Sujet Précédent Sujet Suivant

TROJAN PAS GENTIL....

Fermé
lool2103 Messages postés 12 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 14 août 2008 - 14 août 2008 à 07:06
lool2103 Messages postés 12 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 14 août 2008 - 14 août 2008 à 14:23
bonjour.
toujours à la peine avec un trojan qui appairait a chaque fois que je lance IE ou Mozilla je demande un coup de main et remercie par avance celle ou celui qui saura me donner la solution.
voici le rapport de hi-jack this.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:02:44, on 13/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\PROGRA~1\SECURI~1\Av_Fw\backweb\6588780\Program\SERVIC~1.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
C:\Program Files\Securitoo\Av_Fw\backweb\6588780\program\fsbwsys.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE
C:\Program Files\Securitoo\Av_Fw\backweb\6588780\Program\fspex.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\ALCXMNTR.EXE
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsqh.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsrw.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe
C:\PROGRA~1\SECURI~1\Av_Fw\ANTI-S~1\fsaw.exe
C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguidll.exe
C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\Compaq_Propriétaire\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: EWPBrowseObject Class - {68F9551E-0411-48E4-9AAF-4BC42A6A46BE} - C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe"
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [ATIPTA] "C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe"
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [F-Secure Manager] "C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash
O4 - HKLM\..\Run: [F-Secure TNB] "C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW
O4 - HKLM\..\Run: [F-Secure Startup Wizard] "C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot
O4 - HKLM\..\Run: [News Service] "C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Startup: OpenOffice.org 2.4.lnk = C:\Program Files\OpenOffice.org 2.4\program\quickstart.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O4 - Global Startup: Securitoo.lnk = C:\Program Files\Securitoo\Av_Fw\backweb\6588780\Program\fspex.exe
O8 - Extra context menu item: &Bloquer cette fenêtre publicitaire - C:\Program Files\Securitoo\Av_Fw\Anti-Spyware\blockpopups.htm
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - https://onedrive.live.com/?id=favorites
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Toolband.dll/RC_Preview.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Protection Internet Explorer - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\Av_Fw\Anti-Spyware\ieshield.dll
O9 - Extra 'Tools' menuitem: Protection Internet Explorer... - {300DB664-75B5-47c0-8B45-A44ACCF73C00} - C:\Program Files\Securitoo\Av_Fw\Anti-Spyware\ieshield.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra 'Tools' menuitem: Aide à la connexion - {E2D4D26B-0180-43a4-B05F-462D6D54C789} - C:\WINDOWS\PCHEALTH\HELPCTR\Vendors\CN=Hewlett-Packard,L=Cupertino,S=Ca,C=US\IEButton\support.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} (CamImage Class) - http://81.252.41.97/activex/AxisCamControl.cab
O16 - DPF: {9D190AE6-C81E-4039-8061-978EBAD10073} (F-Secure Online Scanner 3.0) - https://www.f-secure.com/en/home/support
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab31267.cab
O16 - DPF: {C36112BF-2FA3-4694-8603-3B510EA3B465} (Lycos File Upload Component) - http://f005.mail.caramail.lycos.fr/app/uploader/FileUploader.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
O20 - AppInit_DLLs: 84.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Securitoo (BackWeb Plug-in - 6588780) - Securitoo Portal - C:\PROGRA~1\SECURI~1\Av_Fw\backweb\6588780\Program\SERVIC~1.EXE
O23 - Service: FSGKHS (F-Secure Gatekeeper Handler Starter) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
O23 - Service: fsbwsys - F-Secure Corp. - C:\Program Files\Securitoo\Av_Fw\backweb\6588780\program\fsbwsys.exe
O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
A voir également:

