Sujet Précédent Sujet Suivant

Virus trojan

Fermé
warda2 Messages postés 254 Date d'inscription mardi 8 juillet 2008 Statut Membre Dernière intervention 17 novembre 2009 - 22 juil. 2008 à 23:53
warda2 Messages postés 254 Date d'inscription mardi 8 juillet 2008 Statut Membre Dernière intervention 17 novembre 2009 - 23 juil. 2008 à 01:31
Bonjour,

aprés avoir fais un scan avec le logiciel TROJAN REMORVER
voila le rapport/

TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
22/07/2008 22:28:36: Trojan Remover has been restarted
Trojan Remover forced a System Restart by terminating WINLOGON.EXE.
The Cleanup Utility was used to remove locked registry keys.
Unable to rename C:\Program Files\Alwil Software\Avast4\ashWebSv.exe to C:\Program Files\Alwil Software\Avast4\ashWebSv.exe.ren
(C:\Program Files\Alwil Software\Avast4\ashWebSv.exe does not appear to exist)
22/07/2008 22:28:36: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.5.9, Build 2457. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 22/07/2008 22:22:22
Using Database v6759
Operating System: Windows XP Professional Service Pack 2 (Build 2600)
Using data directory: C:\Documents and Settings\moi\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\moi\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges


**************************************************
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
The regfile\shell\open\command Registry Key appears to have been modified.
The current Registry entry is: regedit.exe "%1" %*.
This entry calls the following file:
C:\WINDOWS\regedit.exe
Trojan Remover has restored the Registry regfile\shell\open key.
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

******************************
22:22:37: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

******************************
22:22:37: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

******************************
22:22:37: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

******************************
22:22:39: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = VTTimer
Value Data = VTTimer.exe - this command has been left in place
--------------------
Value Name = VTTrayp
Value Data = VTtrayp.exe - this command has been left in place
--------------------
Value Name = RTHDCPL
Value Data = RTHDCPL.EXE - this command has been left in place
--------------------
Value Name = SkyTel
Value Data = SkyTel.EXE - this command has been left in place
--------------------
Value Name = Alcmtr
Value Data = ALCMTR.EXE - this command has been left in place
--------------------
Value Name = HP Software Update
Value Data = C:\Program Files\HP\HP Software Update\HPWuSchd2.exe - this command has been left in place
--------------------
Value Name = NeroFilterCheck
Value Data = C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe - this command has been left in place
--------------------
Value Name = TkBellExe
Value Data = C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot - this command has been left in place
--------------------
Value Name = Adobe Reader Speed Launcher
Value Data = C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe - this command has been left in place
--------------------
Value Name = QuickTime Task
Value Data = C:\Program Files\QuickTime\qttask.exe" -atboottime - this command has been left in place
--------------------
Value Name = avast!
Value Data = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - this command has been left in place [file not found to scan]
--------------------
Value Name = WinampAgent
Value Data = C:\Program Files\Winamp\winampa.exe - this command has been left in place
--------------------
Value Name = PWRISOVM.EXE
Value Data = C:\Program Files\PowerISO\PWRISOVM.EXE - this command has been left in place
--------------------
Value Name = PC Booster
Value Data = C:\Program Files\inKline Global\PC Booster\pcbooster.exe - this command has been left in place
--------------------
Value Name = !AVG Anti-Spyware
Value Data = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized - this command has been left in place
--------------------
Value Name = 2c06b89a
Value Data = rundll32.exe "C:\WINDOWS\system32\aweuyjhm.dll",b - this command has been left in place [file not found to scan]
--------------------
Value Name = avgnt
Value Data = C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key attempts to run the following program(s):
Value Name = S-C66FF174F88A4
Value Data = .vbe - this command has been left in place [file not found to scan]
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = CTFMON.EXE
Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
--------------------
Value Name = LightScribe Control Panel
Value Data = C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" -hidden - this command has been left in place
--------------------
Value Name = BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
Value Data = C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe - this command has been left in place
--------------------
Value Name = swg
Value Data = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe - this command has been left in place
--------------------
Value Name = MsnMsgr
Value Data = C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background - this command has been left in place
--------------------
Value Name = WhenUSave
Value Data = C:\Program Files\Save\Save.exe - this command has been left in place [file not found to scan]
--------------------
Value Name = Yahoo! Pager
Value Data = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet - this command has been left in place
--------------------
Value Name = ares
Value Data = C:\Program Files\Ares\Ares.exe" -h - this command has been left in place
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

******************************
22:22:42: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll - this ShellExecuteHook has been left in place
----------

******************************
22:22:42: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Registry Run Keys Hidden Entries found
----------

******************************
22:22:42: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

******************************
22:22:42: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key={10880D85-AAD9-4558-ABDC-2AB1552D831F}
StubPath=C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------

******************************
22:22:44: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this file is globally excluded (file cannot be found)
--------------------
Key=hpqcxs08
ServiceDLL=C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll - this reference has been left in place
--------------------
Key=hpqddsvc
ServiceDLL=C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll - this reference has been left in place
--------------------
Key=HTTPFilter
ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=Net Driver HPZ12
ServiceDLL=C:\WINDOWS\system32\HPZinw12.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
--------------------
Key=Pml Driver HPZ12
ServiceDLL=C:\WINDOWS\system32\HPZipm12.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RemoteRegistry
ServiceDLL=%SystemRoot%\system32\regsvc.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\system32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\system32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSN
ServiceDLL=C:\WINDOWS\system32\MsPMSNSv.dll - this reference has been left in place
--------------------
Key=Wmi
ServiceDLL=%SystemRoot%\System32\advapi32.dll - this reference has been left in place
--------------------
Key=wscsvc
ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\WINDOWS\system32\wuauserv.dll - this reference has been left in place
--------------------
Key=WudfSvc
ServiceDLL=%SystemRoot%\System32\WUDFSvc.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
--------------------
Key=xmlprov
ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place

