ C:\WINDOWS\system32\Config.MPF
2008-07-15 00:28 . 2008-07-16 20:53 <DIR> d-------- C:\Program Files\SiteAdvisor
2008-07-15 00:28 . 2008-07-15 00:49 <DIR> d-------- C:\Documents and Settings\CHRISTIAN\Application Data\SiteAdvisor
2008-07-15 00:28 . 2005-04-20 19:22 608,448 --a------ C:\WINDOWS\system32\comctl32.ocx
2008-07-15 00:28 . 2006-03-03 11:07 143,360 --a------ C:\WINDOWS\system32\dunzip32.dll
2008-07-15 00:27 . 2007-11-22 06:44 201,320 --a------ C:\WINDOWS\system32\drivers\mfehidk.sys
2008-07-15 00:27 . 2007-11-22 06:44 79,304 --a------ C:\WINDOWS\system32\drivers\mfeavfk.sys
2008-07-15 00:27 . 2007-12-02 12:51 40,488 --a------ C:\WINDOWS\system32\drivers\mfesmfk.sys
2008-07-15 00:27 . 2007-11-22 06:44 35,240 --a------ C:\WINDOWS\system32\drivers\mfebopk.sys
2008-07-15 00:27 . 2007-11-22 06:44 33,832 --a------ C:\WINDOWS\system32\drivers\mferkdk.sys
2008-07-15 00:26 . 2008-07-15 00:26 <DIR> d-------- C:\Program Files\McAfee.com
2008-07-15 00:26 . 2008-07-15 21:59 <DIR> d-------- C:\Program Files\Common Files\McAfee
2008-07-15 00:26 . 2007-07-13 06:20 113,952 --a------ C:\WINDOWS\system32\drivers\Mpfp.sys
2008-07-15 00:25 . 2008-07-15 22:22 <DIR> d-------- C:\Program Files\McAfee
2008-07-15 00:21 . 2008-07-15 00:21 <DIR> d--hs---- C:\Documents and Settings\CHRISTIAN\UserData
2008-07-15 00:20 . 2008-07-15 00:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\McAfee
2008-07-15 00:07 . 2008-06-13 14:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-15 00:07 . 2008-06-13 14:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-15 20:31 117,115 --sh--r C:\1yl2d.bat
2008-07-14 23:18 81,984 ----a-w C:\WINDOWS\system32\bdod.bin
2008-07-14 23:18 --------- d-----w C:\Documents and Settings\All Users\Application Data\BitDefender
2008-07-14 21:48 --------- d-----w C:\Program Files\Common Files\Softwin
2008-07-14 21:30 --------- d-----w C:\Program Files\microsoft frontpage
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-09-13 15:04 1,045,050 ----a-w C:\WINDOWS\inf\mydrivers.exe
2006-06-28 00:25 4,304,384 ----a-w C:\WINDOWS\inf\RtkHDAud.Sys
2006-06-16 03:57 119,808 ----a-w C:\WINDOWS\inf\Rtnic64.sys
2006-06-16 03:56 83,968 ----a-w C:\WINDOWS\inf\Rtnicxp.sys
2006-06-16 03:56 83,456 ----a-w C:\WINDOWS\inf\RTNIC.SYS
2006-06-12 01:00 990,592 ----a-w C:\WINDOWS\inf\HSF_DPV.sys
2006-06-12 00:59 727,808 ----a-w C:\WINDOWS\inf\HSF_CNXT.sys
2006-06-12 00:59 208,384 ----a-w C:\WINDOWS\inf\HSFHWAZL.sys
2006-05-24 18:19 74,752 ----a-w C:\WINDOWS\inf\ESM7SK.sys
2006-05-24 18:19 61,056 ----a-w C:\WINDOWS\inf\EMS7SK.sys
2006-05-24 18:19 40,064 ----a-w C:\WINDOWS\inf\ESD7SK.sys
2006-05-16 02:04 2,879,488 ----a-w C:\WINDOWS\inf\SkyTel.exe
2006-05-10 10:27 43,520 ----a-w C:\WINDOWS\inf\AmdK8.sys