11 réponses

Réponse 1 / 11
Profil bloqué
14 août 2008 à 08:02
Bonjour,
coche ces cases :
- C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
- O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
- O4 - HKCU\..\Run: [L'Assistant DartyBox] C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
- O16 - DPF: {084DAC27-6FA3-4F55-9005-033F2F102F5C} (ITPPDiagIE Class) - http://data.jeuxclassiques.com/npwwg.cab
- O16 - DPF: {FD40EC41-D860-4579-8BA4-52671A45C71C} (AxHtChat Class) - http://images.goa.com/it/Woo2/fr/chat/nPaxChat.cab
et clique sur "fixe checked".
0
Réponse 2 / 11
Profil bloqué
14 août 2008 à 08:02
Télécharge bitdefender et fais une analyse et poste le rapport.
0
Réponse 3 / 11
Profil bloqué
14 août 2008 à 08:05
Securitoo n'est pas un bon antivirus.Il ne supprime pas la plupart des virus. Je te conseil bitdefender. Après il faut pas te plaindre qu'il y a plein de virus.
0
Réponse 4 / 11
Profil bloqué
14 août 2008 à 08:13
http://www.commentcamarche.net/telecharger/telecharger 34055042 trojan remover sur ce site télécharge le logiciel. Il supprime tous les trojans.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 11
toptitbal Messages postés 25709 Date d'inscription samedi 8 juillet 2006 Statut Contributeur sécurité Dernière intervention 4 mars 2010 2 232
14 août 2008 à 08:28
Bonjour

"coche ces cases :
- C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe"

??????????????????
0
Profil bloqué
14 août 2008 à 08:35
Oublie ça. Coche les autres cases.
0
Réponse 6 / 11
lool2103 Messages postés 12 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 14 août 2008
14 août 2008 à 12:40
voici le rapport de trojan remover

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.5.9, Build 2457. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 14/08/2008 12:38:28
Using Database v6759
Operating System: Windows XP Home Edition Service Pack 2 (Build 2600)
Using data directory: C:\Documents and Settings\Compaq_Propriétaire\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\Compaq_Propriétaire\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges


**************************************************
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

******************************
12:38:28: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

******************************
12:38:28: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

******************************
12:38:29: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

******************************
12:38:30: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = SunJavaUpdateSched
Value Data = C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe - this command has been left in place
--------------------
Value Name = hpsysdrv
Value Data = c:\windows\system\hpsysdrv.exe - this command has been left in place
--------------------
Value Name = ATIPTA
Value Data = C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe - this command has been left in place
--------------------
Value Name = Recguard
Value Data = C:\WINDOWS\SMINST\RECGUARD.EXE - this command has been left in place
--------------------
Value Name = HP Software Update
Value Data = C:\Program Files\HP\HP Software Update\HPwuSchd2.exe - this command has been left in place
--------------------
Value Name = TkBellExe
Value Data = C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot - this command has been left in place
--------------------
Value Name = Anti-Blaxx Manager
Value Data = C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe - this command has been left in place
--------------------
Value Name = NeroFilterCheck
Value Data = C:\WINDOWS\system32\NeroCheck.exe - this command has been left in place
--------------------
Value Name = MessengerPlus3
Value Data = C:\Program Files\MessengerPlus! 3\MsgPlus.exe - this command has been left in place
--------------------
Value Name = KBD
Value Data = C:\HP\KBD\KBD.EXE - this command has been left in place
--------------------
Value Name = ISUSPM Startup
Value Data = C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup - this command has been left in place
--------------------
Value Name = ISUSScheduler
Value Data = C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start - this command has been left in place
--------------------
Value Name = F-Secure Manager
Value Data = C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE" /splash - this command has been left in place
--------------------
Value Name = F-Secure TNB
Value Data = C:\Program Files\Securitoo\Av_Fw\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW - this command has been left in place
--------------------
Value Name = F-Secure Startup Wizard
Value Data = C:\Program Files\Securitoo\Av_Fw\FSGUI\FSSW.EXE" /reboot - this command has been left in place
--------------------
Value Name = News Service
Value Data = C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe - this command has been left in place
--------------------
Value Name = SSBkgdUpdate
Value Data = C:\Program Files\Fichiers communs\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot - this command has been left in place
--------------------
Value Name = OpwareSE4
Value Data = C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe - this command has been left in place
--------------------
Value Name = QuickTime Task
Value Data = C:\Program Files\QuickTime\qttask.exe" -atboottime - this command has been left in place
--------------------
Value Name = iTunesHelper
Value Data = C:\Program Files\iTunes\iTunesHelper.exe - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
Value Data = C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe - this command has been left in place
--------------------
Value Name = PowerBar
The Value Data for this entry appears to be blank
--------------------
Value Name = ctfmon.exe
Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
--------------------
Value Name = swg
Value Data = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - this command has been left in place
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty

******************************
12:38:32: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

******************************
12:38:32: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Registry Run Keys Hidden Entries found
----------

******************************
12:38:33: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

******************************
12:38:33: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
StubPath=C:\WINDOWS\system32\ieudinit.exe - this reference has been left in place
----------
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------

******************************
12:38:34: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this file is globally excluded (file cannot be found)
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this reference has been left in place
--------------------
Key=HTTPFilter
ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\system32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\system32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSN
ServiceDLL=C:\WINDOWS\system32\MsPMSNSv.dll - this reference has been left in place
--------------------
Key=wscsvc
ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\WINDOWS\system32\wuauserv.dll - this reference has been left in place
--------------------
Key=WudfSvc
ServiceDLL=%SystemRoot%\System32\WUDFSvc.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
--------------------
Key=xmlprov
ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place

******************************
12:38:41: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=a347bus
ImagePath=system32\DRIVERS\a347bus.sys - this reference has been left in place
----------
Key=a347scsi
ImagePath=System32\Drivers\a347scsi.sys - this reference has been left in place
----------
Key=aawservice
ImagePath="C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe" - this reference has been left in place
----------
Key=ACPI
ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=ALCXWDM
ImagePath=system32\drivers\ALCXWDM.SYS - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=AmdK8
ImagePath=system32\DRIVERS\AmdK8.sys - this reference has been left in place
----------
Key=AnyDVD
ImagePath=System32\Drivers\AnyDVD.sys - this reference has been left in place
----------
Key=Apple Mobile Device
ImagePath="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" - this reference has been left in place
----------
Key=Arp1394
ImagePath=system32\DRIVERS\arp1394.sys - this reference has been left in place
----------
Key=aspnet_state
ImagePath=%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - this reference has been left in place
----------
Key=AsyncMac
ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
C:\WINDOWS\system32\DRIVERS\atapi.sys appears to be in-use/locked - scanning skipped.
Key=atapi
ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Ati HotKey Poller
ImagePath=%SystemRoot%\system32\Ati2evxx.exe - this reference has been left in place
----------
Key=ati2mtag
ImagePath=system32\DRIVERS\ati2mtag.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=BackWeb Plug-in - 6588780
ImagePath=C:\PROGRA~1\SECURI~1\Av_Fw\backweb\6588780\Program\SERVIC~1.EXE - this reference has been left in place
----------
Key=CCDECODE
ImagePath=system32\DRIVERS\CCDECODE.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=CiSvc
ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=clr_optimization_v2.0.50727_32
ImagePath=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=Disk
ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=ElbyCDIO
ImagePath=System32\Drivers\ElbyCDIO.sys - this reference has been left in place
----------
Key=ElbyDelay
ImagePath=System32\Drivers\ElbyDelay.sys - this reference has been left in place
----------
Key=ElbyVCD
ImagePath=system32\DRIVERS\ElbyVCD.sys - this reference has been left in place [file not found to scan]
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=F-Secure Filter
ImagePath=\??\C:\Program Files\Securitoo\Av_Fw\Anti-Virus\Win2K\FSfilter.sys - this reference has been left in place
----------
Key=F-Secure Gatekeeper
ImagePath=\??\C:\Program Files\Securitoo\Av_Fw\Anti-Virus\Win2K\FSgk.sys - this reference has been left in place
----------
Key=F-Secure Gatekeeper Handler Starter
ImagePath="C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe" - this reference has been left in place
----------
Key=F-Secure Recognizer
ImagePath=\??\C:\Program Files\Securitoo\Av_Fw\Anti-Virus\Win2K\FSrec.sys - this reference has been left in place
----------
Key=Fax
ImagePath=%systemroot%\system32\fxssvc.exe - this reference has been left in place
----------
Key=Fdc
ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=Flpydisk
ImagePath=system32\DRIVERS\flpydisk.sys - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place
----------
Key=fsbwsys
ImagePath="C:\Program Files\Securitoo\Av_Fw\backweb\6588780\program\fsbwsys.exe" - this reference has been left in place
----------
Key=FSDFWD
ImagePath="C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe" - this reference has been left in place
----------
Key=FSFW
ImagePath=System32\drivers\fsdfw.sys - this reference has been left in place
----------
Key=FSMA
ImagePath="C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE" - this reference has been left in place
----------
Key=Ftdisk
ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=GEARAspiWDM
ImagePath=System32\Drivers\GEARAspiWDM.sys - this reference has been left in place
----------
Key=Gpc
ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=gusvc
ImagePath="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
----------
Key=HidUsb
ImagePath=system32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=HTTP
ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=IDriverT
ImagePath="C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" - this reference has been left in place
----------
Key=Imapi
ImagePath=system32\DRIVERS\imapi.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\system32\imapi.exe - this reference has been left in place
----------
Key=InCDFs
ImagePath=system32\drivers\InCDFs.sys - this reference has been left in place [file not found to scan]
----------
Key=InCDPass
ImagePath=system32\drivers\InCDPass.sys - this reference has been left in place [file not found to scan]
----------
Key=InCDRm
ImagePath=system32\drivers\InCDRm.sys - this reference has been left in place [file not found to scan]
----------
Key=IntelIde
ImagePath=system32\DRIVERS\intelide.sys - this reference has been left in place
----------
Key=intelppm
ImagePath=system32\DRIVERS\intelppm.sys - this reference has been left in place [file not found to scan]