******************************
22:22:51: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=ACPI
ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=AntiVirScheduler
ImagePath="C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe" - this reference has been left in place
----------
Key=AntiVirService
ImagePath="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe" - this reference has been left in place
----------
Key=AresChatServer
ImagePath=C:\Program Files\Ares\chatServer.exe - this reference has been left in place
----------
Key=aspnet_state
ImagePath=%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - this reference has been left in place
----------
Key=aswFsBlk
ImagePath=system32\DRIVERS\aswFsBlk.sys - this reference has been left in place
----------
Key=AsyncMac
ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=avast! Antivirus
ImagePath="C:\Program Files\Alwil Software\Avast4\ashServ.exe" - Trojan Remover was unable to remove this reference
(unable to access the registry key or file?)
----------
Key=avast! Mail Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service - Trojan Remover was unable to remove this reference
(unable to access the registry key or file?)
----------
Key=avast! Web Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service - Trojan Remover was unable to remove this reference
(unable to access the registry key or file?)
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe - process is either not running or could not be terminated
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe - MoveFileEx call failed (in ForceRename)
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" has been marked for renaming when the PC is restarted (if it exists)
----------
Key=AVG Anti-Spyware Driver
ImagePath=\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys - this reference has been left in place
----------
Key=AVG Anti-Spyware Guard
ImagePath=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - this reference has been left in place
----------
Key=AvgAsCln
ImagePath=System32\DRIVERS\AvgAsCln.sys - this reference has been left in place
----------
Key=avgio
ImagePath=\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys - this reference has been left in place
----------
Key=avgntflt
ImagePath=\??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys - this reference has been left in place
----------
Key=avipbb
ImagePath=system32\DRIVERS\avipbb.sys - this reference has been left in place
----------
Key=bdfdll
ImagePath=\??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys - this reference has been left in place
----------
Key=BDFSDRV
ImagePath=\??\C:\Program Files\Softwin\BitDefender10\bdfsdrv.sys - this reference has been left in place
----------
Key=bdpredir
ImagePath=\??\C:\Program Files\Softwin\BitDefender10\bdpredir.sys - this reference has been left in place
----------
Key=BDRSDRV
ImagePath=\??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys - this reference has been left in place
----------
Key=bdss
ImagePath="C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service - this reference has been left in place
----------
Key=Cdrom
ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=CiSvc
ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=clr_optimization_v2.0.50727_32
ImagePath=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=Disk
ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=Fdc
ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=FETND5BV
ImagePath=system32\DRIVERS\fetnd5bv.sys - this reference has been left in place
----------
Key=FETNDIS
ImagePath=system32\DRIVERS\fetnd5.sys - this reference has been left in place
----------
Key=Flpydisk
ImagePath=system32\DRIVERS\flpydisk.sys - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place
----------
Key=Ftdisk
ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=Gpc
ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=gusvc
ImagePath="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
----------
Key=HDAudBus
ImagePath=system32\DRIVERS\HDAudBus.sys - this reference has been left in place
----------
Key=HPZid412
ImagePath=system32\DRIVERS\HPZid412.sys - this reference has been left in place
----------
Key=HPZipr12
ImagePath=system32\DRIVERS\HPZipr12.sys - this reference has been left in place
----------
Key=HPZius12
ImagePath=system32\DRIVERS\HPZius12.sys - this reference has been left in place
----------
Key=HTTP
ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=IDriverT
ImagePath="C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe" - this reference has been left in place
----------
Key=Imapi
ImagePath=system32\DRIVERS\imapi.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\system32\imapi.exe - this reference has been left in place
----------
Key=IntcAzAudAddService
ImagePath=system32\drivers\RtkHDAud.sys - this reference has been left in place
----------
Key=intelppm
ImagePath=system32\DRIVERS\intelppm.sys - this reference has been left in place
----------
Key=Ip6Fw
ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=IPSec
ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=Kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=LightScribeService
ImagePath="C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe" - this reference has been left in place
----------
Key=LIVESRV
ImagePath="C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place
----------
Key=Mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=system32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NMIndexingService
ImagePath="C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexingService.exe" - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=system32\DRIVERS\nwlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=system32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
----------
Key=odserv
ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE" - this reference has been left in place
----------
Key=ose
ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" - this reference has been left in place
----------
Key=PCI
ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=PCIIde
ImagePath=system32\DRIVERS\pciide.sys - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=system32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=system32\DRIVERS\raspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=rdpdr
ImagePath=system32\DRIVERS\rdpdr.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=system32\DRIVERS\redbook.sys - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\system32\rsvp.exe - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=se46bus
ImagePath=system32\DRIVERS\se46bus.sys - this reference has been left in place
----------
Key=se46mdfl
ImagePath=system32\DRIVERS\se46mdfl.sys - this reference has been left in place
----------
Key=se46mdm
ImagePath=system32\DRIVERS\se46mdm.sys - this reference has been left in place
----------
Key=se46mgmt
ImagePath=system32\DRIVERS\se46mgmt.sys - this reference has been left in place
----------
Key=se46nd5
ImagePath=system32\DRIVERS\se46nd5.sys - this reference has been left in place
----------
Key=se46obex
ImagePath=system32\DRIVERS\se46obex.sys - this reference has been left in place
----------
Key=se46unic
ImagePath=system32\DRIVERS\se46unic.sys - this reference has been left in place
----------
Key=Secdrv
ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=serenum
ImagePath=system32\DRIVERS\serenum.sys - this reference has been left in place
----------
Key=Serial
ImagePath=system32\DRIVERS\serial.sys - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=sr
ImagePath=system32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=Srv
ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=ssmdrv
ImagePath=system32\DRIVERS\ssmdrv.sys - this reference has been left in place
----------
Key=swenum
ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{80FC3B42-4A6F-43FA-9643-D4910A078485} - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=Tcpip
ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=TlntSvr
ImagePath=C:\WINDOWS\system32\tlntsvr.exe - this reference has been left in place
----------
Key=uagp35
ImagePath=system32\DRIVERS\uagp35.sys - this reference has been left in place
----------
Key=Update
ImagePath=system32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbccgp
ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbehci
ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbprint
ImagePath=system32\DRIVERS\usbprint.sys - this reference has been left in place
----------
Key=usbscan
ImagePath=system32\DRIVERS\usbscan.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usbuhci
ImagePath=system32\DRIVERS\usbuhci.sys - this reference has been left in place
----------
Key=usnjsvc
ImagePath="C:\Program Files\MSN Messenger\usnsvc.exe" - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=viagfx
ImagePath=system32\DRIVERS\vtmini.sys - this reference has been left in place
----------
Key=ViaIde
ImagePath=system32\DRIVERS\viaide.sys - this reference has been left in place
----------
Key=videX32
ImagePath=system32\DRIVERS\videX32.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=VSSERV
ImagePath="C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service - this reference has been left in place
----------
Key=w810bus
ImagePath=system32\DRIVERS\w810bus.sys - this reference has been left in place
----------
Key=w810mdfl
ImagePath=system32\DRIVERS\w810mdfl.sys - this reference has been left in place
----------
Key=w810mdm
ImagePath=system32\DRIVERS\w810mdm.sys - this reference has been left in place
----------
Key=Wanarp
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place
----------
Key=WS2IFSL
ImagePath=\SystemRoot\System32\drivers\ws2ifsl.sys - this reference has been left in place
----------
Key=WudfPf
ImagePath=system32\DRIVERS\WudfPf.sys - this reference has been left in place
----------
Key=WudfRd
ImagePath=system32\DRIVERS\wudfrd.sys - this reference has been left in place
----------
Key=XCOMM
ImagePath="C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service - this reference has been left in place
----------