2006-04-27 08:48 307,200 ----a-w C:\WINDOWS\inf\atiiiexx.dll
2006-04-27 08:47 258,048 ----a-w C:\WINDOWS\inf\ati2dvag.dll
2006-04-27 08:46 1,540,096 ----a-w C:\WINDOWS\inf\ati2mtag.sys
2006-04-27 08:41 77,824 ----a-w C:\WINDOWS\inf\Oemdspif.dll
2006-04-27 08:41 61,440 ----a-w C:\WINDOWS\inf\ati2evxx.dll
2006-04-27 08:41 41,984 ----a-w C:\WINDOWS\inf\ati2edxx.dll
2006-04-27 08:41 26,112 ----a-w C:\WINDOWS\inf\Ati2mdxx.exe
2006-04-27 08:41 114,688 ----a-w C:\WINDOWS\inf\atipdlxx.dll
2006-04-27 08:39 53,248 ----a-w C:\WINDOWS\inf\ATIDDC.DLL
2006-04-27 08:39 405,504 ----a-w C:\WINDOWS\inf\ati2evxx.exe
2006-04-27 08:31 2,693,280 ----a-w C:\WINDOWS\inf\ati3duag.dll
2006-04-27 08:25 1,408,000 ----a-w C:\WINDOWS\inf\ativvaxx.dll
2006-04-27 08:20 6,684,672 ----a-w C:\WINDOWS\inf\atioglx1.dll
2006-04-27 08:17 5,033,984 ----a-w C:\WINDOWS\inf\atioglxx.dll
2006-04-27 08:12 151,552 ----a-w C:\WINDOWS\inf\atikvmag.dll
2006-04-27 08:11 17,408 ----a-w C:\WINDOWS\inf\atitvo32.dll
2006-04-27 08:05 40,960 ----a-w C:\WINDOWS\inf\ati2erec.dll
2006-04-27 08:05 282,624 ----a-w C:\WINDOWS\inf\ati2cqag.dll
2006-03-16 01:06 118,784 ----a-w C:\WINDOWS\inf\Uci32105.dll
2006-03-14 16:01 16,010,752 ----a-w C:\WINDOWS\inf\RTHDCPL.EXE
2006-03-14 14:49 9,711,104 ----a-w C:\WINDOWS\inf\RTLCPL.EXE
2006-03-14 14:45 2,809,344 ----a-w C:\WINDOWS\inf\ALCWZRD.EXE
2006-03-10 18:32 2,158,592 ----a-w C:\WINDOWS\inf\MicCal.exe
2006-03-09 16:45 364,544 ----a-w C:\WINDOWS\inf\RtlUpd.exe
2006-03-03 12:11 81,920 ----a-w C:\WINDOWS\inf\InstNT.exe
2006-03-03 12:10 81,920 ----a-w C:\WINDOWS\inf\SynTPCo2.dll
2006-03-03 12:09 557,056 ----a-w C:\WINDOWS\inf\SynISDLL.dll
2006-03-03 12:09 225,280 ----a-w C:\WINDOWS\inf\Tutorial.exe
2006-03-03 12:08 86,106 ----a-w C:\WINDOWS\inf\SynTPLpr.exe
2006-03-03 12:08 69,722 ----a-w C:\WINDOWS\inf\SynTPFcs.dll
2006-03-03 12:07 761,946 ----a-w C:\WINDOWS\inf\SynTPEnh.exe
2006-03-03 11:59 6,135,898 ----a-w C:\WINDOWS\inf\SynTPCpl.dll
2006-03-03 11:56 41,063 ----a-w C:\WINDOWS\inf\SynTPCOM.dll
2006-03-03 11:55 94,298 ----a-w C:\WINDOWS\inf\SynTPAPI.dll
2006-03-03 11:55 82,013 ----a-w C:\WINDOWS\inf\SynCOM.dll
2006-03-03 11:55 114,688 ----a-w C:\WINDOWS\inf\SynCtrl.dll
2006-03-03 11:52 192,672 ----a-w C:\WINDOWS\inf\SynTP.sys
2006-03-03 11:51 163,840 ----a-w C:\WINDOWS\inf\SynZMetr.exe
2006-03-03 11:51 147,456 ----a-w C:\WINDOWS\inf\SynMood.exe
2006-02-24 15:32 266,240 ----a-w C:\WINDOWS\inf\RTCOMDLL.dll
2006-02-20 16:00 86,016 ----a-w C:\WINDOWS\inf\SOUNDMAN.EXE
2006-02-14 19:57 86,016 ----a-w C:\WINDOWS\inf\mdmxsdk.dll
2006-02-14 19:57 12,672 ----a-w C:\WINDOWS\inf\mdmxsdk.sys
2006-01-24 18:44 488,448 ----a-w C:\WINDOWS\inf\ar5211.sys
2005-12-13 09:32 577,536 ----a-w C:\WINDOWS\inf\HXFSetup.exe