----------
Key=Ip6Fw
ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=iPod Service
ImagePath="C:\Program Files\iPod\bin\iPodService.exe" - this reference has been left in place
----------
Key=IPSec
ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=Kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kbdhid
ImagePath=system32\DRIVERS\kbdhid.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=ltmodem5
ImagePath=system32\DRIVERS\ltmdmnt.sys - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place
----------
Key=mod7700
ImagePath=System32\Drivers\hcw95bda.sys - this reference has been left in place
----------
Key=MODRC
ImagePath=system32\DRIVERS\hcw95rc.sys - this reference has been left in place
----------
Key=Mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=system32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=MPE
ImagePath=system32\DRIVERS\MPE.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=MSTEE
ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
----------
Key=NABTSFEC
ImagePath=system32\DRIVERS\NABTSFEC.sys - this reference has been left in place
----------
Key=NdisIP
ImagePath=system32\DRIVERS\NdisIP.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=system32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NIC1394
ImagePath=system32\DRIVERS\nic1394.sys - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=system32\DRIVERS\nwlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=system32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
----------
Key=o1394bul
ImagePath=\??\C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\o1394bul.sys - this reference has been left in place [file not found to scan]
----------
Key=ohci1394
ImagePath=system32\DRIVERS\ohci1394.sys - this reference has been left in place
----------
Key=ose
ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" - this reference has been left in place
----------
Key=Parport
ImagePath=system32\DRIVERS\parport.sys - this reference has been left in place
----------
Key=PCI
ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=PCIIde
ImagePath=system32\DRIVERS\pciide.sys - this reference has been left in place
----------
Key=pcouffin
ImagePath=System32\Drivers\pcouffin.sys - this reference has been left in place
----------
Key=pfc
ImagePath=system32\drivers\pfc.sys - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=Processor
ImagePath=system32\DRIVERS\processr.sys - this reference has been left in place
----------
Key=prodrv06
ImagePath=\SystemRoot\System32\drivers\prodrv06.sys - this reference has been left in place
----------
Key=prohlp02
ImagePath=System32\drivers\prohlp02.sys - this reference has been left in place
----------
Key=prosync1
ImagePath=System32\drivers\prosync1.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=Ps2
ImagePath=system32\DRIVERS\PS2.sys - this reference has been left in place
----------
Key=PSched
ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=system32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=system32\DRIVERS\raspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=system32\DRIVERS\redbook.sys - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\system32\rsvp.exe - this reference has been left in place
----------
Key=RTL8023xp
ImagePath=system32\DRIVERS\Rtlnicxp.sys - this reference has been left in place
----------
Key=rtl8139
ImagePath=system32\DRIVERS\RTL8139.SYS - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=Secdrv
ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=sfdrv01
ImagePath=System32\drivers\sfdrv01.sys - this reference has been left in place
----------
Key=sfdrv01a
ImagePath=System32\drivers\sfdrv01a.sys - this reference has been left in place
----------
Key=sfhlp01
ImagePath=System32\drivers\sfhlp01.sys - this reference has been left in place
----------
Key=sfhlp02
ImagePath=System32\drivers\sfhlp02.sys - this reference has been left in place
----------
Key=sfsync02
ImagePath=System32\drivers\sfsync02.sys - this reference has been left in place
----------
Key=sfsync04
ImagePath=System32\drivers\sfsync04.sys - this reference has been left in place
----------
Key=sfvfs02
ImagePath=System32\drivers\sfvfs02.sys - this reference has been left in place
----------
Key=SLIP
ImagePath=system32\DRIVERS\SLIP.sys - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=sr
ImagePath=system32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=Srv
ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=sscdbus
ImagePath=system32\DRIVERS\sscdbus.sys - this reference has been left in place
----------
Key=sscdmdfl
ImagePath=system32\DRIVERS\sscdmdfl.sys - this reference has been left in place
----------
Key=sscdmdm
ImagePath=system32\DRIVERS\sscdmdm.sys - this reference has been left in place
----------
Key=streamip
ImagePath=system32\DRIVERS\StreamIP.sys - this reference has been left in place
----------
Key=swenum
ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{383FA16D-AF8F-4C60-B213-2B9363664871} - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=Tcpip
ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=UnlockerDriver5
ImagePath=\??\C:\Program Files\Unlocker\UnlockerDriver5.sys - this reference has been left in place
----------
Key=Update
ImagePath=system32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbccgp
ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbehci
ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbohci
ImagePath=system32\DRIVERS\usbohci.sys - this reference has been left in place
----------
Key=usbprint
ImagePath=system32\DRIVERS\usbprint.sys - this reference has been left in place
----------
Key=usbscan
ImagePath=system32\DRIVERS\usbscan.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usbuhci
ImagePath=system32\DRIVERS\usbuhci.sys - this reference has been left in place
----------
Key=usnjsvc
ImagePath="C:\Program Files\MSN Messenger\usnsvc.exe" - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=ViaIde
ImagePath=system32\DRIVERS\viaide.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=Wanarp
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place
----------
Key=WMPNetworkSvc
ImagePath="C:\Program Files\Windows Media Player\WMPNetwk.exe" - this reference has been left in place
----------
Key=WS2IFSL
ImagePath=\SystemRoot\System32\drivers\ws2ifsl.sys - this reference has been left in place
----------
Key=WSTCODEC
ImagePath=system32\DRIVERS\WSTCODEC.SYS - this reference has been left in place
----------
Key=WudfPf
ImagePath=system32\DRIVERS\WudfPf.sys - this reference has been left in place
----------
Key=WudfRd
ImagePath=system32\DRIVERS\wudfrd.sys - this reference has been left in place
----------