******************************
22:23:51: Scanning -----VXD ENTRIES-----
Checking VMM32 VxD files being loaded

******************************
22:23:51: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------

******************************
22:23:52: Scanning ----- CONTEXTMENUHANDLERS -----
Key = AVG Anti-Spyware
CLSID = {8934FCEF-F5B8-468f-951F-78A921CD3920}
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll - this ContextMenuHandler has been left in place
----------
Key = Fichiers hors connexion
CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
%SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = PowerISO
CLSID = {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
C:\Program Files\PowerISO\PWRISOSH.DLL - this ContextMenuHandler has been left in place
----------
Key = Shell Extension for Malware scanning
CLSID = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll - this ContextMenuHandler has been left in place
----------
Key = TotalConverter
CLSID = {280CFDE1-1354-4431-92F3-03073BA593FB}
C:\Program Files\TotalAudioConverter\axTotalConverter.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = WinRAR
CLSID = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Program Files\WinRAR\rarext.dll - this ContextMenuHandler has been left in place
----------
Key = Yahoo! Mail
CLSID = {5464D816-CF16-4784-B9F3-75C0DB52B499}
C:\PROGRA~1\Yahoo!\Common\ymmapi.dll - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = {D653647D-D607-4df6-A5B8-48D2BA195F7B}
C:\Program Files\Softwin\BitDefender10\bdshelxt.dll - this ContextMenuHandler has been left in place
----------

******************************
22:23:53: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {7D4D6379-F301-4311-BEBA-E26EB0561882}
C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll - this Folder\ColumnHandler has been left in place
----------
Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
----------

******************************
22:23:54: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {02478D38-C3F9-4efb-9B51-7695ECA05670}
C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll - this Browser Helper Object has been left in place
----------
Key = {0347C33E-8762-4905-BF09-768834316C61}
C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll - this Browser Helper Object has been left in place
----------
Key = {053F9267-DC04-4294-A72C-58F732D338C0}
C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll - this Browser Helper Object has been left in place
----------
Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place
----------
Key = {3049C3E9-B461-4BC5-8870-4C09146192CA}
C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll - this Browser Helper Object has been left in place
----------
Key = {AA58ED58-01DD-4d91-8333-CF10577473F7}
c:\program files\google\googletoolbar2.dll - this Browser Helper Object has been left in place
----------

******************************
22:23:54: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
%SystemRoot%\system32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place
----------
Key = WPDShServiceObj
C:\WINDOWS\system32\WPDShServiceObj.dll - this ShellServiceObject has been left in place
----------

******************************
22:23:55: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment = Pré-chargeur Browseui
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------
Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment = Démon de cache des catégories de composant
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------

******************************
22:23:55: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

******************************
22:23:55: Scanning ----- APPINIT_DLLS -----
[AppInitDLLs entry = sockspy.dll]
The following AppInit_DLLs are loaded at boot-time:
sockspy.dll - this file has been left in place
----------

******************************
22:23:55: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
desktop.ini - this file is expected and has been left in place
--------------------
HP Digital Imaging Monitor.lnk - this links to C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe and has been left in place
--------------------

******************************
No User Startup Groups were located to check

******************************
22:23:55: Scanning ----- SCHEDULED TASKS -----

******************************
22:23:55: ----- EXTRA CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------

******************************
22:23:56: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
C:\WINDOWS\Downloaded Program Files\erma.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\FP_AX_CAB_INSTALLER.exe - this file has been left in place
C:\WINDOWS\Downloaded Program Files\swflash.inf - this file has been left in place

******************************
22:23:57: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\WINDOWS\system32\VTTimer.exe
--------------------
C:\WINDOWS\system32\VTtrayp.exe
--------------------
C:\WINDOWS\RTHDCPL.EXE
--------------------
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
--------------------
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
--------------------
C:\Program Files\QuickTime\qttask.exe
--------------------
C:\Program Files\Winamp\winampa.exe
--------------------
C:\Program Files\PowerISO\PWRISOVM.EXE
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe
--------------------
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
--------------------
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
--------------------
C:\Program Files\MSN Messenger\MsnMsgr.Exe
--------------------
C:\Program Files\Ares\Ares.exe
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
--------------------
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
--------------------
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
--------------------
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
--------------------
C:\Program Files\Softwin\BitDefender10\vsserv.exe
--------------------
C:\WINDOWS\system32\wscntfy.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
--------------------
C:\Program Files\MSN Messenger\usnsvc.exe
--------------------
C:\Documents and Settings\moi\Application Data\Simply Super Software\Trojan Remover\vfe19.exe
FileSize: 1 782 336
[This is a Trojan Remover component]
--------------------