2005-10-31 02:17 135,168 ----a-w C:\WINDOWS\inf\RtlCPAPI.dll
2005-05-03 02:43 69,632 ----a-w C:\WINDOWS\inf\Alcmtr.exe
2005-01-07 16:07 138,752 ----a-w C:\WINDOWS\inf\Hdaudbus.sys
2004-12-09 13:54 46,592 ----a-w C:\WINDOWS\inf\smcirda.sys
2004-12-08 20:04 5,120 ----a-w C:\WINDOWS\inf\FILTRCOI.DLL
2004-12-07 22:10 16,896 ----a-w C:\WINDOWS\inf\DKbFltr.SYS
2001-11-09 10:01 24,064 ----a-w C:\WINDOWS\inf\ativcoxx.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 11:00 15360]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 17:43 4670704]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-07-07 17:45 1052672]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-07-16 18:52 68856]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-11-01 19:12 582992]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-07-16 19:03 185632]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6261\SiteAdv.exe" [2006-07-31 16:03 35416]
"RTHDCPL"="RTHDCPL.EXE" [2006-03-14 17:01 16010752 C:\WINDOWS\RTHDCPL.EXE]
"SkyTel"="SkyTel.EXE" [2006-05-16 03:04 2879488 C:\WINDOWS\SkyTel.exe]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 01:48:20 40048]
Adobe Reader Synchronizer.lnk - C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 00:01:50 734872]
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - J:\LaunchU3.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f9931c0-5266-11dd-9642-0016d4670dd2}]
\Shell\AutoRun\command - H:\1yl2d.bat
\Shell\explore\Command - H:\1yl2d.bat
\Shell\open\Command - H:\1yl2d.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5f9931c1-5266-11dd-9642-0016d4670dd2}]
\Shell\AutoRun\command - I:\1yl2d.bat
\Shell\explore\Command - I:\1yl2d.bat
\Shell\open\Command - I:\1yl2d.bat
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9843b3de-5319-11dd-964c-0016d4670dd2}]
\Shell\AutoRun\command - H:\k.com
\Shell\explore\Command - H:\k.com
\Shell\open\Command - H:\k.com
*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90
.
Contents of the 'Scheduled Tasks' folder
"2008-07-16 21:09:01 C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
"2008-07-15 00:01:44 C:\WINDOWS\Tasks\McDefragTask.job"
- C:\WINDOWS\system32\defrag.exe
"2008-07-14 23:26:30 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe.4158 0
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-kamsoft - C:\WINDOWS\system32\ckvo.exe
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-16 22:38:03
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\C:\DOCUME~1\CHRIST~1\LOCALS~1\Temp\mc21.tmp"
.
Completion time: 2008-07-16 22:39:00
ComboFix-quarantined-files.txt 2008-07-16 21:38:56
Pre-Run: 16,164,728,832 bytes free
Post-Run: 16,469,401,600 bytes free
288 --- E O F --- 2008-07-15 20:58:18