******************************
12:40:43: Scanning -----VXD ENTRIES-----
Checking VMM32 VxD files being loaded

******************************
12:40:43: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=AtiExtEvent
DLLName=Ati2evxx.dll - this reference has been left in place
----------
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=WgaLogon
DLLName=WgaLogon.dll - this reference has been left in place
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------

******************************
12:40:43: Scanning ----- CONTEXTMENUHANDLERS -----
Key = Fichiers hors connexion
CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
%SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = VIDEOTRANS
CLSID = {C8CA0A66-AF32-4D5E-879E-F0809ACEDC55}
C:\Program Files\MP3 Player Utilities 4.18\AMVConverter\AmvTransform.dll - this ContextMenuHandler has been left in place
----------
Key = {23814B80-52A2-11d0-BC1A-004095606CB9}
C:\Program Files\Securitoo\Av_Fw\Common\fpshx.dll - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll - this ContextMenuHandler has been left in place
----------

******************************
12:40:44: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {7D4D6379-F301-4311-BEBA-E26EB0561882}
C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll - this Folder\ColumnHandler has been left in place
----------
Key = {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
"C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll" - this Folder\ColumnHandler has been left in place
----------
Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
----------

******************************
12:40:45: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {02478D38-C3F9-4EFB-9B51-7695ECA05670}
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - this Browser Helper Object has been left in place
----------
Key = {53707962-6F74-2D53-2644-206D7942484F}
C:\PROGRA~1\SPYBOT~1\SDHelper.dll - this Browser Helper Object has been left in place
----------
Key = {68F9551E-0411-48E4-9AAF-4BC42A6A46BE}
C:\Program Files\Canon\Easy-WebPrint\EWPBrowseLoader.dll - this Browser Helper Object has been left in place
----------
Key = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll - this Browser Helper Object has been left in place
----------
Key = {9030D464-4C02-4ABF-8ECC-5164760863C6}
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - this Browser Helper Object has been left in place
----------
Key = {AA58ED58-01DD-4d91-8333-CF10577473F7}
c:\program files\google\googletoolbar2.dll - this Browser Helper Object has been left in place
----------
Key = {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll - this Browser Helper Object has been left in place
----------
Key = {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
C:\Program Files\Windows Live Toolbar\msntb.dll - this Browser Helper Object has been left in place
----------

******************************
12:40:46: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
C:\WINDOWS\system32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place
----------
Key = WPDShServiceObj
C:\WINDOWS\system32\WPDShServiceObj.dll - this ShellServiceObject has been left in place
----------

******************************
12:40:47: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment = Pré-chargeur Browseui
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------
Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment = Démon de cache des catégories de composant
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------

******************************
12:40:47: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

******************************
12:40:47: Scanning ----- APPINIT_DLLS -----
[AppInitDLLs entry = 84.dll]
The following AppInit_DLLs are loaded at boot-time:
84.dll - this entry has been left in place [file not found to scan]
----------

******************************
12:40:53: Scanning ------ USER STARTUP GROUPS ------
Checking Startup Group for All Users
[C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp]
No Startup files for All Users were located to check

******************************
12:40:53: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
desktop.ini - this file is expected and has been left in place
--------------------
Lancement rapide d'Adobe Reader.lnk - this links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe and has been left in place
--------------------
Outil de mise à jour Google.lnk - this links to C:\Program Files\Google\Google Updater\GoogleUpdater.exe and has been left in place
--------------------
Securitoo.lnk - this links to C:\Program Files\Securitoo\Av_Fw\backweb\6588780\Program\fspex.exe and has been left in place
--------------------

******************************
No User Startup Groups were located to check

******************************
12:40:53: Scanning ----- SCHEDULED TASKS -----

******************************
12:40:53: ----- EXTRA CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------

******************************
12:40:54: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\AxisCamControl.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\AxisCamControl.ocx - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Banksht2.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ca.pub - this file has been left in place
C:\WINDOWS\Downloaded Program Files\CamCli.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Chess.ocx - this file has been left in place
C:\WINDOWS\Downloaded Program Files\daas_s.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
C:\WINDOWS\Downloaded Program Files\dwusplay.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\dwusplay.exe - this file has been left in place
C:\WINDOWS\Downloaded Program Files\FileUploader.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\FileUploader.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\fsauc.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\fscax.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\fscax.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\gsda.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ijl11.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\isusweb.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\MessengerStatsPAClient.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\swflash.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\Zintro.ocx - this file has been left in place

******************************
12:40:57: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
--------------------
C:\PROGRA~1\SECURI~1\Av_Fw\backweb\6588780\Program\SERVIC~1.EXE
--------------------
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsgk32st.exe
--------------------
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\FSGK32.EXE
--------------------
C:\Program Files\Securitoo\Av_Fw\backweb\6588780\program\fsbwsys.exe
--------------------
C:\Program Files\Securitoo\Av_Fw\Common\FSMA32.EXE
--------------------
C:\Program Files\Securitoo\Av_Fw\backweb\6588780\Program\fspex.exe
--------------------
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fssm32.exe
--------------------
C:\Program Files\Securitoo\Av_Fw\Common\FSMB32.EXE
--------------------
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
--------------------
C:\Program Files\Securitoo\Av_Fw\Common\FCH32.EXE
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\Program Files\Securitoo\Av_Fw\Common\FAMEH32.EXE
--------------------
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsqh.exe
--------------------
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsrw.exe
--------------------
C:\Program Files\Securitoo\Av_Fw\FWES\Program\fsdfwd.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\Program Files\Java\jre1.6.0_04\bin\jusched.exe
--------------------
C:\windows\system\hpsysdrv.exe
--------------------
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
--------------------
C:\Program Files\HP\HP Software Update\HPwuSchd2.exe
--------------------
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
--------------------
C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
--------------------
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
--------------------
C:\HP\KBD\KBD.EXE
--------------------
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
--------------------
C:\Program Files\Securitoo\Av_Fw\Common\FSM32.EXE
--------------------
C:\Program Files\Securitoo\Av_Fw\FSGUI\ispnews.exe
--------------------
C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe
--------------------
C:\Program Files\Securitoo\Av_Fw\Anti-Virus\fsav32.exe
--------------------
C:\Program Files\iTunes\iTunesHelper.exe
--------------------
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe
--------------------
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
--------------------
C:\Program Files\OpenOffice.org 2.4\program\soffice.exe
--------------------
C:\Program Files\OpenOffice.org 2.4\program\soffice.BIN
--------------------
C:\Program Files\iPod\bin\iPodService.exe
--------------------
C:\PROGRA~1\SECURI~1\Av_Fw\ANTI-S~1\fsaw.exe
--------------------
C:\Program Files\Securitoo\Av_Fw\FSGUI\fsguidll.exe
--------------------
C:\PROGRA~1\MICROS~3\OFFICE11\OUTLOOK.EXE
--------------------
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
--------------------
C:\Documents and Settings\Compaq_Propriétaire\Application Data\Simply Super Software\Trojan Remover\tpj66.exe
FileSize: 1 782 336
[This is a Trojan Remover component]
--------------------

******************************
12:41:04: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

******************************
12:41:04: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

******************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.fr/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl

******************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 14/08/2008 12:41:04
************************************************************
0
Réponse 7 / 11
lool2103 Messages postés 12 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 14 août 2008
14 août 2008 à 12:43
j'ai coché les cases demandées sauf assistant darty box
le problème existe toujours
merci encore de l'interet porté à mon cas
0
toptitbal Messages postés 25709 Date d'inscription samedi 8 juillet 2006 Statut Contributeur sécurité Dernière intervention 4 mars 2010 2 232
14 août 2008 à 13:02
Bonjour

"j'ai coché les cases demandées...le problème existe toujours"

Oui, c'est logique.
Fixer des lignes sans supprimer les fichiers n'a jamais fait avancer le scmilblick
0
Réponse 8 / 11
lool2103 Messages postés 12 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 14 août 2008
14 août 2008 à 13:08
j'ai raté quelque chose?
désolé je ne suis pas trés doué en informatique
merci
0
Réponse 9 / 11
kraignos
14 août 2008 à 13:37
ton problème vient de l'installation de Messenger+ qui contient pas mal de vacheries

O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"


tente de le desinstaller a partir de ajout/suppression de programmes et attend qu'un pro des infections MSN prenne la main sur ton topic

(tu les reconnaitras a leur style très éloigné du SMS, leur orthographe dans les standards du marché et leurs modes opératoires bien goupillés)

pour répondre à ta question, non tu n'as pas mal fait ce que l'on t'a demandé, c'est juste que ce qui t'a été suggéré n'était pas approprié, fixer les lignes infectées dans Hijackthis ne supprime pas l'infection elle-même

attend une prise en charge par Marie, Geoffroy, SllD, shion-are, jacques.gaches, sKe69 (et j'en oublie, désolé)
0
Réponse 10 / 11
kraignos
14 août 2008 à 13:55
pour préciser, Messenger+ contient un trojan Lop qui ne s'installe que si l'on accepte le sponsor à l'installation

si tu as installé M+ sans le sponsor, alors ne tiens pas compte de ma remarque, si tu n'en sais rien, désinstalle totalement M+ pour plus de sécurité
0
Réponse 11 / 11
lool2103 Messages postés 12 Date d'inscription mercredi 13 août 2008 Statut Membre Dernière intervention 14 août 2008
14 août 2008 à 14:23
donc je doit patienter.
pour messenger voila un bail qu'il est installé et jamais eu de problème, mais je le répete je ne suis pas un pro.
en plus c'est mon ex-futur femme qui s'en sert (ça aussi c'est compliqué les femmes).
je te remerci
0

Discussions similaires

Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses
Aide pour un virus
cerise92700 -
MisteryBean -

41 réponses
Trojan impossible à supprimer!
Gridouu -
Malekal_morte- -

12 réponses
Virus : trojan:win32/wacatac.h!ml
Alky09 -
bazfile -

8 réponses
Comment éliminer manuellement virus trojan?
ballag -
RClog -

12 réponses