******************************
22:24:05: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

******************************
22:24:05: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

******************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.fr/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl

******************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 22/07/2008 22:24:05
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
22/07/2008 22:24:26: restart commenced
************************************************************
A voir également:

12 réponses

Réponse 1 / 12
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
22 juil. 2008 à 23:57
Salut,

- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

- Clique sur Install ensuite sur I Accept

- Clique sur Do a scan system and save log file

- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
0
Réponse 2 / 12
warda2 Messages postés 254 Date d'inscription mardi 8 juillet 2008 Statut Membre Dernière intervention 17 novembre 2009 4
23 juil. 2008 à 00:04
voila le rapport:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:03:26, on 22/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: qndsfmao - {D8FFA8AE-BBE8-4D3F-A249-64B2D03EEB25} - C:\WINDOWS\qndsfmao.dll (file missing)
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [PC Booster] "C:\Program Files\inKline Global\PC Booster\pcbooster.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [2c06b89a] rundll32.exe "C:\WINDOWS\system32\aweuyjhm.dll",b
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WhenUSave] "C:\Program Files\Save\Save.exe"
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKLM\..\Policies\Explorer\Run: [S-C66FF174F88A4] .vbe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 3 / 12
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
23 juil. 2008 à 00:06
T'es infecté par Vundo mais pas seulement.

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt
0
Réponse 4 / 12
warda2 Messages postés 254 Date d'inscription mardi 8 juillet 2008 Statut Membre Dernière intervention 17 novembre 2009 4
23 juil. 2008 à 00:38
ComboFix 08-07-21.2 - moi 2008-07-22 23:17:38.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.120 [GMT 1:00]
Endroit: C:\Documents and Settings\moi\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\moi\Application Data\tazebama
C:\Documents and Settings\moi\Application Data\tazebama\tazebama.log
C:\WINDOWS\system32\AutoRun.inf
C:\WINDOWS\system32\dqgvfeom.ini
C:\WINDOWS\system32\kskverfu.ini
C:\WINDOWS\system32\mhjyuewa.ini
C:\WINDOWS\system32\tuvtutTJ.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-06-22 to 2008-07-22 ))))))))))))))))))))))))))))))))))))
.

2008-07-22 22:21 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-07-22 22:21 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-07-22 22:20 . 2008-07-22 22:29 <REP> d-------- C:\Program Files\Trojan Remover
2008-07-22 22:20 . 2008-07-22 22:20 <REP> d-------- C:\Documents and Settings\moi\Application Data\Simply Super Software
2008-07-22 21:36 . 2008-07-22 21:36 117 --a------ C:\WINDOWS\??AVSCAN-20080722-213618-24E6DB58.avp
2008-07-22 18:38 . 2008-07-22 18:38 <REP> d-------- C:\Program Files\Avira
2008-07-22 18:38 . 2008-07-22 18:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avira
2008-07-22 15:18 . 2008-07-22 15:18 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-22 15:18 . 2008-07-22 15:18 <REP> d-------- C:\Documents and Settings\moi\Application Data\Malwarebytes
2008-07-22 15:18 . 2008-07-22 15:18 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-22 15:18 . 2008-07-20 20:21 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-22 15:18 . 2008-07-20 20:21 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-22 14:24 . 2008-07-22 14:24 94,848 --a------ C:\WINDOWS\system32\aweuyjhm.VIR
2008-07-22 12:27 . 2008-07-22 13:11 3,228 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-22 12:27 . 2008-07-22 13:11 0 --a------ C:\WINDOWS\system32\tmp.MSNFix
2008-07-22 12:25 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-22 12:25 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-22 12:25 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-22 12:25 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-22 12:25 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-22 12:25 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-22 12:25 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-22 12:25 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-22 12:25 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-22 11:17 . 2008-07-22 11:17 181 --a------ C:\WINDOWS\cookies.MSNFix
2008-07-21 18:58 . 2008-07-21 18:58 <REP> d-------- C:\Program Files\ESET
2008-07-21 18:58 . 2008-07-21 18:58 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ESET
2008-07-21 16:12 . 2008-07-21 16:12 <REP> d-------- C:\Documents and Settings\moi\Application Data\Grisoft
2008-07-21 16:12 . 2008-07-21 16:12 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-07-21 16:12 . 2007-05-30 13:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-07-21 15:41 . 2008-07-21 15:41 <REP> d-------- C:\kav
2008-07-21 15:22 . 2008-07-22 22:29 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-21 14:18 . 2008-07-21 14:18 12,413,440 --a------ C:\Program Files\avgas-setup-7.5.1.43.exe
2008-07-21 13:44 . 2008-07-21 13:44 <REP> d-------- C:\Program Files\Trend Micro
2008-07-21 00:22 . 2008-07-21 00:22 164 --a------ C:\install.dat
2008-07-20 23:47 . 2008-07-21 00:19 <REP> d-------- C:\Documents and Settings\moi\Application Data\GetRightToGo
2008-07-20 22:43 . 2008-07-20 23:26 343 --a------ C:\WINDOWS\wininit.ini
2008-07-20 21:29 . 2008-07-20 21:29 30,208 --------- C:\WINDOWS\system32\ntdll64.dll
2008-07-20 20:45 . 2008-07-20 20:45 322,304 --------- C:\WINDOWS\system32\cbXolljI.VIR
2008-07-20 18:50 . 2008-07-20 18:50 <REP> d-------- C:\Program Files\Bitlord Pro (UseNext).rar
2008-07-20 18:46 . 2008-07-20 18:51 <REP> d-------- C:\Program Files\BitLord
2008-07-19 23:55 . 2008-07-19 23:55 <REP> d-------- C:\Program Files\MSXML 4.0
2008-07-19 20:58 . 2008-07-19 20:58 354,722 --a------ C:\Program Files\BitLord_1.01.exe
2008-07-19 18:53 . 2008-07-19 18:53 82 --a------ C:\WINDOWS\mafosav.INI
2008-07-19 13:38 . 2008-07-19 13:38 0 --a------ C:\WINDOWS\nsreg.dat
2008-07-19 13:37 . 2008-07-19 15:33 <REP> d-------- C:\Program Files\Mozilla Firefox(2)
2008-07-18 20:28 . 2008-07-18 20:28 17,929,072 --a------ C:\Program Files\Install_Messenger.exe
2008-07-18 19:58 . 2008-07-18 19:58 1,495,112 --a------ C:\Program Files\install_flash_player.exe
2008-07-18 18:49 . 2008-07-18 18:49 2,110,314 --a------ C:\Program Files\aresregular209_installer.exe
2008-07-18 17:44 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-18 17:44 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-18 17:39 . 2008-07-19 15:45 <REP> d---s---- C:\Documents and Settings\moi\UserData
2008-07-18 17:39 . 2008-07-18 17:39 <REP> d-------- C:\Documents and Settings\moi\Incomplete
2008-07-18 17:39 . 2008-07-18 17:39 <REP> d-------- C:\Documents and Settings\moi\.javaws
2008-07-18 17:37 . 2008-07-18 17:37 <REP> d-------- C:\Program Files\WAVES
2008-07-18 17:36 . 2008-07-18 17:36 <REP> d-------- C:\WINDOWS\system32\RMBin
2008-07-18 17:36 . 2008-07-18 17:36 <REP> d-------- C:\Program Files\XnView
2008-07-18 17:36 . 2008-07-18 17:36 <REP> d-------- C:\Program Files\TotalAudioConverter
2008-07-18 17:36 . 2008-07-18 17:36 <REP> d-------- C:\Program Files\MSN Toolbar
2008-07-18 17:36 . 2008-07-18 17:36 <REP> d-------- C:\Program Files\AliveMedia
2008-07-18 17:35 . 2008-07-18 17:35 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2008-07-18 17:34 . 2008-07-18 17:39 <REP> d-------- C:\Documents and Settings\moi\Application Data\uTorrent
2008-07-18 08:50 . 2008-07-18 08:50 268 --ah----- C:\sqmdata03.sqm
2008-07-18 08:50 . 2008-07-18 08:50 244 --ah----- C:\sqmnoopt03.sqm
2008-07-17 22:40 . 2008-07-18 17:35 <REP> d-------- C:\Program Files\ESTsoft
2008-07-17 22:40 . 2008-07-18 17:35 <REP> d-------- C:\Documents and Settings\moi\Application Data\ESTsoft
2008-07-17 21:35 . 2008-07-17 21:35 3,596 --a------ C:\WINDOWS\system32\PerfStringBackup.TMP
2008-07-17 21:32 . 2008-07-18 17:35 <REP> d-------- C:\Program Files\mobiConnect
2008-07-17 21:15 . 2008-07-17 21:15 268 --ah----- C:\sqmdata02.sqm
2008-07-17 21:15 . 2008-07-17 21:15 244 --ah----- C:\sqmnoopt02.sqm
2008-07-17 19:43 . 2008-07-17 19:43 292 --ah----- C:\sqmdata01.sqm
2008-07-17 19:43 . 2008-07-17 19:43 244 --ah----- C:\sqmnoopt01.sqm
2008-07-17 19:38 . 2007-07-30 19:18 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-17 19:28 . 2008-07-17 19:28 268 --ah----- C:\sqmdata00.sqm
2008-07-17 19:28 . 2008-07-17 19:28 244 --ah----- C:\sqmnoopt00.sqm
2008-07-17 18:11 . 2008-07-18 17:36 <REP> d-------- C:\Program Files\Windows Live Toolbar
2008-07-17 18:08 . 2008-07-19 15:40 <REP> d-------- C:\Documents and Settings\moi\Contacts
2008-07-17 14:06 . 2008-07-18 17:36 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2008-07-17 14:06 . 2008-07-17 14:06 <REP> d-------- C:\Documents and Settings\All Users\Application Data\TERMINAL Studio
2008-07-17 12:46 . 2008-07-17 12:46 28 --a------ C:\WINDOWS\system32\'
2008-07-16 22:39 . 2008-07-18 18:49 <REP> d-------- C:\Program Files\Ares
2008-07-16 21:24 . 2008-07-16 21:24 <REP> d-------- C:\Program Files\Fichiers communs\Java
2008-07-16 16:59 . 2008-07-16 23:57 <REP> d-------- C:\Documents and Settings\moi\Incomplete(2)
2008-07-16 16:34 . 2008-07-18 17:37 <REP> d-------- C:\Documents and Settings\moi\UserData(2)
2008-07-16 16:19 . 2008-07-18 17:37 <REP> d----c--- C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-07-16 16:18 . 2008-07-18 17:37 <REP> d-------- C:\Program Files\Windows Live
2008-07-16 16:18 . 2008-07-17 18:00 <REP> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-16 13:37 . 2008-07-21 16:06 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-16 13:37 . 2008-07-21 15:56 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-16 10:06 . 2008-07-18 17:38 <REP> d-------- C:\Documents and Settings\Administrateur.S-C66FF174F88A4\Modèles
2008-07-16 10:06 . 2008-07-18 17:38 <REP> d---s---- C:\Documents and Settings\Administrateur.S-C66FF174F88A4
2008-07-16 00:10 . 2008-07-16 00:10 0 --a------ C:\WINDOWS\system32\27E.tmp
2008-07-15 22:47 . 2008-06-14 18:59 272,768 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-07-15 22:47 . 2008-06-14 18:59 272,768 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-07-15 20:36 . 2008-07-15 20:36 <REP> d-------- C:\WINDOWS\system32\LogFiles
2008-07-15 20:36 . 2008-07-15 20:37 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2008-07-15 19:58 . 2004-08-04 00:54 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-07-15 19:19 . 2008-07-15 19:19 <REP> d-------- C:\Documents and Settings\moi\Application Data\Yahoo!
2008-07-15 19:10 . 2008-07-15 19:10 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Yahoo!
2008-07-15 19:08 . 2008-07-15 19:11 <REP> d-------- C:\Program Files\Yahoo!
2008-07-15 17:33 . 2008-07-16 19:06 <REP> d-------- C:\Documents and Settings\moi\Shared
2008-07-15 17:33 . 2008-07-16 23:57 <REP> d-------- C:\Documents and Settings\moi\.limewire
2008-07-15 16:31 . 2008-07-15 16:31 1,116,533 --a------ C:\Program Files\PowerISO42.exe
2008-07-15 16:14 . 2008-07-17 12:27 <REP> d--h----- C:\WINDOWS\$hf_mig$
2008-07-15 14:39 . 2008-07-15 14:39 1,233,533 --a------ C:\Program Files\Winrar_3.80 Beta 2.exe
2008-07-15 13:45 . 2008-07-18 17:38 <REP> d-------- C:\Program Files\Sony Ericsson
2008-07-15 13:45 . 2008-07-18 20:31 <REP> d-------- C:\Program Files\MSN Messenger
2008-07-15 13:45 . 2008-07-15 13:45 <REP> d-------- C:\Program Files\Fichiers communs\Sony Ericsson Shared
2008-07-15 13:43 . 2008-07-15 13:43 9,192,136 --a------ C:\Program Files\INSTALL_MSN_MESSENGER_NT.EXE
2008-07-15 13:35 . 2008-07-15 13:35 <REP> d-------- C:\Program Files\Java Web Start
2008-07-15 13:35 . 2002-08-29 09:10 229,479 --a------ C:\WINDOWS\system32\jpicpl32.cpl
2008-07-15 13:34 . 2008-07-15 13:34 23,510,720 --a------ C:\Program Files\dotnetfx.exe
2008-07-15 13:18 . 2008-07-15 13:18 452,032 --a------ C:\Program Files\msgr8fr.exe
2008-07-15 12:46 . 2008-07-21 15:40 <REP> d-------- C:\Program Files\BitLord2
2008-07-15 12:44 . 2008-07-15 12:44 1,182,476 --a------ C:\Program Files\BitLord_2.0beta.exe
2008-07-14 18:17 . 2008-07-14 18:17 <REP> d-------- C:\Program Files\Alwil Software
2008-07-14 18:14 . 2008-07-14 19:41 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Teleca
2008-07-14 18:04 . 2008-07-14 18:04 <REP> d-------- C:\Program Files\SHOTS
2008-07-14 18:04 . 2008-07-14 18:04 <REP> d-------- C:\Program Files\HISCORES
2008-07-14 18:04 . 2008-07-14 18:04 <REP> d-------- C:\Program Files\avg antivirus
2008-07-14 12:42 . 2008-07-14 18:03 <REP> d-------- C:\Documents and Settings\moi\Mes images
2008-07-13 19:32 . 2008-07-14 18:04 <REP> d-------- C:\WINDOWS\$regcmp$
2008-07-08 16:48 . 2008-07-08 16:48 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-08 16:42 . 2008-07-14 18:13 <REP> d-------- C:\Documents and Settings\Administrateur\Modèles
2008-07-08 16:42 . 2008-07-14 18:13 <REP> d---s---- C:\Documents and Settings\Administrateur

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-20 20:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-18 20:22 --------- d-----w C:\Program Files\eChanblard
2008-07-18 18:29 913,408 ----a-w C:\WINDOWS\system32\xreglib.dll
2008-07-18 18:10 77,824 ----a-w C:\WINDOWS\system32\xcomm.dll
2008-07-18 18:00 --------- d-----w C:\Program Files\QuickTime
2008-07-18 17:48 --------- d-----w C:\Program Files\Winamp
2008-07-18 16:49 --------- d-----w C:\Program Files\DivX
2008-07-18 16:36 --------- d-----w C:\Program Files\TextAloud
2008-07-18 16:35 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-16 23:15 3,662 ----a-w C:\Program Files\LimeWIRE PRO v4[1].17.3 FULL CRACKED Edition + LimeWIRE Turbo Accelerator [2008] [mininova].torrent
2008-07-16 23:09 1,136 ----a-w C:\Program Files\ARES ULTRA V3[1].5.2.0 FULL RETAIL With New IDs.rar [mininova].torrent
2008-07-16 20:48 --------- d-----w C:\Program Files\Java
2008-07-16 19:11 --------- d-----w C:\Documents and Settings\moi\Application Data\HPAppData
2008-07-16 09:55 139,264 ----a-w C:\WINDOWS\system32\sndvol32.exe.tmp
2008-07-16 09:21 70,656 ----a-w C:\WINDOWS\system32\notepad.exe.tmp
2008-07-15 12:45 --------- d-----w C:\Program Files\Fichiers communs\Teleca Shared
2008-07-15 12:33 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-07-14 17:16 --------- d-----w C:\Program Files\Batch Video Converter
2008-07-14 17:04 --------- d-----w C:\Program Files\cd1
2008-07-14 17:03 --------- d-----w C:\Program Files\Fichiers communs\Ahead
2008-07-14 16:50 --------- d-----w C:\Program Files\Microsoft Works
2008-07-08 21:31 --------- d-----w C:\Documents and Settings\moi\Application Data\Faces
2008-07-04 09:55 23,023,044 ----a-w C:\Program Files\bitdefender_profesionnal plus v10+key (French).rar
2008-06-27 13:23 --------- d-----w C:\Program Files\logiciels
2008-06-22 17:00 --------- d-----w C:\Program Files\Registry Clean Expert
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dnsapi(2).dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-18 14:59 --------- d-----w C:\Documents and Settings\moi\Application Data\Ahead
2008-06-16 06:23 122 ----a-w C:\Delme.bat
2008-06-16 06:23 --------- d-----w C:\Program Files\Games
2008-06-15 15:26 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-15 15:20 --------- d-----w C:\Program Files\A-one 3GP Video Converter
2008-06-15 11:05 --------- d-----w C:\Program Files\Play Station2 PC
2008-06-15 11:00 --------- d-----w C:\Documents and Settings\moi\Application Data\DivX
2008-06-15 09:54 --------- d-----w C:\Program Files\converter
2008-06-09 10:52 --------- d-----w C:\Program Files\Faces
2008-06-05 16:00 --------- d-----w C:\Documents and Settings\moi\Application Data\vlc
2008-06-03 17:01 171,520 ----a-w C:\WINDOWS\system32\cncs32.dll
2008-06-02 16:06 --------- d-----w C:\Program Files\VideoLAN
2008-05-30 10:35 9,581,368 ----a-w C:\Program Files\winamp5531_full_emusic-7plus_fr-fr.exe
2008-05-07 05:15 1,293,824 ----a-w C:\WINDOWS\system32\quartz.dll
2007-11-08 10:47 480,712 ----a-w C:\Program Files\registry-defrag.exe
2007-09-22 13:45 23,769,896 ----a-w C:\Program Files\DivXInstaller.exe
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:54 15360]
"LightScribe Control Panel"="C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" [2007-04-19 12:26 484904]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe" [2007-05-04 09:39 149040]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-07-15 18:14 171448]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:55 5674352]
"Yahoo! Pager"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" [2007-08-30 17:43 4670704]
"ares"="C:\Program Files\Ares\Ares.exe" [2007-05-08 04:48 963072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"="C:\Program Files\HP\HP Software Update\HPWuSchd2.exe" [2007-03-11 20:34 49152]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe" [2007-05-04 09:59 161328]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2008-04-16 12:21 185896]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-04-16 14:36 155648]
"WinampAgent"="C:\Program Files\Winamp\winampa.exe" [2008-04-01 19:49 36352]
"PWRISOVM.EXE"="C:\Program Files\PowerISO\PWRISOVM.EXE" [2008-07-07 08:34 167936]
"PC Booster"="C:\Program Files\inKline Global\PC Booster\pcbooster.exe" [2008-04-09 12:05 14487552]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 10:25 6731312]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 14:28 266497]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2007-03-16 13:44 296544]
"VTTimer"="VTTimer.exe" [2005-03-07 20:33 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2006-07-10 19:33 176128 C:\WINDOWS\system32\VTTrayp.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-12-19 04:12 16062464 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 11:04 2879488 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 00:54 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2007-03-11 20:26:24 210520]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"NoDispSettingPage"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"C:\\Program Files\\eChanblard\\emule.exe"=
"C:\\Program Files\\BitLord2\\BitLord.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\BitLord\\BitLord.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"5000:TCP"= 5000:TCP:AresChatServer

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2006-10-17 13:22]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-03-29 18:31]
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-03-29 18:35]
S3 se46bus;Sony Ericsson Device 070 driver (WDM);C:\WINDOWS\system32\DRIVERS\se46bus.sys [2006-11-30 15:11]
S3 se46mdfl;Sony Ericsson Device 070 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\se46mdfl.sys [2006-11-30 14:11]
S3 se46mdm;Sony Ericsson Device 070 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\se46mdm.sys [2006-11-30 14:11]
S3 se46mgmt;Sony Ericsson Device 070 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\se46mgmt.sys [2006-11-30 14:11]
S3 se46nd5;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (NDIS);C:\WINDOWS\system32\DRIVERS\se46nd5.sys [2006-11-30 14:11]
S3 se46obex;Sony Ericsson Device 070 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\se46obex.sys [2006-11-30 14:11]
S3 se46unic;Sony Ericsson Device 070 USB Ethernet Emulation SEMC46 (WDM);C:\WINDOWS\system32\DRIVERS\se46unic.sys [2006-11-30 14:11]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5df3a79a-0803-11dd-99e9-001bb98b40a5}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{5df3a79b-0803-11dd-99e9-001bb98b40a5}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d09bdc27-057f-11dd-99e2-001bb98b40a5}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2e99d9e-3c77-11dd-9aa7-001bb98b40a5}]
\Shell\AutoRun\command - RavMon.exe
\Shell\explore\Command - RavMon.exe -e
\Shell\open\Command - RavMon.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e2e99d9f-3c77-11dd-9aa7-001bb98b40a5}]
\Shell\AutoRun\command - wscript.exe .\.vbs
\Shell\open\command - wscript.exe .\.vbs

*Newly Created Service* - CATCHME
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Fichiers communs\LightScribe\LSRunOnce.exe"
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
"2008-07-22 22:00:00 C:\WINDOWS\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job"
- C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
.
- - - - ORPHANS REMOVED - - - -

Toolbar-{D8FFA8AE-BBE8-4D3F-A249-64B2D03EEB25} - C:\WINDOWS\qndsfmao.dll
HKCU-Run-WhenUSave - C:\Program Files\Save\Save.exe
HKLM-Run-avast! - C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
HKLM-Run-2c06b89a - C:\WINDOWS\system32\aweuyjhm.dll
HKLM-Explorer_Run-S-C66FF174F88A4 - .vbe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://www.google.fr/
R0 -: HKCU-Main,Search Page = hxxp://www.google.com
R0 -: HKCU-Main,Search Bar = hxxp://www.google.com/ie
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O8 -: E&xporter vers Microsoft Excel - C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-22 23:21:32
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\sockspy.dll

PROCESS: C:\WINDOWS\system32\lsass.exe
-> C:\WINDOWS\system32\sockspy.dll
.
Temps d'accomplissement: 2008-07-22 23:24:27
ComboFix-quarantined-files.txt 2008-07-22 22:24:22

Pre-Run: 98,406,338,560 octets libres
Post-Run: 98,445,041,664 octets libres

319 --- E O F --- 2008-07-20 14:14:39
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 12
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
23 juil. 2008 à 00:47
---> Télécharge Toolbar-S&D (Team IDN) sur ton Bureau.
https://77b4795d-a-62cb3a1a-s-sites.googlegroups.com/site/eric71mespages/ToolBarSD.exe?attachauth=ANoY7cqJWPphpudyTqv7TRo5RQ3nm_Sx8JluVMO59X5E9cyE3j3LqKlmStIqiDqJdIgMJLi7MXn2nKVajQfoWuVvZZ2wIx_vkqO4k4P0K9jh-ra9jaKPXdZcoaVF2UqJZNH8ubL_42uIwh6f35xJ2GJMuzddVj2Qth1DgZ839lxEIFGkgWz3TdfvNMy-YtxfA3gqBUrj4U4LFeAPiWr3ClmjIP0t_Xs5PQ%3D%3D&attredirects=2

* Lance l'installation du programme en exécutant le fichier téléchargé.
* Double-clique maintenant sur le raccourci de Toolbar-S&D.
* Sélectionne la langue souhaitée en tapant la lettre de ton choix puis en validant avec la touche Entrée.
* Choisis maintenant l'option 1 (Recherche). Patiente jusqu'à la fin de la recherche.
* Poste le rapport généré. (C:\TB.txt)
0
Réponse 6 / 12
warda2 Messages postés 254 Date d'inscription mardi 8 juillet 2008 Statut Membre Dernière intervention 17 novembre 2009 4
23 juil. 2008 à 01:14
-----------\\ ToolBar S&D 1.0.6 XP/Vista

[ Windows XP (NT 5.1) Build 2600, Service Pack 2 ]
[ USER : moi ] [ "C:\Toolbar SD" ] [ Selection : 2 ]
[ 23/07/2008 | 0:07:09,39 ] [ PC : S-C66FF174F88A4 ]
[ MAJ : 18-07-2008 | 20:45 ]

-----------\\ Recherche de Fichiers / Dossiers ...


-----------\\ [..\Internet Explorer\Main]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Local Page"="C:\\WINDOWS\\system32\\blank.htm"
"Start Page"="https://www.google.fr/?gws_rd=ssl"
"Search Page"="https://www.google.com/?gws_rd=ssl"
"Search Bar"="http://www.google.com/toolbar/ie8/sidebar.html"

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="https://www.msn.com/fr-fr/?ocid=iehp"
"Default_Search_URL"="http://www.google.com/toolbar/ie8/sidebar.html"
"Search Page"="https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home"


-----------\\ Fin du rapport a 0:11:06,59
0
Réponse 7 / 12
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
23 juil. 2008 à 01:15
Poste un nouveau rapport HijackThis.
0
Réponse 8 / 12
warda2 Messages postés 254 Date d'inscription mardi 8 juillet 2008 Statut Membre Dernière intervention 17 novembre 2009 4
23 juil. 2008 à 01:16
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:16:21, on 23/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Winamp\winampa.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Ares\Ares.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\HP\Smart Web Printing\hpswp_clipbook.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Fichiers communs\Ahead\Lib\NMIndexStoreSvr.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files\HP\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: HP Print Clips - {053F9267-DC04-4294-A72C-58F732D338C0} - C:\Program Files\HP\Smart Web Printing\hpswp_framework.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Barre d'outils MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Toolbar\01.01.2607.0\fr\msntb.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [PWRISOVM.EXE] "C:\Program Files\PowerISO\PWRISOVM.EXE"
O4 - HKLM\..\Run: [PC Booster] "C:\Program Files\inKline Global\PC Booster\pcbooster.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] "C:\Program Files\Fichiers communs\LightScribe\LightScribeControlPanel.exe" -hidden
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" -quiet
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll (file missing)
O9 - Extra button: Livre de reliures HP - {58ECB495-38F0-49cb-A538-10282ABF65E7} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Sélection intelligente HP - {700259D7-1666-479a-93B1-3250410481E8} - C:\Program Files\HP\Smart Web Printing\hpswp_extensions.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe (file missing)
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - Softwin - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
0
Réponse 9 / 12
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
23 juil. 2008 à 01:21
Plus de trace d'infection.

Supprime Avast.

Mets à jour Internet Explorer :
https://support.microsoft.com/fr-fr/allproducts

Redémarre ton PC et poste un nouveau rapport HijackThis.
0
Réponse 10 / 12
warda2 Messages postés 254 Date d'inscription mardi 8 juillet 2008 Statut Membre Dernière intervention 17 novembre 2009 4
23 juil. 2008 à 01:28
salut
j'ai ouver le site que tu ma donné mais quand je clic sur internet explorer 7 sa marche pas la meme page réapparait
merci
0
Réponse 11 / 12
Destrio5 Messages postés 85985 Date d'inscription dimanche 11 juillet 2010 Statut Modérateur Dernière intervention 17 février 2023 10 295
23 juil. 2008 à 01:30
http://www.microsoft.com/downloads/details.aspx?FamilyId=9AE91EBE-3385-447C-8A30-081805B2F90B&displaylang=fr
0
Réponse 12 / 12
warda2 Messages postés 254 Date d'inscription mardi 8 juillet 2008 Statut Membre Dernière intervention 17 novembre 2009 4
23 juil. 2008 à 01:31
non sava sa marche j'ai oublié de cliqué sur séléctionner votre systeme
séolé et merci infiniment
beaux reves
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses