Pb virus srosa.sys et autres Résolu/Fermé

Question

Bonjour,

je suis assez novice en terme de suppression de virus...
Je vous explique mon problème.
A ce que j'ai lu dans les différents forums, j'aurais téléchargé un fichier emule infecté hier sur mon pc portable.

Depuis,avast ne se lance plus,mon pc est très lent et je ne peux plus me connecter à internet(Windows ne peut pas configurer cette connexion sans fil)

J'ai testé différents logiciels comme
elibagle : il m'a trouvé et supprimé deux bagle
Anti spyware....
Depuis j'arrive à lancer Avast et ccleaner même si avast ne se lance pas automatiquement à l'ouverture de mon pc.Mon pc est un peu plus rapide mais je ne peux toujours pas me connecter à internet.
J'ai donc installé et exécuté combofix qui me détecte divers problèmes mais je ne comprends pas tout.
J'ai lu qu'il ne fallait pas poster dès le premier post un rapport donc je ne le fais pas.
Quelqu'un pourrait-il m'aider s'il vous plait?
Je vous en serais très reconnaissant.
Merci d'avance
Cordialement
Vince

exanium · Answer

essaye Hijackthis et colle le log de l'analyse

InfernO.vir · Answer

Bonjour,

-Telecharges hijackthis--> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
-Clique sur le .exe pour le lancer
-Clique sur "Do a system scan and save a log file"
-Poste le rapport ds ta prochaine reponse.

vincolo · Answer

Bonjour et merci beaucoup d'avoir répondu aussi vite

voici le rapport demandé:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:59:17, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\3M\PSNotes2\Psn2.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Lenovo	vt_reg_monitor_svc.exe
C:\PROGRA~1\3M\PSNotes2\PSNGive.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler	vtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\acs.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
G:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.centre-valdeloire.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes2\Psn2.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxdd_device -   - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo	vt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler	vtsched.exe

InfernO.vir · Answer

Essaye un scan en ligne kaspersky :

-Ici pour scanner ta machine : https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

- /!\IMPORTANT/!\ --> http://www.vista-xp.fr/forum/topic109.html

Poste moi le rapport a la fin du scan, patience,il est long.

vincolo · Answer

Bonjour,
il m'est impossible d'effectuer un scan en ligne avec mon portable puisque depuis ces incidents je n'ai pas accès à mon wifi : il m'indique "Windows ne peut pas configurer cette connexion sans fil"
Voila ou j'en suis

exanium · Answer

comment tu fait pour nous parler???????????????????

vincolo · Answer

je suis connecté avec un autre pc en wifi aussi mais celui la n'est pas infecté!!!

InfernO.vir · Answer

Oops pardon mais ou as-tu telecharger hijackthis alors si tu na pas acces a internet?

vincolo · Answer

je l'ai télkéchargé sur le pc avec lequel je t'écris puis transféré avec une clé sur mon pc infecté
et je l'ai exécuté sur mon pc infecté

InfernO.vir · Answer

Exanium stp evite d'intervenir ici ds la desinfection,d'avance merci !

Je bloque 0.o mais bon je vais persister je ne te laisse pas tomber ^^ deja tu as 2 antivirus=conflits entre eux et moins de securité,il faudra virer avast car c'est vraiment ce que l'on fait de mieux en terme de passoire a a bestioles!

Utilisateur anonyme · Answer

Salut,

ceci va t interesser : https://forum.malekal.com/viewtopic.php?f=60&t=7382

exanium · Answer

dan quel chemin tu a installé les sims?????????????????

Utilisateur anonyme · Answer

si windows defender ne marche pas :

Démarrer >accesoire puis executer > tape : services.msc 

- double Clic sur le service cité - windows defender 


type de démarrge le mettre en automatique 
clic sur appliquer 
en haut a gauche clic sur demarrer le service 


idem pour prefeu windows

InfernO.vir · Answer

Merci chiquitine29,utile, d'ailleurs je vais m'assurer que bagle est bien absent

fait ce qui suit:

-Telecharges elibagla--> http://www.zonavirus.com/datos/descargas/95/elibagla.asp
-Enregistre le fichier sur ton bureau 
-Double-clique dessus pour l'ouvrir 
-Assure-toi que dans le menu déroulant Unidad, tu as bien C:\ 
-Vérifie également que Eliminar Ficheros Automaticamente est cochée 
-Clique sur le bouton Explorar pour lancer l'analyse 
-Poste le rapport situé dans C:\infosat.txt

InfernO.vir · Answer

Exanium,

/!\ STOP /!\; arretes de poser des question inutiles et egalement de poster ds ce sujet,tu gènes la victime.


Chiquitine29 merci pour ces infos utiles

Utilisateur anonyme · Answer

pour voir si bagle est present :


Telecharge FindB sur ton bureau 

---> http://sd-1.archive-host.com/membres/up/116615172019703188/FindB.rar


1) Dezippe l archive sur ton bureau

2) Double clic sur FindB

3) Post le rapport FindB.txt dans ton prochain message

note le rapport FindB.txt est sauvegardé a la racine du disque

Utilisateur anonyme · Answer

je vous laisse

@++

InfernO.vir · Answer

Chiquitine29,jlui ai deja donné la demarche pour bagle stp evite de reposter une demarche il va etre perdu apres ca,merci!

vincolo · Answer

Bon en tout cas merci 
pour l'instant c'est du boulot nickel:j'ai retrouvé la connexion à internet
par contre depuis ca:le pc va à deux à l'heure
j'ai pas encore pu lancer analyse bagle

InfernO.vir · Answer

Alors du nouveau,tu as dit que ca marchais mais qu'est-ce qui marche?

InfernO.vir · Answer

OK bon ton pc est lent alors refait moi un log hijackthis apres avoir fait l'analyse elibagla

vincolo · Answer

ok no problemo mais je pense que ca va etre long

InfernO.vir · Answer

Oui mais c'est pas grave laisse le faire touche le moins de chose possible pendant son scan

vincolo · Answer

bon je suis en pleine galère
le pc ne répondait plus donc j'ai été obligé de le redemarrer
j'ai bien attendu que tout les programmes s'exécutent au démarrage et j'ai double cliqué sur elibagla et depuis deux minutes strictement rien - plus de réponses....
je pense attendre un peu et le redémarrer mais désactiver le wifi avant d'ouvrir elibagla car j'ai l'impression que le wifi me pompe de la ressource
Qu'en penses tu?
Merci encore de ton aide

InfernO.vir · Answer

Essaye elibagla en mode sans echec sans prise en charge reseau

vincolo · Answer

Ca y est me voila
j'ai réussi en mode sans échec

elibagla:

	  Fri Aug 22 18:31:46 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

	  Fri Aug 22 18:31:50 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios:   5514
Nº Total de Ficheros:      58961
Nº de Ficheros Analizados: 12982
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:38:37, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
G:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.centre-valdeloire.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes2\Psn2.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxdd_device -   - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo	vt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler	vtsched.exe

vincolo · Answer

Excuse moi une autre question

dois je, tant que je suis en mode sans échec et que l'ordi fonctionne bien,supprimer l'un de mes deux antivirus
je supprime avast ou nod32???
Merci encore

InfernO.vir · Answer

Bon aucune trace de bagle!

Télécharge Combofix (de sUBs) sur ton Bureau. -->http://download.bleepingcomputer.com/sUBs/ComboFix.exe
 
Désactive temporairement toute protection résidente ! (Antivirus, antispywares..) 
Double clique combofix.exe. (Clique droit->Exécuter en tant qu'administrateur si sous Vista) 
Tape sur la touche 1 (Yes) pour démarrer le scan.  
Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.  
 
Le rapport se trouve ici : C:\Combofix.txt 
 
Renomme Combofix en Combo-Fix avant le téléchargement comme suit: 
https://forum.pcastuces.com/sujet.asp?f=25&s=37315

InfernO.vir · Answer

Pour l'antivirus on s'en chargera apres mais tu supprimera avast car c'est une passoire!

vincolo · Answer

Voici l'analyse réalisée avec Combofix en mode sans échec: ComboFix 08-08-21.02 - Administrateur 2008-08-22 18:56:40.6 - NTFSx86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1205 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\Combo-Fix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!/b/color . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\downld G:\InfoSat.txt . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-22 to 2008-08-22 )))))))))))))))))))))))))))))))))))) . 2008-08-22 16:04 . 2008-08-22 16:04 d-------- C:\Program Files\ESET 2008-08-22 16:04 . 2008-08-22 16:04 d----c--- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-22 13:17 . 2008-08-22 13:17 d----c--- C:\logs 2008-08-21 11:23 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-21 11:23 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-21 11:23 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-08-20 15:06 . 2008-08-20 15:06 d-------- C:\Program Files\Fichiers communs\Lenovo 2008-08-15 12:18 . 2008-08-15 12:18 d----c--- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic 2008-08-15 12:16 . 2008-08-15 12:16 d-------- C:\Program Files\Combined Community Codec Pack 2008-08-14 07:40 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-21 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-21 19:17 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-21 08:49 --------- d-----w C:\Program Files\eMule 2008-08-20 17:35 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\uTorrent 2008-08-20 13:06 --------- d-----w C:\Program Files\Lenovo 2008-08-18 13:33 --------- d-----w C:\Program Files\Lx_cats 2008-08-18 11:31 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\ZoomBrowser EX 2008-08-18 11:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\CameraWindowDC 2008-08-16 06:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-12 07:34 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\dvdcss 2008-07-25 21:54 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\BSplayer PRO 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-03 09:18 --------- d-----w C:\Program Files\Soulseek 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\GRETECH 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\GRETECH 2008-07-02 20:29 --------- d-----w C:\Program Files\GRETECH 2008-07-01 07:04 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys 2008-07-01 06:57 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2008-07-01 06:56 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys 2008-06-28 21:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-22 13:40 --------- d-----w C:\Program Files\Azureus 2008-06-22 13:39 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\Azureus 2008-06-22 13:34 --------- d-----w C:\Program Files\uTorrent 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-02-08 22:40 3,960,680 -c--a-w C:\Documents and Settings\Administrateur\TRACE_BOOT+DRIVERS_1_1.BIN 2007-03-31 14:06 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2007-03-29 14:01 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-08-21_23.43.22.01 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-22 14:05:15 10,134 ----a-r C:\WINDOWS\Installer\{6229EFBA-A122-490C-B660-A5409FA15A31}\callmsi.exe + 2008-08-22 14:05:15 136,448 ----a-r C:\WINDOWS\Installer\{6229EFBA-A122-490C-B660-A5409FA15A31}\egui.exe - 2008-04-13 19:16:41 64,706 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-08-22 16:34:41 64,372 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-04-13 19:16:41 78,354 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-08-22 16:34:41 77,916 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-04-13 19:16:41 409,566 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-08-22 16:34:41 409,232 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-04-13 19:16:41 477,728 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-08-22 16:34:41 477,072 ----a-w C:\WINDOWS\system32\perfh00C.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 18:20 380928] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-06-25 09:02 716808] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 14:33 271936] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 23:00 856064] "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19 94208] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 02:13 151552] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 10:47 131072] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 10:47 163840] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 10:46 135168] "TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 10:34 487424] "LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-23 00:05 102400] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 09:01 1447168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160] C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Post-it© Software Notes.lnk - C:\Program Files\3M\PSNotes2\Psn2.exe [2002-12-23 12:24:04 659456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify pfnf2] 2005-07-06 00:45 28672 C:\WINDOWS\system32 otifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify photkey] 2005-11-30 21:16 24576 C:\WINDOWS\system32 phklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "msacm.l3codec"= l3codecp.acm "msacm.divxa32"= msaud32_divx.acm "vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal ga.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk] path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray] --a------ 2006-12-25 11:34 409600 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon] --a------ 2006-12-25 11:29 110592 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] --a------ 2006-05-26 02:13 208896 C:\PROGRA~1\ThinkPad\UTILIT~1\BATLOGEX.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP] --a------ 2006-11-29 03:30 243248 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] --a------ 2004-08-06 03:10 442368 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a------ 2007-01-13 10:47 163840 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a------ 2007-01-13 10:46 135168 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2007-01-13 10:47 131072 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 10:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-02-14 15:16 512000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2006-02-14 15:17 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKBDLED] --a------ 2002-10-08 23:28 40960 C:\WINDOWS\system32\TpScrLk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX] --a------ 2005-10-17 02:11 65536 C:\WINDOWS\system32\TP4EX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks] --a------ 2006-12-25 22:15 181808 C:\WINDOWS\system32\TpShocks.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 "AntiVirusOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"= "C:\Program Files\Lexmark 2500 Series\App4R.exe"= "C:\WINDOWS\system32\lxddcoms.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18] R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2006-12-25 23:05] R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2006-12-25 23:03] R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 15:13] R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 15:13] S1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27] S1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys [2008-05-16 01:20] S1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 09:04] S1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\Drivers\IBMBLDID.sys [2006-01-13 01:33] S1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-26 02:13] S2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys [2008-05-16 01:16] S2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 01:59] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df0-cf27-11dc-bfe8-0014a4334df6}] \Shell\AutoRun\command - G: tde1ect.com \Shell\explore\Command - G: tde1ect.com \Shell\open\Command - G: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df2-cf27-11dc-bfe8-0014a4334df6}] \Shell\AutoRun\command - H: tde1ect.com \Shell\explore\Command - H: tde1ect.com \Shell\open\Command - H: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24c6baa3-c609-11dc-a9b3-0014a4334df6}] \Shell\AutoRun\command - ntde1ect.com \Shell\explore\Command - ntde1ect.com \Shell\open\Command - ntde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4855-ca71-11dc-8f62-0014a4334df6}] \Shell\AutoRun\command - I: tde1ect.com \Shell\explore\Command - I: tde1ect.com \Shell\open\Command - I: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4857-ca71-11dc-8f62-0014a4334df6}] \Shell\AutoRun\command - J: tde1ect.com \Shell\explore\Command - J: tde1ect.com \Shell\open\Command - J: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9caa018a-f680-11dc-824c-0014a4334df6}] \Shell\AutoRun\command - G:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6228a95-dbc1-11dc-8211-0014a4334df6}] \Shell\AutoRun\command - G:\ \Shell\explore\Command - RECYCLED\INFO.exe \Shell\open\Command - RECYCLED\INFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c7354b-dde7-11db-a670-0014a41d8fea}] \Shell\Auto\command - I:\sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da92fc4c-c9a5-11dc-814d-0014a4334df6}] \Shell\AutoRun\command - G: ideiect.com \Shell\explore\Command - G: ideiect.com \Shell\open\Command - G: ideiect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4c507aa-f296-11dc-8243-0014a4334df6}] \Shell\AutoRun\command - G:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db4077-e469-11dc-8225-ecac405be524}] \Shell\AutoRun\command - .\MigWiz\migsetup.exe *Newly Created Service* - MDMXSDK . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-22 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ff9lrx0z.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-22 18:58:03 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\RGI2.tmp Scan terminé avec succès Les fichiers cachés: 1 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32 phklock.dll . Temps d'accomplissement: 2008-08-22 18:59:20 ComboFix-quarantined-files.txt 2008-08-22 16:59:01 ComboFix2.txt 2008-08-22 13:52:54 ComboFix3.txt 2008-08-21 22:13:21 ComboFix4.txt 2008-08-21 22:06:18 ComboFix5.txt 2008-08-22 16:56:05 Pre-Run: 3,810,926,592 octets libres Post-Run: 3,795,419,136 octets libres 278 --- E O F --- 2008-08-16 06:46:02 Merci encore de m'aider

InfernO.vir · Answer

comment va l'ordi?

Utilisateur anonyme · Answer

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da92fc4c-c9a5-11dc-814d-0014a4334df6}] 
\Shell\AutoRun\command - G:
ideiect.com 
\Shell\explore\Command - G:
ideiect.com 
\Shell\open\Command - G:
ideiect.com 


ETC 


infection usb causé par bagle

vincolo · Answer

j'ai redémarré en mode normal et l'ordi a l'air de mieux tourner (plus rapide que précédemment)
comment puis-je m'assurer que tout est rentré dans l'ordre?
Merci encore

vincolo · Answer

rectification:il est quand même encore long à la détente en mode normal mais au moins je peux lancer des applications depuis mon bureau.
Faut-il que j'effectue un autre test maintenant que je dispose d'une connexion internet?
Etant donné que j'ai avst et nod 32 ,dois-je en supprimer un des 2?

Merci encore de votre aide

InfernO.vir · Answer

Fait un log hijackthis stp.

supprime avast via ajouts/suppression programmes ou sinon

https://www.avast.com/uninstall-utility

Tu me dit si tu as des problemes avec les instruction en anglais!

Utilisateur anonyme · Answer

Peux tu faire ceci stp :

Telecharge FindB :

- Fas un clic droit sur le lien, enregistrer sous .... sur le bureau 

---> http://sd-1.archive-host.com/membres/up/116615172019703188/FindB.exe


1) Double clic sur FindB

2) Post le rapport FindB.txt dans ton prochain message

note :  le rapport FindB.txt est sauvegardé a la racine du disque

InfernO.vir · Answer

Chiquitine elibagla na rien trouvé!

Utilisateur anonyme · Answer

je sais le scan prend 10 sec ....

InfernO.vir · Answer

aucune trace de bagle...elibagla n'a rien trouvé et combofix non plus donc a priori il n'est pas present....

Je ne suis pas sur du Fix que tu va lui faire utiliser

Utilisateur anonyme · Answer

Je ne suis pas sur du Fix que tu va lui faire utiliser

moi si rassure toi -;)

essai le si tu veux 

je vous laisse, bonne soirée a tous les 2

vincolo · Answer

Finddb


+- FindB mis a jours le  21/08/08 par Chiquitine29



+- Recherche de fichier bagle :




+- Recherche dans : C:\WINDOWS\Prefetch :


C:\WINDOWS\Prefetch\WINTEMS.EXE Absent 
C:\WINDOWS\Prefetch\MDELK.EXE Absent 
C:\WINDOWS\Prefetch\HLDRRR.EXE Absent 
C:\WINDOWS\Prefetch\FLEC006.EXE Absent 


+- Recherche dans : C:\WINDOWS\system32 :


C:\WINDOWS\system32\hldrrr.exe Absent 
C:\WINDOWS\system32\mdelk.exe Absent 
C:\WINDOWS\system32\wintems.exe Absent 
C:\WINDOWS\system32\ban_list.txt Absent 


+- Recherche dans : C:\WINDOWS\system32\drivers :


C:\WINDOWS\system32\drivers\mdelk.exe Absent 
C:\WINDOWS\system32\drivers\srosa.sys Absent 
C:\WINDOWS\system32\drivers\hldrrr.exe Absent 
C:\WINDOWS\system32\drivers\downld Présent!!


+- Recherche dans : C:\Documents and Settings\Administrateur\Application Data :




+- Registre :


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    WinPatrol	REG_SZ	C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    TPKMAPHELPER	REG_SZ	C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    TPHOTKEY	REG_SZ	C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    PWRMGRTR	REG_SZ	rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    GrooveMonitor	REG_SZ	"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    IgfxTray	REG_SZ	C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds	REG_SZ	C:\WINDOWS\system32\hkcmd.exe
    Persistence	REG_SZ	C:\WINDOWS\system32\igfxpers.exe
    TVT Scheduler Proxy	REG_SZ	C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    LXDDCATS	REG_SZ	rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
    egui	REG_SZ	"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    pdfSaver3	REG_SZ	"C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    SuperCopier2.exe	REG_SZ	C:\Program Files\SuperCopier2\SuperCopier2.exe
    DAEMON Tools Lite	REG_SZ	"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe

+- Recherche terminee !



+- Execute le : 22/08/2008 a 21:11:34,54


Sinon j'ai voulu essayer d'aller sur Internet en mode normal à partir du pc infécté et dès que je clique sur firefox plantage
j'ai donc redémarré en mode sans échec et je viens de réaliser l'analyse finddb

Je vais mainteannt supprimer avast

PAr contre c'est quoi un logHijack?

Merci encore

vincolo · Answer

ca y est avast est désinstallé en mode sans échec
je viens de redémarrer en mode normal

InfernO.vir · Answer

hijackthis: (excuse je croyais que tu avais deja fait un log hijack^^)

-Telecharges hijackthis--> http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe
-Clique sur le .exe et ensuite cliques sur "Do a system scan and save a logfile"
-Le bloc-notes va s'ouvrir avec comme contenu un rapport,et ce rapport poste le ds ta prochaine reponse

InfernO.vir · Answer

Bagle est encore present au vu du rapport!!

InfernO.vir · Answer

refais elibagla en mode ss echec sans protections residentes et sans rien toucher

vincolo · Answer

Voici le rapport obtenu en mode normal:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:22:27, on 22/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Lenovo	vt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler	vtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNotes2\Psn2.exe
C:\WINDOWS\System32\acs.exe
C:\PROGRA~1\3M\PSNotes2\PSNGive.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
G:\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.centre-valdeloire.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes2\Psn2.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxdd_device -   - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo	vt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler	vtsched.exe

vincolo · Answer

refais elibagla en mode ss echec sans protections residentes et sans rien toucher

Je viens de refaire elibagla en mode sans échec
Par contre je ne sais pas comment faire pour m'assurer qu'aucune protection résidente n'est active


Voici le rapport:

	  Fri Aug 22 20:51:59 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

	  Fri Aug 22 20:52:25 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad G:\

Nº Total de Directorios:   0
Nº Total de Ficheros:      8
Nº de Ficheros Analizados: 4
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

	  Fri Aug 22 20:52:39 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad G:\

Nº Total de Directorios:   0
Nº Total de Ficheros:      8
Nº de Ficheros Analizados: 4
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

	  Fri Aug 22 20:52:40 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad G:\

Nº Total de Directorios:   0
Nº Total de Ficheros:      8
Nº de Ficheros Analizados: 4
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

	  Fri Aug 22 21:28:00 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

	  Fri Aug 22 21:28:02 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios:   5509
Nº Total de Ficheros:      58712
Nº de Ficheros Analizados: 12869
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0

InfernO.vir · Answer

Il ne le trouve pas!

aucune protection= antivirus desactiver ansi qu'antispyware (exemple: spybot s&d)

tu as une clé usb? et apparemment l'infection serait ds ta clé

vincolo · Answer

oui j'ai une petite clé usb 32 mo qui me sert à transférer des fichiers téléchargés de mon pc non infecté à celui infecté.
Ca a pu passer le virus à mon pc "non infecté????"
Sinon ok elibagla était réalisé sans protections résidentes
Dois-je formaté la clé?

vincolo · Answer

je viens d'effectuer une analyse avec Malwarebytes
et il m'a détecté un dossier infecté
C\Windows\system32\drivers\downld (Trojan.agent) et il l'a mis en quarantaine et supprimé avec succès

Peux tu me dire ce que je dois faire maintenant?

Je n'ose plus utiliser la clé pour transférer de peur de contaminer mon autre pc

Merci encore de ta précieuse aide

InfernO.vir · Answer

Non MBAM la supprimer tu vien de dire mais fais ce que je tai di avec flashdisinfector!

InfernO.vir · Answer

-Telecharges ceci--> http://download178.mediafire.com/lnyej2kg3dlg/13nxwzblztv/Flash_Disinfector.exe
-Execute le et laisse toi guider! (insere ta clé pour fair ca)

dsl je croyai te l'avoir di (faut que jarrete la pelouse ^^)

vincolo · Answer

ca y est c'est fait
il m'a indiqué Finish=>Done
Que dois-je faire ensuite?

Merci d'avance

InfernO.vir · Answer

Ca devrait etre bon mais aucun rapport ni rien qui te precise si il a virer qqchose?

InfernO.vir · Answer

Bon bah alors je pense que ton pc est maintenant en etat de marche

vincolo · Answer

Sinon je viens de redémarrer mon pc infecté en mode normal et ca y est quand je clique sur firefox j'ai google qui s'ouvre dans la seconde suivante et il a l'air d'être plus rapide.
Tu penses que tout est rétabli????
Comment s'en assurer?

Merci encore de ton aide

vincolo · Answer

Peux tu me dire aussi comment assurer une protection efficace de mon pc?Quels logiciels faut-il?
Nod32 convient-il comme antivirus?

Merci encore

InfernO.vir · Answer

NOD32 est tres bien comme antivirus garde le
ensuite comme antispyware spybot s&d ou ad-aware
enfin comme parefeu zonealarm di moi si tu veut les liens pour les telechargers!

vincolo · Answer

Merci je veux bien que tu m'envoies les liens

Avant j'avais zone alarm mais je l'ai supprimé car je trouvais qu'il pompait trop de ressources.Ne trouve tu pas?

Donc en gros la solution efficace est : Nod32+SbyBot+ZoneAlarm?

vincolo · Answer

Désolé de revenir à la charge
Bon,bilan mon pc est beaucoup plus rapide qu'il y a quelques heures et je pense qu'on a déjà fait du ménage

Par pur acquis de conscience je viens quand même d'effectuer un MalwareBytes et il me détecte C:\Windows\system32\drivers\downld

alors je le supprime et il me dit qu'il l'efface avec succès mais manque de bol quand je redémarre et que je relance il redetecte le même trojan
Je ne sais pas comment faire pour qu'il disparaisse

InfernO.vir · Answer

disons que c'est une solution efficace mais pas la meilleure mais c'est tres bien comme ca! sinon en pare-feu tu a comodo!

Spybot--> 

http://download.betanews.com/download/1043809773-1/spybotsd-2.7.64.0.exe

-->Avec son tuto--> https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/

comodo--> https://www.malekal.com/tutorial-comodo-firewall/ <-- le lien de telechargement est sur la page

vincolo · Answer

Merci beaucoup pour les liens cool!!!

peux tu me répondre sur mon problème qui revient à chaque démarrage (présence du trojan downld) car j'ai l'impression que l'infection n'est pas finie

MErci encore

InfernO.vir · Answer

bonjour,

Non tu as raison c'est un reste a eliminer avec combofix laisse moi te preparer un ptit truc

vincolo · Answer

Bonjour à toi,

donc il faut que je refasse un combofix?

Merci encore pour toute ton aide

InfernO.vir · Answer

Oui stp repasse combofix comme tu la fait precedemment et normalement il detectera cette infection!

vincolo · Answer

Yes il l'a détecté mais comment m'assurer qu'il l'a réellement supprimé car à chaque démarrage il revient? ComboFix 08-08-21.02 - Administrateur 2008-08-23 10:09:00.7 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1012 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\Combo-Fix.exe * Resident AV is active [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\InfoSat.txt C:\WINDOWS\system32\drivers\downld G:\InfoSat.txt . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))))))) . 2008-08-22 23:50 . 2008-08-22 23:50 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-22 23:05 . 2008-08-22 23:08 d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-22 23:05 . 2008-08-22 23:32 d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-22 21:42 . 2008-08-22 21:42 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-22 21:42 . 2008-08-22 21:42 d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-22 21:42 . 2008-08-22 21:42 d----c--- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-08-22 21:42 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-22 21:42 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-22 21:11 . 2008-08-22 21:11 987 --a--c--- C:\FindB.txt) 2008-08-22 16:04 . 2008-08-22 16:04 d-------- C:\Program Files\ESET 2008-08-22 16:04 . 2008-08-22 16:04 d----c--- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-22 13:17 . 2008-08-22 13:17 d----c--- C:\logs 2008-08-21 11:23 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-21 11:23 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-21 11:23 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-08-20 15:06 . 2008-08-20 15:06 d-------- C:\Program Files\Fichiers communs\Lenovo 2008-08-15 12:18 . 2008-08-15 12:18 d----c--- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic 2008-08-14 07:40 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-21 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-21 19:17 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-21 08:49 --------- d-----w C:\Program Files\eMule 2008-08-20 17:35 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\uTorrent 2008-08-20 13:06 --------- d-----w C:\Program Files\Lenovo 2008-08-18 11:31 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\ZoomBrowser EX 2008-08-18 11:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\CameraWindowDC 2008-08-16 06:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-12 07:34 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\dvdcss 2008-07-25 21:54 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\BSplayer PRO 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-03 09:18 --------- d-----w C:\Program Files\Soulseek 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\GRETECH 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\GRETECH 2008-07-02 20:29 --------- d-----w C:\Program Files\GRETECH 2008-07-01 07:04 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys 2008-07-01 06:57 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2008-07-01 06:56 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys 2008-06-28 21:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-02-08 22:40 3,960,680 -c--a-w C:\Documents and Settings\Administrateur\TRACE_BOOT+DRIVERS_1_1.BIN 2007-03-31 14:06 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2007-03-29 14:01 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-08-21_23.43.22.01 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-22 14:05:15 10,134 ----a-r C:\WINDOWS\Installer\{6229EFBA-A122-490C-B660-A5409FA15A31}\callmsi.exe + 2008-08-22 14:05:15 136,448 ----a-r C:\WINDOWS\Installer\{6229EFBA-A122-490C-B660-A5409FA15A31}\egui.exe + 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll - 2008-04-13 19:16:41 64,706 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-08-22 17:09:30 64,706 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-04-13 19:16:41 78,354 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-08-22 17:09:30 78,354 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-04-13 19:16:41 409,566 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-08-22 17:09:30 409,566 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-04-13 19:16:41 477,728 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-08-22 17:09:30 477,728 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-08-23 07:53:47 16,384 ----atw C:\WINDOWS emp\Perflib_Perfdata_728.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 18:20 380928] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-06-25 09:02 716808] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 14:33 271936] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 23:00 856064] "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19 94208] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 02:13 151552] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 10:47 131072] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 10:47 163840] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 10:46 135168] "TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 10:34 487424] "LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-23 00:05 102400] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 09:01 1447168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160] C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Post-it© Software Notes.lnk - C:\Program Files\3M\PSNotes2\Psn2.exe [2002-12-23 12:24:04 659456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify pfnf2] 2005-07-06 00:45 28672 C:\WINDOWS\system32 otifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify photkey] 2005-11-30 21:16 24576 C:\WINDOWS\system32 phklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "msacm.l3codec"= l3codecp.acm "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal ga.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk] path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray] --a------ 2006-12-25 11:34 409600 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon] --a------ 2006-12-25 11:29 110592 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] --a------ 2006-05-26 02:13 208896 C:\PROGRA~1\ThinkPad\UTILIT~1\BATLOGEX.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP] --a------ 2006-11-29 03:30 243248 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] --a------ 2004-08-06 03:10 442368 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a------ 2007-01-13 10:47 163840 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a------ 2007-01-13 10:46 135168 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2007-01-13 10:47 131072 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 10:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-02-14 15:16 512000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2006-02-14 15:17 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKBDLED] --a------ 2002-10-08 23:28 40960 C:\WINDOWS\system32\TpScrLk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX] --a------ 2005-10-17 02:11 65536 C:\WINDOWS\system32\TP4EX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks] --a------ 2006-12-25 22:15 181808 C:\WINDOWS\system32\TpShocks.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"= "C:\Program Files\Lexmark 2500 Series\App4R.exe"= "C:\WINDOWS\system32\lxddcoms.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18] R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2006-12-25 23:05] R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2006-12-25 23:03] R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 15:13] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 09:04] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\Drivers\IBMBLDID.sys [2006-01-13 01:33] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-26 02:13] R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 01:59] R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 15:13] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df0-cf27-11dc-bfe8-0014a4334df6}] \Shell\AutoRun\command - G: tde1ect.com \Shell\explore\Command - G: tde1ect.com \Shell\open\Command - G: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df2-cf27-11dc-bfe8-0014a4334df6}] \Shell\AutoRun\command - H: tde1ect.com \Shell\explore\Command - H: tde1ect.com \Shell\open\Command - H: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24c6baa3-c609-11dc-a9b3-0014a4334df6}] \Shell\AutoRun\command - ntde1ect.com \Shell\explore\Command - ntde1ect.com \Shell\open\Command - ntde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4855-ca71-11dc-8f62-0014a4334df6}] \Shell\AutoRun\command - I: tde1ect.com \Shell\explore\Command - I: tde1ect.com \Shell\open\Command - I: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4857-ca71-11dc-8f62-0014a4334df6}] \Shell\AutoRun\command - J: tde1ect.com \Shell\explore\Command - J: tde1ect.com \Shell\open\Command - J: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9caa018a-f680-11dc-824c-0014a4334df6}] \Shell\AutoRun\command - G:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6228a95-dbc1-11dc-8211-0014a4334df6}] \Shell\AutoRun\command - G:\ \Shell\explore\Command - RECYCLED\INFO.exe \Shell\open\Command - RECYCLED\INFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c7354b-dde7-11db-a670-0014a41d8fea}] \Shell\Auto\command - I:\sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da92fc4c-c9a5-11dc-814d-0014a4334df6}] \Shell\AutoRun\command - G: ideiect.com \Shell\explore\Command - G: ideiect.com \Shell\open\Command - G: ideiect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4c507aa-f296-11dc-8243-0014a4334df6}] \Shell\AutoRun\command - G:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db4077-e469-11dc-8225-ecac405be524}] \Shell\AutoRun\command - .\MigWiz\migsetup.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ff9lrx0z.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 10:10:39 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32 phklock.dll . Temps d'accomplissement: 2008-08-23 10:11:41 ComboFix-quarantined-files.txt 2008-08-23 08:11:28 ComboFix2.txt 2008-08-22 16:59:21 ComboFix3.txt 2008-08-22 13:52:54 ComboFix4.txt 2008-08-21 22:13:21 ComboFix5.txt 2008-08-23 08:08:46 Pre-Run: 2,123,583,488 octets libres Post-Run: 2,108,133,376 octets libres 285 --- E O F --- 2008-08-16 06:46:02 Merci encore de ton aide

InfernO.vir · Answer

Bon alors la je coince =/ il ne reste plus que ca mais il ne veut pas etre supprimer,je suis a cours d'idee aarrgghh!

Il n'y a que ca qui pouvait le virer

vincolo · Answer

pour preuve je viens de redémarrer et de rééxécuter combofix et voici le rapport il m'a encore trouvé downld ComboFix 08-08-21.02 - Administrateur 2008-08-23 10:57:22.8 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1011 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\Combo-Fix.exe * Resident AV is active [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\downld . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))))))) . 2008-08-22 23:50 . 2008-08-22 23:50 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-22 23:05 . 2008-08-22 23:08 d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-22 23:05 . 2008-08-22 23:32 d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-22 21:42 . 2008-08-22 21:42 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-22 21:42 . 2008-08-22 21:42 d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-22 21:42 . 2008-08-22 21:42 d----c--- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-08-22 21:42 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-22 21:42 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-22 21:11 . 2008-08-22 21:11 987 --a--c--- C:\FindB.txt) 2008-08-22 16:04 . 2008-08-22 16:04 d-------- C:\Program Files\ESET 2008-08-22 16:04 . 2008-08-22 16:04 d----c--- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-22 13:17 . 2008-08-22 13:17 d----c--- C:\logs 2008-08-21 11:23 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-21 11:23 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-21 11:23 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-08-20 15:06 . 2008-08-20 15:06 d-------- C:\Program Files\Fichiers communs\Lenovo 2008-08-15 12:18 . 2008-08-15 12:18 d----c--- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic 2008-08-14 07:40 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-21 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-21 19:17 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-21 08:49 --------- d-----w C:\Program Files\eMule 2008-08-20 17:35 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\uTorrent 2008-08-20 13:06 --------- d-----w C:\Program Files\Lenovo 2008-08-18 11:31 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\ZoomBrowser EX 2008-08-18 11:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\CameraWindowDC 2008-08-16 06:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-12 07:34 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\dvdcss 2008-07-25 21:54 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\BSplayer PRO 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-03 09:18 --------- d-----w C:\Program Files\Soulseek 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\GRETECH 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\GRETECH 2008-07-02 20:29 --------- d-----w C:\Program Files\GRETECH 2008-07-01 07:04 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys 2008-07-01 06:57 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys 2008-07-01 06:56 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys 2008-06-28 21:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-02-08 22:40 3,960,680 -c--a-w C:\Documents and Settings\Administrateur\TRACE_BOOT+DRIVERS_1_1.BIN 2007-03-31 14:06 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2007-03-29 14:01 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-08-21_23.43.22.01 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-22 14:05:15 10,134 ----a-r C:\WINDOWS\Installer\{6229EFBA-A122-490C-B660-A5409FA15A31}\callmsi.exe + 2008-08-22 14:05:15 136,448 ----a-r C:\WINDOWS\Installer\{6229EFBA-A122-490C-B660-A5409FA15A31}\egui.exe + 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll + 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe + 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll - 2008-04-13 19:16:41 64,706 ----a-w C:\WINDOWS\system32\perfc009.dat + 2008-08-22 17:09:30 64,706 ----a-w C:\WINDOWS\system32\perfc009.dat - 2008-04-13 19:16:41 78,354 ----a-w C:\WINDOWS\system32\perfc00C.dat + 2008-08-22 17:09:30 78,354 ----a-w C:\WINDOWS\system32\perfc00C.dat - 2008-04-13 19:16:41 409,566 ----a-w C:\WINDOWS\system32\perfh009.dat + 2008-08-22 17:09:30 409,566 ----a-w C:\WINDOWS\system32\perfh009.dat - 2008-04-13 19:16:41 477,728 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-08-22 17:09:30 477,728 ----a-w C:\WINDOWS\system32\perfh00C.dat + 2008-08-23 08:53:45 16,384 ----atw C:\WINDOWS emp\Perflib_Perfdata_72c.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 18:20 380928] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-06-25 09:02 716808] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 14:33 271936] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 23:00 856064] "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19 94208] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 02:13 151552] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 10:47 131072] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 10:47 163840] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 10:46 135168] "TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 10:34 487424] "LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-23 00:05 102400] "egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 09:01 1447168] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160] C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Post-it© Software Notes.lnk - C:\Program Files\3M\PSNotes2\Psn2.exe [2002-12-23 12:24:04 659456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify pfnf2] 2005-07-06 00:45 28672 C:\WINDOWS\system32 otifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify photkey] 2005-11-30 21:16 24576 C:\WINDOWS\system32 phklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "msacm.l3codec"= l3codecp.acm "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal ga.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk] path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray] --a------ 2006-12-25 11:34 409600 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon] --a------ 2006-12-25 11:29 110592 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] --a------ 2006-05-26 02:13 208896 C:\PROGRA~1\ThinkPad\UTILIT~1\BATLOGEX.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP] --a------ 2006-11-29 03:30 243248 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] --a------ 2004-08-06 03:10 442368 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a------ 2007-01-13 10:47 163840 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a------ 2007-01-13 10:46 135168 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2007-01-13 10:47 131072 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 10:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-02-14 15:16 512000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2006-02-14 15:17 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKBDLED] --a------ 2002-10-08 23:28 40960 C:\WINDOWS\system32\TpScrLk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX] --a------ 2005-10-17 02:11 65536 C:\WINDOWS\system32\TP4EX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks] --a------ 2006-12-25 22:15 181808 C:\WINDOWS\system32\TpShocks.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"= "C:\Program Files\Lexmark 2500 Series\App4R.exe"= "C:\WINDOWS\system32\lxddcoms.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18] R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2006-12-25 23:05] R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2006-12-25 23:03] R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 15:13] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27] R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 09:04] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\Drivers\IBMBLDID.sys [2006-01-13 01:33] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-26 02:13] R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 01:59] R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 15:13] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df0-cf27-11dc-bfe8-0014a4334df6}] \Shell\AutoRun\command - G: tde1ect.com \Shell\explore\Command - G: tde1ect.com \Shell\open\Command - G: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df2-cf27-11dc-bfe8-0014a4334df6}] \Shell\AutoRun\command - H: tde1ect.com \Shell\explore\Command - H: tde1ect.com \Shell\open\Command - H: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24c6baa3-c609-11dc-a9b3-0014a4334df6}] \Shell\AutoRun\command - ntde1ect.com \Shell\explore\Command - ntde1ect.com \Shell\open\Command - ntde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4855-ca71-11dc-8f62-0014a4334df6}] \Shell\AutoRun\command - I: tde1ect.com \Shell\explore\Command - I: tde1ect.com \Shell\open\Command - I: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4857-ca71-11dc-8f62-0014a4334df6}] \Shell\AutoRun\command - J: tde1ect.com \Shell\explore\Command - J: tde1ect.com \Shell\open\Command - J: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9caa018a-f680-11dc-824c-0014a4334df6}] \Shell\AutoRun\command - G:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6228a95-dbc1-11dc-8211-0014a4334df6}] \Shell\AutoRun\command - G:\ \Shell\explore\Command - RECYCLED\INFO.exe \Shell\open\Command - RECYCLED\INFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c7354b-dde7-11db-a670-0014a41d8fea}] \Shell\Auto\command - I:\sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da92fc4c-c9a5-11dc-814d-0014a4334df6}] \Shell\AutoRun\command - G: ideiect.com \Shell\explore\Command - G: ideiect.com \Shell\open\Command - G: ideiect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4c507aa-f296-11dc-8243-0014a4334df6}] \Shell\AutoRun\command - G:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db4077-e469-11dc-8225-ecac405be524}] \Shell\AutoRun\command - .\MigWiz\migsetup.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ff9lrx0z.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 10:59:07 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32 phklock.dll . Temps d'accomplissement: 2008-08-23 11:00:23 ComboFix-quarantined-files.txt 2008-08-23 08:59:58 ComboFix2.txt 2008-08-23 08:11:42 ComboFix3.txt 2008-08-22 16:59:21 ComboFix4.txt 2008-08-22 13:52:54 ComboFix5.txt 2008-08-23 08:57:08 Pre-Run: 2,103,881,728 octets libres Post-Run: 2,081,673,216 octets libres 283 --- E O F --- 2008-08-16 06:46:02 Je ne sais pas comment faire pour le supprimer à jamais Quelqu'un aurait il une idée Merci d'avance

InfernO.vir · Answer

ALalal c'est un peu galere la essaye peut etre de voir sur google si tu trouves des choses sionon le pc ne vas pa trop mal?

vincolo · Answer

le pc va mieux
mais bon j'aimerais bien réussir à supprimer à jamais ce downld
je recherhce sur google mais je retombe sur les m^memes manip que tu m'as fait exécuter
Cela pourrait-il venir du fait qu'un programme infecté s'exécute à chaque démarrage et ramène donc ce downld????
J'aimerais arriver a supprimer ce dernier pb pour pouvoir enfin dire que mon pc est réparé!!!!

merci beaucoup pour ton aide

InfernO.vir · Answer

Ba oui j'aimerais egalement le supprimer!

Malwarebytes te le detecte mais essaye de me refaire un scan sans protections et en mode sans echec ce coup-ci envoi moi le rapport!

vincolo · Answer

voici l'analyse malware réalisée en mode sans échec:
incroyable en mode sans échec il ne détecte plus rien:

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 5.1.2600 Service Pack 2

11:38:38 23/08/2008
mbam-log-08-23-2008 (11-38-38).txt

Type de recherche: Examen rapide
Eléments examinés: 45307
Temps écoulé: 6 minute(s), 35 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


et finddb en mode sans échec aussi:


+- FindB mis a jours le  21/08/08 par Chiquitine29



+- Recherche de fichier bagle :




+- Recherche dans : C:\WINDOWS\Prefetch :


C:\WINDOWS\Prefetch\WINTEMS.EXE Absent 
C:\WINDOWS\Prefetch\MDELK.EXE Absent 
C:\WINDOWS\Prefetch\HLDRRR.EXE Absent 
C:\WINDOWS\Prefetch\FLEC006.EXE Absent 


+- Recherche dans : C:\WINDOWS\system32 :


C:\WINDOWS\system32\hldrrr.exe Absent 
C:\WINDOWS\system32\mdelk.exe Absent 
C:\WINDOWS\system32\wintems.exe Absent 
C:\WINDOWS\system32\ban_list.txt Absent 


+- Recherche dans : C:\WINDOWS\system32\drivers :


C:\WINDOWS\system32\drivers\mdelk.exe Absent 
C:\WINDOWS\system32\drivers\srosa.sys Absent 
C:\WINDOWS\system32\drivers\hldrrr.exe Absent 
C:\WINDOWS\system32\drivers\downld Absent 


+- Recherche dans : C:\Documents and Settings\Administrateur\Application Data :




+- Registre :


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    WinPatrol	REG_SZ	C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    TPKMAPHELPER	REG_SZ	C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    TPHOTKEY	REG_SZ	C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    PWRMGRTR	REG_SZ	rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    GrooveMonitor	REG_SZ	"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    IgfxTray	REG_SZ	C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds	REG_SZ	C:\WINDOWS\system32\hkcmd.exe
    Persistence	REG_SZ	C:\WINDOWS\system32\igfxpers.exe
    TVT Scheduler Proxy	REG_SZ	C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    LXDDCATS	REG_SZ	rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
    egui	REG_SZ	"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    pdfSaver3	REG_SZ	"C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    SuperCopier2.exe	REG_SZ	C:\Program Files\SuperCopier2\SuperCopier2.exe
    DAEMON Tools Lite	REG_SZ	"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe
    SpybotSD TeaTimer	REG_SZ	C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

+- Recherche terminee !



+- Execute le : 23/08/2008 a 11:38:56,32


Je ne comprends plus tout:j'ai rien en mode sans échec mais le virus apparait uniquement en mode normal.
Sais tu ce que je dois faire?

Merci encore

vincolo · Answer

Et voici les deux mêmes analyses réalisées en mode normal:

malware:
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 5.1.2600 Service Pack 2

11:50:10 23/08/2008
mbam-log-08-23-2008 (11-49-46).txt

Type de recherche: Examen rapide
Eléments examinés: 47143
Temps écoulé: 3 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Findb:

+- FindB mis a jours le  21/08/08 par Chiquitine29



+- Recherche de fichier bagle :




+- Recherche dans : C:\WINDOWS\Prefetch :


C:\WINDOWS\Prefetch\WINTEMS.EXE Absent 
C:\WINDOWS\Prefetch\MDELK.EXE Absent 
C:\WINDOWS\Prefetch\HLDRRR.EXE Absent 
C:\WINDOWS\Prefetch\FLEC006.EXE Absent 


+- Recherche dans : C:\WINDOWS\system32 :


C:\WINDOWS\system32\hldrrr.exe Absent 
C:\WINDOWS\system32\mdelk.exe Absent 
C:\WINDOWS\system32\wintems.exe Absent 
C:\WINDOWS\system32\ban_list.txt Absent 


+- Recherche dans : C:\WINDOWS\system32\drivers :


C:\WINDOWS\system32\drivers\mdelk.exe Absent 
C:\WINDOWS\system32\drivers\srosa.sys Absent 
C:\WINDOWS\system32\drivers\hldrrr.exe Absent 
C:\WINDOWS\system32\drivers\downld Présent!!


+- Recherche dans : C:\Documents and Settings\Administrateur\Application Data :




+- Registre :


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    WinPatrol	REG_SZ	C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    TPKMAPHELPER	REG_SZ	C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    TPHOTKEY	REG_SZ	C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    PWRMGRTR	REG_SZ	rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    GrooveMonitor	REG_SZ	"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    IgfxTray	REG_SZ	C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds	REG_SZ	C:\WINDOWS\system32\hkcmd.exe
    Persistence	REG_SZ	C:\WINDOWS\system32\igfxpers.exe
    TVT Scheduler Proxy	REG_SZ	C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    LXDDCATS	REG_SZ	rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
    egui	REG_SZ	"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    pdfSaver3	REG_SZ	"C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    SuperCopier2.exe	REG_SZ	C:\Program Files\SuperCopier2\SuperCopier2.exe
    DAEMON Tools Lite	REG_SZ	"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe
    SpybotSD TeaTimer	REG_SZ	C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

+- Recherche terminee !



+- Execute le : 23/08/2008 a 11:50:20,39


Voili
je ne sais pas trop comment interpréter cela
Y aurait-il un logiciel en mode normal qui exécuterait ce virus downld??????

Merci encore de ton aide

InfernO.vir · Answer

Nn c'est ok ton pc est clean,MBAM ne detecte rien et plus aucune presence de bagle au vu du rapport de FindB.

Voila si tu penses que ton pc est en bon eta de marche,met resolu stp!

As-tu des questions?


PS:c'est combofix qui le detecte mais ne tkt pas,un virus ne peut pas ne pas etre repere en mode sans echec!

InfernO.vir · Answer

Ah je navais pas vu le 2eme post!

je cherche ca la je vais miammiam ^^ a+ tard

vincolo · Answer

ce ki m'inkiete c'est le dernier message que je viens de t'envoyer:

mode sans échec : malware et finddb ne détectent rien

alors que là je viens de redémarrer en mode normal et malware et finddb me le détecte

Tu ne trouves pas ca bizarre.

Pour toi tout est résolu????Pourquoi alors doxnld apparaît en mode normal avec ces deux logiciels???
Excuse si je peux paraitre lours mais j'aimerais comprendre avant d'indiquer résolu

Merci

vincolo · Answer

Bon appétit
a + tard

InfernO.vir · Answer

Je te comprends pour la resolution du probleme j'ai posté juste avant que toi tu poste ce qui fait que je n'ai pas vu ton message!

-Telecharge ceci--> https://www.simplysup3.com/404.html
-Suis ce tutos et poste moi le rapport-->http://www.malekal.com/tutorial_TrojanRemover.php

vincolo · Answer

salut
je viens de lancer et il détecte rien mais je pense que ca peut venir de nod32
j'ai cliqué bouton droit sur nod ds la barre des taches et cliquer sur désactiver la protection antivirus et antispyware et pourtant quand je lance l'analyse avec trojanremover en mode normal il ne détecte rien mais me dit que Nod est encore actif

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 14:53:09 23 août 2008
Using Database v7109
Operating System:  Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System:       NTFS
Data directory:     C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory:  D:\Mes Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
ESET NOD32 Antivirus

************************************************************


************************************************************
14:53:09: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
14:53:09: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
14:53:09: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
14:53:09: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created:  29/05/2003
Modified: 13/06/2007
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinPatrol
Value Data: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
271936 bytes
Created:  19/04/2007
Modified: 19/04/2007
Company:  BillP Studios
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
856064 bytes
Created:  17/11/2006
Modified: 02/06/2006
Company:  Lenovo
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created:  25/07/2006
Modified: 02/10/2006
Company:  
--------------------
Value Name: PWRMGRTR
Value Data: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
151552 bytes
Created:  17/11/2006
Modified: 26/05/2006
Company:  Lenovo Group Limited
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
131072 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
163840 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
135168 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: TVT Scheduler Proxy
Value Data: C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
487424 bytes
Created:  04/03/2008
Modified: 04/03/2008
Company:  Lenovo Group Limited
--------------------
Value Name: LXDDCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll
102400 bytes
Created:  19/01/2008
Modified: 23/01/2007
Company:  Lexmark International, Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1447168 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created:  23/08/2008
Modified: 19/08/2008
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: pdfSaver3
Value Data: "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
380928 bytes
Created:  05/09/2004
Modified: 05/09/2004
Company:  Tracker Software Products Ltd.
--------------------
Value Name: SuperCopier2.exe
Value Data: C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
716808 bytes
Created:  07/07/2006
Modified: 25/06/2006
Company:  
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created:  01/04/2008
Modified: 01/04/2008
Company:  DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
14:53:11: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:      shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value:     Groove GFS Stub Execution Hook
File:      C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value:     Microsoft AntiMalware ShellExecuteHook
File:      C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created:  03/11/2006
Modified: 03/11/2006
Company:  Microsoft Corporation
----------

************************************************************
14:53:11: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
14:53:11: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
14:53:11: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
14:53:11: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key:  BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created:  17/11/2006
Modified: 20/08/2004
Company:  Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
14:53:12: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       AcPrfMgrSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
53248 bytes
Created:  17/11/2006
Modified: 25/12/2006
Company:  
----------
Key:       ACS
ImagePath: C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\acs.exe
36864 bytes
Created:  17/11/2006
Modified: 08/11/2005
Company:  
----------
Key:       AcSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
172032 bytes
Created:  17/11/2006
Modified: 25/12/2006
Company:  Lenovo
----------
Key:       aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
133200 bytes
Created:  17/11/2006
Modified: 17/05/2004
Company:  Andrea Electronics Corporation
----------
Key:       AegisP
ImagePath: System32\DRIVERS\AegisP.sys
C:\WINDOWS\System32\DRIVERS\AegisP.sys
21275 bytes
Created:  17/11/2006
Modified: 17/11/2006
Company:  Meetinghouse Data Communications
----------
Key:       ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created:  17/11/2006
Modified: 08/11/2005
Company:  IBM Corp.
----------
Key:       AR5211
ImagePath: System32\DRIVERS\ar5211.sys
C:\WINDOWS\System32\DRIVERS\ar5211.sys
471616 bytes
Created:  17/11/2006
Modified: 18/04/2006
Company:  Atheros Communications, Inc.
----------
Key:       b57w2k
ImagePath: System32\DRIVERS\b57xp32.sys
C:\WINDOWS\System32\DRIVERS\b57xp32.sys
152064 bytes
Created:  09/03/2006
Modified: 09/03/2006
Company:  Broadcom Corporation
----------
Key:       CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96370 bytes
Created:  31/01/2007
Modified: 31/01/2007
Company:  Canon Inc.
----------
Key:       Diskeeper
ImagePath: "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
C:\Program Files\Executive Software\Diskeeper\DkService.exe
606316 bytes
Created:  26/07/2005
Modified: 26/07/2005
Company:  Executive Software International, Inc.
----------
Key:       driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15352 bytes
Created:  02/12/2007
Modified: 02/12/2007
Company:  Ma-Config.com
----------
Key:       eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
39944 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
53256 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       EGATHDRV
ImagePath: \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
5120 bytes
Created:  19/03/2007
Modified: 25/02/2004
Company:  IBM Corporation
----------
Key:       EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
468224 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
34312 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  
----------
Key:       FolderSize
ImagePath: "C:\Program Files\FolderSize\FolderSizeSvc.exe"
C:\Program Files\FolderSize\FolderSizeSvc.exe
131072 bytes
Created:  14/11/2007
Modified: 14/11/2007
Company:  Brio
----------
Key:       gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created:  19/01/2008
Modified: 04/01/2007
Company:  Google
----------
Key:       HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
242304 bytes
Created:  17/11/2006
Modified: 18/10/2005
Company:  Conexant Systems, Inc.
----------
Key:       ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5672032 bytes
Created:  03/02/2008
Modified: 13/01/2007
Company:  Intel Corporation
----------
Key:       IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
21424 bytes
Created:  11/11/2005
Modified: 31/05/2007
Company:  Lenovo.
----------
Key:       IBMPMSVC
ImagePath: %SystemRoot%\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ibmpmsvc.exe
36400 bytes
Created:  11/11/2005
Modified: 31/05/2007
Company:  Lenovo
----------
Key:       IBMTPCHK
ImagePath: \??\C:\WINDOWS\System32\Drivers\IBMBLDID.sys
C:\WINDOWS\System32\Drivers\IBMBLDID.sys
6016 bytes
Created:  17/11/2006
Modified: 13/01/2006
Company:  
----------
Key:       IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created:  14/11/2005
Modified: 14/11/2005
Company:  Macrovision Corporation
----------
Key:       IKFileFlt
ImagePath: system32\drivers\ikfileflt.sys
C:\WINDOWS\system32\drivers\ikfileflt.sys
39248 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
52304 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       IkSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
59984 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
Key:       lxdd_device
ImagePath: C:\WINDOWS\system32\lxddcoms.exe -service
C:\WINDOWS\system32\lxddcoms.exe
537520 bytes
Created:  19/01/2008
Modified: 13/02/2007
Company:   
----------
Key:       MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created:  26/10/2006
Modified: 26/10/2006
Company:  Microsoft Corporation
----------
Key:       NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
382248 bytes
Created:  20/09/2007
Modified: 20/09/2007
Company:  Nero AG
----------
Key:       NSCIRDA
ImagePath: System32\DRIVERS
scirda.sys
C:\WINDOWS\System32\DRIVERS
scirda.sys
28672 bytes
Created:  17/11/2006
Modified: 04/08/2004
Company:  National Semiconductor Corporation
----------
Key:       odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
----------
Key:       ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created:  26/10/2006
Modified: 26/10/2006
Company:  Microsoft Corporation
----------
Key:       pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created:  19/01/2008
Modified: 19/01/2008
Company:  Padus, Inc.
----------
Key:       psadd
ImagePath: system32\DRIVERS\psadd.sys
C:\WINDOWS\system32\DRIVERS\psadd.sys
21376 bytes
Created:  18/01/2008
Modified: 19/02/2007
Company:  Lenovo (United States) Inc.
----------
Key:       Shockprf
ImagePath: System32\DRIVERS\Apsx86.sys
C:\WINDOWS\System32\DRIVERS\Apsx86.sys
100144 bytes
Created:  25/12/2006
Modified: 25/12/2006
Company:  Lenovo.
----------
Key:       Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created:  17/11/2006
Modified: 02/10/2006
Company:  Microsoft Corporation
----------
Key:       smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
260224 bytes
Created:  17/11/2006
Modified: 10/02/2005
Company:  Analog Devices, Inc.
----------
Key:       SolidWorks Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe"
C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
79360 bytes
Created:  07/03/2008
Modified: 07/03/2008
Company:  SolidWorks
----------
Key:       SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created:  17/11/2006
Modified: 20/09/2002
Company:  Analog Devices, Inc.
----------
Key:       sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key:       ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created:  19/01/2008
Modified: 30/08/2005
Company:  MCCI
----------
Key:       ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created:  19/01/2008
Modified: 30/08/2005
Company:  MCCI
----------
Key:       ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created:  19/01/2008
Modified: 30/08/2005
Company:  MCCI
----------
Key:       SUService
ImagePath: c:\program files\lenovo\system update\suservice.exe
c:\program files\lenovo\system update\suservice.exe
32768 bytes
Created:  16/05/2008
Modified: 16/05/2008
Company:  Lenovo Group Limited
----------
Key:       SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{80DC98F3-6751-434B-A813-D18D5EFD7A18}
C:\WINDOWS\System32\dllhost.exe 
5120 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
Key:       SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
177664 bytes
Created:  17/11/2006
Modified: 14/02/2006
Company:  Synaptics, Inc.
----------
Key:       TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9343 bytes
Created:  17/11/2006
Modified: 02/10/2006
Company:  
----------
Key:       ThinkVantage Registry Monitor Service
ImagePath: "C:\Program Files\Fichiers communs\Lenovo	vt_reg_monitor_svc.exe"
C:\Program Files\Fichiers communs\Lenovo	vt_reg_monitor_svc.exe
644408 bytes
Created:  26/09/2007
Modified: 26/09/2007
Company:  Lenovo Group Limited
----------
Key:       TPDIGIMN
ImagePath: System32\DRIVERS\ApsHM86.sys
C:\WINDOWS\System32\DRIVERS\ApsHM86.sys
19760 bytes
Created:  25/12/2006
Modified: 25/12/2006
Company:  Lenovo.
----------
Key:       TPHDEXLGSVC
ImagePath: System32\TPHDEXLG.exe
C:\WINDOWS\System32\TPHDEXLG.exe
37168 bytes
Created:  25/12/2006
Modified: 25/12/2006
Company:  Lenovo.
----------
Key:       TPInput
ImagePath: System32\DRIVERS\TPInput.sys
C:\WINDOWS\System32\DRIVERS\TPInput.sys
6528 bytes
Created:  17/11/2006
Modified: 26/09/2006
Company:  Lenovo, Ltd. and IBM Corporation.
----------
Key:       TpKmpSVC
ImagePath: C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpKmpSVC.exe
32768 bytes
Created:  17/11/2006
Modified: 06/06/2005
Company:  
----------
Key:       TPM
ImagePath: System32\DRIVERS	pm.sys
C:\WINDOWS\System32\DRIVERS	pm.sys
17792 bytes
Created:  09/10/2005
Modified: 09/10/2005
Company:  Winbond Electronics Corp.
----------
Key:       TPPWRIF
ImagePath: System32\drivers\Tppwrif.sys
C:\WINDOWS\System32\drivers\Tppwrif.sys
4442 bytes
Created:  17/11/2006
Modified: 26/05/2006
Company:  
----------
Key:       TSMAPIP
ImagePath: System32\drivers\TSMAPIP.SYS
C:\WINDOWS\System32\drivers\TSMAPIP.SYS
7168 bytes
Created:  17/11/2006
Modified: 10/01/2007
Company:  
----------
Key:       TVT Scheduler
ImagePath: "C:\Program Files\Fichiers communs\Lenovo\Scheduler	vtsched.exe"
C:\Program Files\Fichiers communs\Lenovo\Scheduler	vtsched.exe
1122304 bytes
Created:  04/03/2008
Modified: 04/03/2008
Company:  Lenovo Group Limited
----------
Key:       usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created:  18/10/2007
Modified: 18/10/2007
Company:  Microsoft Corporation
----------
Key:       WinDefend
ImagePath: "C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Program Files\Windows Defender\MsMpEng.exe
13592 bytes
Created:  03/11/2006
Modified: 03/11/2006
Company:  Microsoft Corporation
----------
Key:       WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created:  25/10/2007
Modified: 25/10/2007
Company:  Microsoft Corporation
----------

************************************************************
14:53:18: Scanning -----VXD ENTRIES-----

************************************************************
14:53:18: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key    : igfxcui
DLLName: igfxdev.dll
C:\WINDOWS\system32\igfxdev.dll
204800 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
----------
Key    : tpfnf2
DLLName: notifyf2.dll
C:\WINDOWS\system32
otifyf2.dll
28672 bytes
Created:  06/07/2005
Modified: 06/07/2005
Company:  
----------
Key    : tphotkey
DLLName: tphklock.dll
C:\WINDOWS\system32	phklock.dll
24576 bytes
Created:  30/11/2005
Modified: 30/11/2005
Company:  
----------

************************************************************
14:53:18: Scanning ----- CONTEXTMENUHANDLERS -----
Key:   Cover Designer
CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
Path:  C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
2106664 bytes
Created:  24/09/2007
Modified: 24/09/2007
Company:  Nero AG
----------
Key:   Eset Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path:  C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
169216 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:   ShellExtension
CLSID: [empty]
----------

************************************************************
14:53:18: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key:  {04DAAD08-70EF-450E-834A-DCFAF9B48748}
File: C:\Program Files\FolderSize\FolderSizeColumn.dll
C:\Program Files\FolderSize\FolderSizeColumn.dll
102400 bytes
Created:  14/11/2007
Modified: 14/11/2007
Company:  Brio
----------
Key:  {F9DB5320-233E-11D1-9F84-707F02C10627}
File: [CLSID does not appear to reference a file]

************************************************************
14:53:18: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {07A11D74-9D25-4fea-A833-8B0D76A5577A}
BHO: C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
-R- 70928 bytes
Created:  24/07/2007
Modified: 24/07/2007
Company:  Mindjet
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
1562448 bytes
Created:  22/08/2008
Modified: 07/07/2008
Company:  Safer Networking Limited
----------
Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
BHO: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - file already scanned
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created:  20/09/2007
Modified: 20/09/2007
Company:  Microsoft Corporation
----------
Key: {AC41D38F-B56D-40AD-94E0-B493D130C959}
BHO: C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
-R- 65536 bytes
Created:  14/12/2006
Modified: 14/12/2006
Company:  Mindjet
----------

************************************************************
14:53:19: Scanning ----- SHELLSERVICEOBJECTS -----
Key:   SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path:  %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
Key:   WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path:  C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created:  18/10/2006
Modified: 18/10/2006
Company:  Microsoft Corporation
----------

************************************************************
14:53:19: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
14:53:19: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
14:53:19: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

************************************************************
14:53:19: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [file not found to scan]
----------

************************************************************
14:53:19: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created:  17/11/2006
Modified: 17/11/2006
Company:  
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
14:53:19: Scanning ----- SCHEDULED TASKS -----
Taskname:      MP Scheduled Scan.job
File:          C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
293144 bytes
Created:  03/11/2006
Modified: 03/11/2006
Company:  Microsoft Corporation
Parameters:    Scan -RestrictPrivileges
Next Run Time: 24/08/2008 01:54:00
Status:        La tâche n'a pas encore été exécutée
Creator:       SYSTEM
Comments:      Scheduled Scan
----------
Taskname:      PMTask.job
File:          C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
20480 bytes
Created:  17/11/2006
Modified: 26/05/2006
Company:  
Parameters:    [blank]
Next Run Time: Never
Status:        La tâche n'a pas encore été exécutée
Creator:       Administrateur
Comments:      [blank]
----------

************************************************************
14:53:19: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
14:53:19: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
11614518 bytes
Created:  17/11/2006
Modified: 21/02/2008
Company:  
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
11614518 bytes
Created:  17/11/2006
Modified: 21/02/2008
Company:  
----------
Additional checks completed

************************************************************
14:53:20: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\ibmpmsvc.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\Program Files\Windows Defender\MsMpEng.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
--------------------
C:\Program Files\Executive Software\Diskeeper\DkService.exe
--------------------
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
--------------------
C:\Program Files\FolderSize\FolderSizeSvc.exe
--------------------
C:\WINDOWS\system32\lxddcoms.exe
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
--------------------
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\Program Files\Fichiers communs\Lenovo	vt_reg_monitor_svc.exe
--------------------
C:\WINDOWS\System32\TPHDEXLG.exe
--------------------
C:\WINDOWS\system32\TpKmpSVC.exe
--------------------
C:\Program Files\Fichiers communs\Lenovo\Scheduler	vtsched.exe
--------------------
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
--------------------
c:\program files\lenovo\system update\suservice.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\Program Files\Canon\CAL\CALMAIN.exe
--------------------
C:\WINDOWS\System32\wbem\wmiapsrv.exe
--------------------
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
--------------------
C:\WINDOWS\system32undll32.exe
--------------------
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
--------------------
C:\WINDOWS\system32\hkcmd.exe
--------------------
C:\WINDOWS\system32\igfxpers.exe
--------------------
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
--------------------
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
--------------------
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
--------------------
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
--------------------
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
--------------------
C:\Program Files\DAEMON Tools Lite\daemon.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe
--------------------
C:\Program Files\3M\PSNotes2\Psn2.exe
--------------------
C:\WINDOWS\System32\acs.exe
--------------------
C:\PROGRA~1\3M\PSNotes2\PSNGive.exe
--------------------
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
--------------------
C:\WINDOWS\system32\wscntfy.exe
--------------------
C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\jwb36.exe
FileSize:          2548288
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
14:53:22: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
14:53:22: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
14:53:22: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.centre-valdeloire.fr
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 14:53:22 23 août 2008
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 14:52:11 23 août 2008
Using Database v7109
Operating System:  Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System:       NTFS
Data directory:     C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory:  D:\Mes Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
ESET NOD32 Antivirus

************************************************************


************************************************************
14:52:11: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
14:52:11: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
14:52:11: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
14:52:11: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created:  29/05/2003
Modified: 13/06/2007
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinPatrol
Value Data: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
271936 bytes
Created:  19/04/2007
Modified: 19/04/2007
Company:  BillP Studios
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
856064 bytes
Created:  17/11/2006
Modified: 02/06/2006
Company:  Lenovo
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created:  25/07/2006
Modified: 02/10/2006
Company:  
--------------------
Value Name: PWRMGRTR
Value Data: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
151552 bytes
Created:  17/11/2006
Modified: 26/05/2006
Company:  Lenovo Group Limited
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
131072 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
163840 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
135168 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: TVT Scheduler Proxy
Value Data: C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
487424 bytes
Created:  04/03/2008
Modified: 04/03/2008
Company:  Lenovo Group Limited
--------------------
Value Name: LXDDCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll
102400 bytes
Created:  19/01/2008
Modified: 23/01/2007
Company:  Lexmark International, Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1447168 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created:  23/08/2008
Modified: 19/08/2008
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: pdfSaver3
Value Data: "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
380928 bytes
Created:  05/09/2004
Modified: 05/09/2004
Company:  Tracker Software Products Ltd.
--------------------
Value Name: SuperCopier2.exe
Value Data: C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
716808 bytes
Created:  07/07/2006
Modified: 25/06/2006
Company:  
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created:  01/04/2008
Modified: 01/04/2008
Company:  DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
14:52:12: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:      shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value:     Groove GFS Stub Execution Hook
File:      C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value:     Microsoft AntiMalware ShellExecuteHook
File:      C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created:  03/11/2006
Modified: 03/11/2006
Company:  Microsoft Corporation
----------

************************************************************
14:52:12: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
14:52:13: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
14:52:13: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
14:52:13: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key:  BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created:  17/11/2006
Modified: 20/08/2004
Company:  Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
14:52:13: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       AcPrfMgrSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
53248 bytes
Created:  17/11/2006
Modified: 25/12/2006
Company:  
----------
Key:       ACS
ImagePath: C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\acs.exe
36864 bytes
Created:  17/11/2006
Modified: 08/11/2005
Company:  
----------
Key:       AcSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
172032 bytes
Created:  17/11/2006
Modified: 25/12/2006
Company:  Lenovo
----------
Key:       aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
133200 bytes
Created:  17/11/2006
Modified: 17/05/2004
Company:  Andrea Electronics Corporation
----------
Key:       AegisP
ImagePath: System32\DRIVERS\AegisP.sys
C:\WINDOWS\System32\DRIVERS\AegisP.sys
21275 bytes
Created:  17/11/2006
Modified: 17/11/2006
Company:  Meetinghouse Data Communications
----------
Key:       ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created:  17/11/2006
Modified: 08/11/2005
Company:  IBM Corp.
----------
Key:       AR5211
ImagePath: System32\DRIVERS\ar5211.sys
C:\WINDOWS\System32\DRIVERS\ar5211.sys
471616 bytes
Created:  17/11/2006
Modified: 18/04/2006
Company:  Atheros Communications, Inc.
----------
Key:       b57w2k
ImagePath: System32\DRIVERS\b57xp32.sys
C:\WINDOWS\System32\DRIVERS\b57xp32.sys
152064 bytes
Created:  09/03/2006
Modified: 09/03/2006
Company:  Broadcom Corporation
----------
Key:       CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96370 bytes
Created:  31/01/2007
Modified: 31/01/2007
Company:  Canon Inc.
----------
Key:       Diskeeper
ImagePath: "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
C:\Program Files\Executive Software\Diskeeper\DkService.exe
606316 bytes
Created:  26/07/2005
Modified: 26/07/2005
Company:  Executive Software International, Inc.
----------
Key:       driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15352 bytes
Created:  02/12/2007
Modified: 02/12/2007
Company:  Ma-Config.com
----------
Key:       eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
39944 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
53256 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       EGATHDRV
ImagePath: \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
5120 bytes
Created:  19/03/2007
Modified: 25/02/2004
Company:  IBM Corporation
----------
Key:       EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
468224 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
34312 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  
----------
Key:       FolderSize
ImagePath: "C:\Program Files\FolderSize\FolderSizeSvc.exe"
C:\Program Files\FolderSize\FolderSizeSvc.exe
131072 bytes
Created:  14/11/2007
Modified: 14/11/2007
Company:  Brio
----------
Key:       gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created:  19/01/2008
Modified: 04/01/2007
Company:  Google
----------
Key:       HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
242304 bytes
Created:  17/11/2006
Modified: 18/10/2005
Company:  Conexant Systems, Inc.
----------
Key:       ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5672032 bytes
Created:  03/02/2008
Modified: 13/01/2007
Company:  Intel Corporation
----------
Key:       IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
21424 bytes
Created:  11/11/2005
Modified: 31/05/2007
Company:  Lenovo.
----------
Key:       IBMPMSVC
ImagePath: %SystemRoot%\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ibmpmsvc.exe
36400 bytes
Created:  11/11/2005
Modified: 31/05/2007
Company:  Lenovo
----------
Key:       IBMTPCHK
ImagePath: \??\C:\WINDOWS\System32\Drivers\IBMBLDID.sys
C:\WINDOWS\System32\Drivers\IBMBLDID.sys
6016 bytes
Created:  17/11/2006
Modified: 13/01/2006
Company:  
----------
Key:       IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created:  14/11/2005
Modified: 14/11/2005
Company:  Macrovision Corporation
----------
Key:       IKFileFlt
ImagePath: system32\drivers\ikfileflt.sys
C:\WINDOWS\system32\drivers\ikfileflt.sys
39248 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
52304 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       IkSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
59984 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
Key:       lxdd_device
ImagePath: C:\WINDOWS\system32\lxddcoms.exe -service
C:\WINDOWS\system32\lxddcoms.exe
537520 bytes
Created:  19/01/2008
Modified: 13/02/2007
Company:   
----------
Key:       MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created:  26/10/2006
Modified: 26/10/2006
Company:  Microsoft Corporation
----------
Key:       NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
382248 bytes
Created:  20/09/2007
Modified: 20/09/2007
Company:  Nero AG
----------
Key:       NSCIRDA
ImagePath: System32\DRIVERS
scirda.sys
C:\WINDOWS\System32\DRIVERS
scirda.sys
28672 bytes
Created:  17/11/2006
Modified: 04/08/2004
Company:  National Semiconductor Corporation
----------
Key:       odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
----------
Key:       ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created:  26/10/2006
Modified: 26/10/2006
Company:  Microsoft Corporation
----------
Key:       pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created:  19/01/2008
Modified: 1

vincolo · Answer

Et je ne sais pas comment désactiver totalement Nod32 en mode normal
merci de ton aide

InfernO.vir · Answer

Re,

-Fait un scan trojan remover mais en mode sans echec si tu peut

InfernO.vir · Answer

J'ai cherché un peu et on va essyaer autre chose pour virer ce downld

-Télécharge OTMoveIt (de Old_Timer) sur ton Bureau. 
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe 
-Double-clique sur OTMoveIt.exe pour le lancer. 
-Copie ce qui se trouve ci-dessous:

 C:\WINDOWS\system32\drivers\downld

-Colle cette ligne dans le cadre de gauche de OTMoveIt2 : Paste standard List of Files/Folders to be moved. 
-Clique sur MoveIt! pour lancer la suppression. 
-Le résultat apparaîtra dans le cadre Results. 
-Clique sur Exit pour fermer. 
-Poste le rapport situé dans C:\\_OTMoveIt\MovedFiles. 

il te sera peut-être demandé de redémarrer le pc pour achever la suppression. 
si c'est le cas accepte par Yes.

vincolo · Answer

trojan remover en mode sans échec:
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 15:55:46 23 août 2008
Using Database v7109
Operating System:  Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System:       NTFS
Data directory:     C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory:  D:\Mes Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
PC appears to be in SAFE MODE.

************************************************************


************************************************************
15:55:46: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
15:55:46: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
15:55:46: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
15:55:47: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created:  29/05/2003
Modified: 13/06/2007
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinPatrol
Value Data: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
271936 bytes
Created:  19/04/2007
Modified: 19/04/2007
Company:  BillP Studios
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
856064 bytes
Created:  17/11/2006
Modified: 02/06/2006
Company:  Lenovo
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created:  25/07/2006
Modified: 02/10/2006
Company:  
--------------------
Value Name: PWRMGRTR
Value Data: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
151552 bytes
Created:  17/11/2006
Modified: 26/05/2006
Company:  Lenovo Group Limited
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
131072 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
163840 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
135168 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: TVT Scheduler Proxy
Value Data: C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
487424 bytes
Created:  04/03/2008
Modified: 04/03/2008
Company:  Lenovo Group Limited
--------------------
Value Name: LXDDCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll
102400 bytes
Created:  19/01/2008
Modified: 23/01/2007
Company:  Lexmark International, Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1447168 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created:  23/08/2008
Modified: 19/08/2008
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: pdfSaver3
Value Data: "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
380928 bytes
Created:  05/09/2004
Modified: 05/09/2004
Company:  Tracker Software Products Ltd.
--------------------
Value Name: SuperCopier2.exe
Value Data: C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
716808 bytes
Created:  07/07/2006
Modified: 25/06/2006
Company:  
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created:  01/04/2008
Modified: 01/04/2008
Company:  DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
15:55:53: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:      shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value:     Groove GFS Stub Execution Hook
File:      C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value:     Microsoft AntiMalware ShellExecuteHook
File:      C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created:  03/11/2006
Modified: 03/11/2006
Company:  Microsoft Corporation
----------

************************************************************
15:55:53: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
15:55:54: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
15:55:54: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
15:55:54: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key:  BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created:  17/11/2006
Modified: 20/08/2004
Company:  Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
15:55:57: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       AcPrfMgrSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
53248 bytes
Created:  17/11/2006
Modified: 25/12/2006
Company:  
----------
Key:       ACS
ImagePath: C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\acs.exe
36864 bytes
Created:  17/11/2006
Modified: 08/11/2005
Company:  
----------
Key:       AcSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
172032 bytes
Created:  17/11/2006
Modified: 25/12/2006
Company:  Lenovo
----------
Key:       aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
133200 bytes
Created:  17/11/2006
Modified: 17/05/2004
Company:  Andrea Electronics Corporation
----------
Key:       AegisP
ImagePath: System32\DRIVERS\AegisP.sys
C:\WINDOWS\System32\DRIVERS\AegisP.sys
21275 bytes
Created:  17/11/2006
Modified: 17/11/2006
Company:  Meetinghouse Data Communications
----------
Key:       ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created:  17/11/2006
Modified: 08/11/2005
Company:  IBM Corp.
----------
Key:       AR5211
ImagePath: System32\DRIVERS\ar5211.sys
C:\WINDOWS\System32\DRIVERS\ar5211.sys
471616 bytes
Created:  17/11/2006
Modified: 18/04/2006
Company:  Atheros Communications, Inc.
----------
Key:       b57w2k
ImagePath: System32\DRIVERS\b57xp32.sys
C:\WINDOWS\System32\DRIVERS\b57xp32.sys
152064 bytes
Created:  09/03/2006
Modified: 09/03/2006
Company:  Broadcom Corporation
----------
Key:       CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96370 bytes
Created:  31/01/2007
Modified: 31/01/2007
Company:  Canon Inc.
----------
Key:       Diskeeper
ImagePath: "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
C:\Program Files\Executive Software\Diskeeper\DkService.exe
606316 bytes
Created:  26/07/2005
Modified: 26/07/2005
Company:  Executive Software International, Inc.
----------
Key:       driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15352 bytes
Created:  02/12/2007
Modified: 02/12/2007
Company:  Ma-Config.com
----------
Key:       eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
39944 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
53256 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       EGATHDRV
ImagePath: \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
5120 bytes
Created:  19/03/2007
Modified: 25/02/2004
Company:  IBM Corporation
----------
Key:       EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
468224 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
34312 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  
----------
Key:       FolderSize
ImagePath: "C:\Program Files\FolderSize\FolderSizeSvc.exe"
C:\Program Files\FolderSize\FolderSizeSvc.exe
131072 bytes
Created:  14/11/2007
Modified: 14/11/2007
Company:  Brio
----------
Key:       gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created:  19/01/2008
Modified: 04/01/2007
Company:  Google
----------
Key:       HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
242304 bytes
Created:  17/11/2006
Modified: 18/10/2005
Company:  Conexant Systems, Inc.
----------
Key:       ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5672032 bytes
Created:  03/02/2008
Modified: 13/01/2007
Company:  Intel Corporation
----------
Key:       IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
21424 bytes
Created:  11/11/2005
Modified: 31/05/2007
Company:  Lenovo.
----------
Key:       IBMPMSVC
ImagePath: %SystemRoot%\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ibmpmsvc.exe
36400 bytes
Created:  11/11/2005
Modified: 31/05/2007
Company:  Lenovo
----------
Key:       IBMTPCHK
ImagePath: \??\C:\WINDOWS\System32\Drivers\IBMBLDID.sys
C:\WINDOWS\System32\Drivers\IBMBLDID.sys
6016 bytes
Created:  17/11/2006
Modified: 13/01/2006
Company:  
----------
Key:       IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created:  14/11/2005
Modified: 14/11/2005
Company:  Macrovision Corporation
----------
Key:       IKFileFlt
ImagePath: system32\drivers\ikfileflt.sys
C:\WINDOWS\system32\drivers\ikfileflt.sys
39248 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
52304 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       IkSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
59984 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
Key:       lxdd_device
ImagePath: C:\WINDOWS\system32\lxddcoms.exe -service
C:\WINDOWS\system32\lxddcoms.exe
537520 bytes
Created:  19/01/2008
Modified: 13/02/2007
Company:   
----------
Key:       MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created:  26/10/2006
Modified: 26/10/2006
Company:  Microsoft Corporation
----------
Key:       NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
382248 bytes
Created:  20/09/2007
Modified: 20/09/2007
Company:  Nero AG
----------
Key:       NSCIRDA
ImagePath: System32\DRIVERS
scirda.sys
C:\WINDOWS\System32\DRIVERS
scirda.sys
28672 bytes
Created:  17/11/2006
Modified: 04/08/2004
Company:  National Semiconductor Corporation
----------
Key:       odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
----------
Key:       ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created:  26/10/2006
Modified: 26/10/2006
Company:  Microsoft Corporation
----------
Key:       pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created:  19/01/2008
Modified: 19/01/2008
Company:  Padus, Inc.
----------
Key:       psadd
ImagePath: system32\DRIVERS\psadd.sys
C:\WINDOWS\system32\DRIVERS\psadd.sys
21376 bytes
Created:  18/01/2008
Modified: 19/02/2007
Company:  Lenovo (United States) Inc.
----------
Key:       Shockprf
ImagePath: System32\DRIVERS\Apsx86.sys
C:\WINDOWS\System32\DRIVERS\Apsx86.sys
100144 bytes
Created:  25/12/2006
Modified: 25/12/2006
Company:  Lenovo.
----------
Key:       Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created:  17/11/2006
Modified: 02/10/2006
Company:  Microsoft Corporation
----------
Key:       smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
260224 bytes
Created:  17/11/2006
Modified: 10/02/2005
Company:  Analog Devices, Inc.
----------
Key:       SolidWorks Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe"
C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
79360 bytes
Created:  07/03/2008
Modified: 07/03/2008
Company:  SolidWorks
----------
Key:       SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created:  17/11/2006
Modified: 20/09/2002
Company:  Analog Devices, Inc.
----------
Key:       sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key:       ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created:  19/01/2008
Modified: 30/08/2005
Company:  MCCI
----------
Key:       ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created:  19/01/2008
Modified: 30/08/2005
Company:  MCCI
----------
Key:       ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created:  19/01/2008
Modified: 30/08/2005
Company:  MCCI
----------
Key:       SUService
ImagePath: c:\program files\lenovo\system update\suservice.exe
c:\program files\lenovo\system update\suservice.exe
32768 bytes
Created:  16/05/2008
Modified: 16/05/2008
Company:  Lenovo Group Limited
----------
Key:       SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{80DC98F3-6751-434B-A813-D18D5EFD7A18}
C:\WINDOWS\System32\dllhost.exe 
5120 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
Key:       SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
177664 bytes
Created:  17/11/2006
Modified: 14/02/2006
Company:  Synaptics, Inc.
----------
Key:       TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9343 bytes
Created:  17/11/2006
Modified: 02/10/2006
Company:  
----------
Key:       ThinkVantage Registry Monitor Service
ImagePath: "C:\Program Files\Fichiers communs\Lenovo	vt_reg_monitor_svc.exe"
C:\Program Files\Fichiers communs\Lenovo	vt_reg_monitor_svc.exe
644408 bytes
Created:  26/09/2007
Modified: 26/09/2007
Company:  Lenovo Group Limited
----------
Key:       TPDIGIMN
ImagePath: System32\DRIVERS\ApsHM86.sys
C:\WINDOWS\System32\DRIVERS\ApsHM86.sys
19760 bytes
Created:  25/12/2006
Modified: 25/12/2006
Company:  Lenovo.
----------
Key:       TPHDEXLGSVC
ImagePath: System32\TPHDEXLG.exe
C:\WINDOWS\System32\TPHDEXLG.exe
37168 bytes
Created:  25/12/2006
Modified: 25/12/2006
Company:  Lenovo.
----------
Key:       TPInput
ImagePath: System32\DRIVERS\TPInput.sys
C:\WINDOWS\System32\DRIVERS\TPInput.sys
6528 bytes
Created:  17/11/2006
Modified: 26/09/2006
Company:  Lenovo, Ltd. and IBM Corporation.
----------
Key:       TpKmpSVC
ImagePath: C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpKmpSVC.exe
32768 bytes
Created:  17/11/2006
Modified: 06/06/2005
Company:  
----------
Key:       TPM
ImagePath: System32\DRIVERS	pm.sys
C:\WINDOWS\System32\DRIVERS	pm.sys
17792 bytes
Created:  09/10/2005
Modified: 09/10/2005
Company:  Winbond Electronics Corp.
----------
Key:       TPPWRIF
ImagePath: System32\drivers\Tppwrif.sys
C:\WINDOWS\System32\drivers\Tppwrif.sys
4442 bytes
Created:  17/11/2006
Modified: 26/05/2006
Company:  
----------
Key:       TSMAPIP
ImagePath: System32\drivers\TSMAPIP.SYS
C:\WINDOWS\System32\drivers\TSMAPIP.SYS
7168 bytes
Created:  17/11/2006
Modified: 10/01/2007
Company:  
----------
Key:       TVT Scheduler
ImagePath: "C:\Program Files\Fichiers communs\Lenovo\Scheduler	vtsched.exe"
C:\Program Files\Fichiers communs\Lenovo\Scheduler	vtsched.exe
1122304 bytes
Created:  04/03/2008
Modified: 04/03/2008
Company:  Lenovo Group Limited
----------
Key:       usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created:  18/10/2007
Modified: 18/10/2007
Company:  Microsoft Corporation
----------
Key:       WinDefend
ImagePath: "C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Program Files\Windows Defender\MsMpEng.exe
13592 bytes
Created:  03/11/2006
Modified: 03/11/2006
Company:  Microsoft Corporation
----------
Key:       WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created:  25/10/2007
Modified: 25/10/2007
Company:  Microsoft Corporation
----------

************************************************************
15:56:13: Scanning -----VXD ENTRIES-----

************************************************************
15:56:13: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key    : igfxcui
DLLName: igfxdev.dll
C:\WINDOWS\system32\igfxdev.dll
204800 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
----------
Key    : tpfnf2
DLLName: notifyf2.dll
C:\WINDOWS\system32
otifyf2.dll
28672 bytes
Created:  06/07/2005
Modified: 06/07/2005
Company:  
----------
Key    : tphotkey
DLLName: tphklock.dll
C:\WINDOWS\system32	phklock.dll
24576 bytes
Created:  30/11/2005
Modified: 30/11/2005
Company:  
----------

************************************************************
15:56:13: Scanning ----- CONTEXTMENUHANDLERS -----
Key:   Cover Designer
CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
Path:  C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
2106664 bytes
Created:  24/09/2007
Modified: 24/09/2007
Company:  Nero AG
----------
Key:   Eset Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path:  C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
169216 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:   ShellExtension
CLSID: [empty]
----------

************************************************************
15:56:14: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key:  {04DAAD08-70EF-450E-834A-DCFAF9B48748}
File: C:\Program Files\FolderSize\FolderSizeColumn.dll
C:\Program Files\FolderSize\FolderSizeColumn.dll
102400 bytes
Created:  14/11/2007
Modified: 14/11/2007
Company:  Brio
----------
Key:  {F9DB5320-233E-11D1-9F84-707F02C10627}
File: [CLSID does not appear to reference a file]

************************************************************
15:56:14: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {07A11D74-9D25-4fea-A833-8B0D76A5577A}
BHO: C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
-R- 70928 bytes
Created:  24/07/2007
Modified: 24/07/2007
Company:  Mindjet
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
1562448 bytes
Created:  22/08/2008
Modified: 07/07/2008
Company:  Safer Networking Limited
----------
Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
BHO: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - file already scanned
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created:  20/09/2007
Modified: 20/09/2007
Company:  Microsoft Corporation
----------
Key: {AC41D38F-B56D-40AD-94E0-B493D130C959}
BHO: C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
-R- 65536 bytes
Created:  14/12/2006
Modified: 14/12/2006
Company:  Mindjet
----------

************************************************************
15:56:14: Scanning ----- SHELLSERVICEOBJECTS -----
Key:   SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path:  %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
Key:   WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path:  C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created:  18/10/2006
Modified: 18/10/2006
Company:  Microsoft Corporation
----------

************************************************************
15:56:15: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
15:56:15: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
15:56:15: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

************************************************************
15:56:15: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [file not found to scan]
----------

************************************************************
15:56:15: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created:  17/11/2006
Modified: 17/11/2006
Company:  
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
15:56:15: Scanning ----- SCHEDULED TASKS -----
Taskname:      MP Scheduled Scan.job
File:          C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
293144 bytes
Created:  03/11/2006
Modified: 03/11/2006
Company:  Microsoft Corporation
Parameters:    Scan -RestrictPrivileges
Next Run Time: 24/08/2008 01:54:00
Status:        La tâche n'a pas encore été exécutée
Creator:       SYSTEM
Comments:      Scheduled Scan
----------
Taskname:      PMTask.job
File:          C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
20480 bytes
Created:  17/11/2006
Modified: 26/05/2006
Company:  
Parameters:    [blank]
Next Run Time: Never
Status:        La tâche n'a pas encore été exécutée
Creator:       Administrateur
Comments:      [blank]
----------

************************************************************
15:56:15: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
15:56:15: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
11614518 bytes
Created:  17/11/2006
Modified: 21/02/2008
Company:  
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
11614518 bytes
Created:  17/11/2006
Modified: 21/02/2008
Company:  
----------
Additional checks completed

************************************************************
15:56:16: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\oek1.exe
FileSize:          2548288
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
15:56:18: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
15:56:18: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
15:56:18: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.centre-valdeloire.fr
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 15:56:18 23 août 2008
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 14:59:24 23 août 2008
Using Database v7109
Operating System:  Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System:       NTFS
Data directory:     C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory:  D:\Mes Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
ESET NOD32 Antivirus

************************************************************


************************************************************
14:59:24: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
14:59:24: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
14:59:24: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
14:59:25: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created:  29/05/2003
Modified: 13/06/2007
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinPatrol
Value Data: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
271936 bytes
Created:  19/04/2007
Modified: 19/04/2007
Company:  BillP Studios
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
856064 bytes
Created:  17/11/2006
Modified: 02/06/2006
Company:  Lenovo
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created:  25/07/2006
Modified: 02/10/2006
Company:  
--------------------
Value Name: PWRMGRTR
Value Data: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
151552 bytes
Created:  17/11/2006
Modified: 26/05/2006
Company:  Lenovo Group Limited
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
131072 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
163840 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
135168 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: TVT Scheduler Proxy
Value Data: C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
487424 bytes
Created:  04/03/2008
Modified: 04/03/2008
Company:  Lenovo Group Limited
--------------------
Value Name: LXDDCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll
102400 bytes
Created:  19/01/2008
Modified: 23/01/2007
Company:  Lexmark International, Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1447168 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created:  23/08/2008
Modified: 19/08/2008
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: pdfSaver3
Value Data: "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
380928 bytes
Created:  05/09/2004
Modified: 05/09/2004
Company:  Tracker Software Products Ltd.
--------------------
Value Name: SuperCopier2.exe
Value Data: C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
716808 bytes
Created:  07/07/2006
Modified: 25/06/2006
Company:  
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created:  01/04/2008
Modified: 01/04/2008
Company:  DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
14:59:26: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:      shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value:     Groove GFS Stub Execution Hook
File:      C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value:     Microsoft AntiMalware ShellExecuteHook
File:      C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created:  03/11/2006
Modified: 03/11/2006
Company:  Microsoft Corporation
----------

************************************************************
14:59:26: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
14:59:27: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
14:59:27: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
14:59:27: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key:  BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created:  17/11/2006
Modified: 20/08/2004
Company:  Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
14:59:27: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       AcPrfMgrSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
53248 bytes
Created:  17/11/2006
Modified: 25/12/2006
Company:  
----------
Key:       ACS
ImagePath: C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\acs.exe
36864 bytes
Created:  17/11/2006
Modified: 08/11/2005
Company:  
----------
Key:       AcSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
172032 bytes
Created:  17/11/2006
Modified: 25/12/2006
Company:  Lenovo
----------
Key:       aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
133200 bytes
Created:  17/11/2006
Modified: 17/05/2004
Company:  Andrea Electronics Corporation
----------
Key:       AegisP
ImagePath: System32\DRIVERS\AegisP.sys
C:\WINDOWS\System32\DRIVERS\AegisP.sys
21275 bytes
Created:  17/11/2006
Modified: 17/11/2006
Company:  Meetinghouse Data Communications
----------
Key:       ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created:  17/11/2006
Modified: 08/11/2005
Company:  IBM Corp.
----------
Key:       AR5211
ImagePath: System32\DRIVERS\ar5211.sys
C:\WINDOWS\System32\DRIVERS\ar5211.sys
471616 bytes
Created:  17/11/2006
Modified: 18/04/2006
Company:  Atheros Communications, Inc.
----------
Key:       b57w2k
ImagePath: System32\DRIVERS\b57xp32.sys
C:\WINDOWS\System32\DRIVERS\b57xp32.sys
152064 bytes
Created:  09/03/2006
Modified: 09/03/2006
Company:  Broadcom Corporation
----------
Key:       CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96370 bytes
Created:  31/01/2007
Modified: 31/01/2007
Company:  Canon Inc.
----------
Key:       Diskeeper
ImagePath: "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
C:\Program Files\Executive Software\Diskeeper\DkService.exe
606316 bytes
Created:  26/07/2005
Modified: 26/07/2005
Company:  Executive Software International, Inc.
----------
Key:       driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15352 bytes
Created:  02/12/2007
Modified: 02/12/2007
Company:  Ma-Config.com
----------
Key:       eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
39944 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
53256 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       EGATHDRV
ImagePath: \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
5120 bytes
Created:  19/03/2007
Modified: 25/02/2004
Company:  IBM Corporation
----------
Key:       EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
468224 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
34312 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  
----------
Key:       FolderSize
ImagePath: "C:\Program Files\FolderSize\FolderSizeSvc.exe"
C:\Program Files\FolderSize\FolderSizeSvc.exe
131072 bytes
Created:  14/11/2007
Modified: 14/11/2007
Company:  Brio
----------
Key:       gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created:  19/01/2008
Modified: 04/01/2007
Company:  Google
----------
Key:       HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
242304 bytes
Created:  17/11/2006
Modified: 18/10/2005
Company:  Conexant Systems, Inc.
----------
Key:       ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5672032 bytes
Created:  03/02/2008
Modified: 13/01/2007
Company:  Intel Corporation
----------
Key:       IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
21424 bytes
Created:  11/11/2005
Modified: 31/05/2007
Company:  Lenovo.
----------
Key:       IBMPMSVC
ImagePath: %SystemRoot%\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ibmpmsvc.exe
36400 bytes
Created:  11/11/2005
Modified: 31/05/2007
Company:  Lenovo
----------
Key:       IBMTPCHK
ImagePath: \??\C:\WINDOWS\System32\Drivers\IBMBLDID.sys
C:\WINDOWS\System32\Drivers\IBMBLDID.sys
6016 bytes
Created:  17/11/2006
Modified: 13/01/2006
Company:  
----------
Key:       IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created:  14/11/2005
Modified: 14/11/2005
Company:  Macrovision Corporation
----------
Key:       IKFileFlt
ImagePath: system32\drivers\ikfileflt.sys
C:\WINDOWS\system32\drivers\ikfileflt.sys
39248 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
52304 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       IkSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
59984 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
Key:       lxdd_device
ImagePath: C:\WINDOWS\system32\lxddcoms.exe -service
C:\WINDOWS\system32\lxddcoms.exe
537520 bytes
Created:  19/01/2008
Modified: 13/02/2007
Company:   
----------
Key:       MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created:  26/10/2006
Modified: 26/10/2006
Company:  Microsoft Corporation
----------
Key:       NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
382248 bytes
Created:  20/09/2007
Modified: 20/09/2007
Company:  Nero AG
----------
Key:       NSCIRDA
ImagePath: System32\DRIVERS
scirda.sys
C:\WINDOWS\System32\DRIVERS
scirda.sys
28672 bytes
Created:  17/11/2006
Modified: 04/08/2004
Company:  National Semiconductor Corporation
----------
Key:       odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
----------
Key:       ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created:  26/10/2006
Modified: 26/10/2006
Company:  Microsoft Corporation
----------
Key:       pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created:  19/01/2008
Modified: 19/01/2008
Company:  Padus, Inc.
----------
Key:       psadd
ImagePath: system32\DRIVERS\psadd.sys
C:\WINDOWS\system32\DRIVERS\psadd.sys
21376 bytes
Created:  18/01/2008
Modified: 19/02/2007
Company:  Lenovo (United States) Inc.
----------
Key:       Shockprf
ImagePath: System32\DRIVERS\Apsx86.sys
C:\WINDOWS\System32\DRIVERS\Apsx86.sys
100144 bytes
Created:  25/12/2006
Modified: 25/12/2006
Company:  Lenovo.
----------
Key:       Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created:  17/11/2006
Modified: 02/10/2006
Company:  Microsoft Corporation
----------
Key:       smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
260224 bytes
Created:  17/11/2006
Modified: 10/02/2005
Company:  Analog Devices, Inc.
----------
Key:       SolidWorks Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe"
C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
79360 bytes
Created:  07/03/2008
Modified: 07/03/2008
Company:  SolidWorks
----------
Key:       SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created:  17/11/2006
Modified: 20/09/2002
Company:  Analog Devices, Inc.
----------
Key:       sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key:       ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created:  19/01/2008
Modified: 30/08/2005
Company:  MCCI
----------
Key:       ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created:  19/01/2008
Modified: 30/08/2005
Company:  MCCI
----------
Key:       ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created:  19/01/2008
Modified: 30/08/2005
Company:  MCCI
----------
Key:       SUService
ImagePath: c:\program files\lenovo\system update\suservice.exe
c:\program files\lenovo\system update\suservice.exe
32768 bytes
Created:  16/05/2008
Modified: 16/05/2008
Company:  Lenovo Group Limited
----------
Key:       SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{80DC98F3-6751-434B-A813-D18D5EFD7A18}
C:\WINDOWS\System32\dllhost.exe 
5120 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
Key:       SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
177664 bytes
Created:  17/11/2006
Modified: 14/02/2006
Company:  Synaptics, Inc.
----------
Key:       TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9343 bytes
Created:  17/11/2006
Modified: 02/10/2006

vincolo · Answer

trojan remover en mode sans échec:
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 15:55:46 23 août 2008
Using Database v7109
Operating System:  Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System:       NTFS
Data directory:     C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory:  D:\Mes Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
PC appears to be in SAFE MODE.

************************************************************


************************************************************
15:55:46: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
15:55:46: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
15:55:46: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
15:55:47: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created:  29/05/2003
Modified: 13/06/2007
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinPatrol
Value Data: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
271936 bytes
Created:  19/04/2007
Modified: 19/04/2007
Company:  BillP Studios
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
856064 bytes
Created:  17/11/2006
Modified: 02/06/2006
Company:  Lenovo
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created:  25/07/2006
Modified: 02/10/2006
Company:  
--------------------
Value Name: PWRMGRTR
Value Data: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
151552 bytes
Created:  17/11/2006
Modified: 26/05/2006
Company:  Lenovo Group Limited
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
131072 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
163840 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
135168 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: TVT Scheduler Proxy
Value Data: C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
487424 bytes
Created:  04/03/2008
Modified: 04/03/2008
Company:  Lenovo Group Limited
--------------------
Value Name: LXDDCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll
102400 bytes
Created:  19/01/2008
Modified: 23/01/2007
Company:  Lexmark International, Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1447168 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created:  23/08/2008
Modified: 19/08/2008
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: pdfSaver3
Value Data: "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
380928 bytes
Created:  05/09/2004
Modified: 05/09/2004
Company:  Tracker Software Products Ltd.
--------------------
Value Name: SuperCopier2.exe
Value Data: C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
716808 bytes
Created:  07/07/2006
Modified: 25/06/2006
Company:  
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created:  01/04/2008
Modified: 01/04/2008
Company:  DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
15:55:53: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:      shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value:     Groove GFS Stub Execution Hook
File:      C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value:     Microsoft AntiMalware ShellExecuteHook
File:      C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created:  03/11/2006
Modified: 03/11/2006
Company:  Microsoft Corporation
----------

************************************************************
15:55:53: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
15:55:54: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
15:55:54: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
15:55:54: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key:  BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created:  17/11/2006
Modified: 20/08/2004
Company:  Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
15:55:57: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       AcPrfMgrSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
53248 bytes
Created:  17/11/2006
Modified: 25/12/2006
Company:  
----------
Key:       ACS
ImagePath: C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\acs.exe
36864 bytes
Created:  17/11/2006
Modified: 08/11/2005
Company:  
----------
Key:       AcSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
172032 bytes
Created:  17/11/2006
Modified: 25/12/2006
Company:  Lenovo
----------
Key:       aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
133200 bytes
Created:  17/11/2006
Modified: 17/05/2004
Company:  Andrea Electronics Corporation
----------
Key:       AegisP
ImagePath: System32\DRIVERS\AegisP.sys
C:\WINDOWS\System32\DRIVERS\AegisP.sys
21275 bytes
Created:  17/11/2006
Modified: 17/11/2006
Company:  Meetinghouse Data Communications
----------
Key:       ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created:  17/11/2006
Modified: 08/11/2005
Company:  IBM Corp.
----------
Key:       AR5211
ImagePath: System32\DRIVERS\ar5211.sys
C:\WINDOWS\System32\DRIVERS\ar5211.sys
471616 bytes
Created:  17/11/2006
Modified: 18/04/2006
Company:  Atheros Communications, Inc.
----------
Key:       b57w2k
ImagePath: System32\DRIVERS\b57xp32.sys
C:\WINDOWS\System32\DRIVERS\b57xp32.sys
152064 bytes
Created:  09/03/2006
Modified: 09/03/2006
Company:  Broadcom Corporation
----------
Key:       CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96370 bytes
Created:  31/01/2007
Modified: 31/01/2007
Company:  Canon Inc.
----------
Key:       Diskeeper
ImagePath: "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
C:\Program Files\Executive Software\Diskeeper\DkService.exe
606316 bytes
Created:  26/07/2005
Modified: 26/07/2005
Company:  Executive Software International, Inc.
----------
Key:       driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15352 bytes
Created:  02/12/2007
Modified: 02/12/2007
Company:  Ma-Config.com
----------
Key:       eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
39944 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
53256 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       EGATHDRV
ImagePath: \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
5120 bytes
Created:  19/03/2007
Modified: 25/02/2004
Company:  IBM Corporation
----------
Key:       EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
468224 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
34312 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  
----------
Key:       FolderSize
ImagePath: "C:\Program Files\FolderSize\FolderSizeSvc.exe"
C:\Program Files\FolderSize\FolderSizeSvc.exe
131072 bytes
Created:  14/11/2007
Modified: 14/11/2007
Company:  Brio
----------
Key:       gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created:  19/01/2008
Modified: 04/01/2007
Company:  Google
----------
Key:       HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
242304 bytes
Created:  17/11/2006
Modified: 18/10/2005
Company:  Conexant Systems, Inc.
----------
Key:       ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5672032 bytes
Created:  03/02/2008
Modified: 13/01/2007
Company:  Intel Corporation
----------
Key:       IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
21424 bytes
Created:  11/11/2005
Modified: 31/05/2007
Company:  Lenovo.
----------
Key:       IBMPMSVC
ImagePath: %SystemRoot%\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ibmpmsvc.exe
36400 bytes
Created:  11/11/2005
Modified: 31/05/2007
Company:  Lenovo
----------
Key:       IBMTPCHK
ImagePath: \??\C:\WINDOWS\System32\Drivers\IBMBLDID.sys
C:\WINDOWS\System32\Drivers\IBMBLDID.sys
6016 bytes
Created:  17/11/2006
Modified: 13/01/2006
Company:  
----------
Key:       IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created:  14/11/2005
Modified: 14/11/2005
Company:  Macrovision Corporation
----------
Key:       IKFileFlt
ImagePath: system32\drivers\ikfileflt.sys
C:\WINDOWS\system32\drivers\ikfileflt.sys
39248 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
52304 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       IkSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
59984 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
Key:       lxdd_device
ImagePath: C:\WINDOWS\system32\lxddcoms.exe -service
C:\WINDOWS\system32\lxddcoms.exe
537520 bytes
Created:  19/01/2008
Modified: 13/02/2007
Company:   
----------
Key:       MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created:  26/10/2006
Modified: 26/10/2006
Company:  Microsoft Corporation
----------
Key:       NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
382248 bytes
Created:  20/09/2007
Modified: 20/09/2007
Company:  Nero AG
----------
Key:       NSCIRDA
ImagePath: System32\DRIVERS
scirda.sys
C:\WINDOWS\System32\DRIVERS
scirda.sys
28672 bytes
Created:  17/11/2006
Modified: 04/08/2004
Company:  National Semiconductor Corporation
----------
Key:       odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
----------
Key:       ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created:  26/10/2006
Modified: 26/10/2006
Company:  Microsoft Corporation
----------
Key:       pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created:  19/01/2008
Modified: 19/01/2008
Company:  Padus, Inc.
----------
Key:       psadd
ImagePath: system32\DRIVERS\psadd.sys
C:\WINDOWS\system32\DRIVERS\psadd.sys
21376 bytes
Created:  18/01/2008
Modified: 19/02/2007
Company:  Lenovo (United States) Inc.
----------
Key:       Shockprf
ImagePath: System32\DRIVERS\Apsx86.sys
C:\WINDOWS\System32\DRIVERS\Apsx86.sys
100144 bytes
Created:  25/12/2006
Modified: 25/12/2006
Company:  Lenovo.
----------
Key:       Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created:  17/11/2006
Modified: 02/10/2006
Company:  Microsoft Corporation
----------
Key:       smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
260224 bytes
Created:  17/11/2006
Modified: 10/02/2005
Company:  Analog Devices, Inc.
----------
Key:       SolidWorks Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe"
C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
79360 bytes
Created:  07/03/2008
Modified: 07/03/2008
Company:  SolidWorks
----------
Key:       SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created:  17/11/2006
Modified: 20/09/2002
Company:  Analog Devices, Inc.
----------
Key:       sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key:       ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created:  19/01/2008
Modified: 30/08/2005
Company:  MCCI
----------
Key:       ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created:  19/01/2008
Modified: 30/08/2005
Company:  MCCI
----------
Key:       ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created:  19/01/2008
Modified: 30/08/2005
Company:  MCCI
----------
Key:       SUService
ImagePath: c:\program files\lenovo\system update\suservice.exe
c:\program files\lenovo\system update\suservice.exe
32768 bytes
Created:  16/05/2008
Modified: 16/05/2008
Company:  Lenovo Group Limited
----------
Key:       SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{80DC98F3-6751-434B-A813-D18D5EFD7A18}
C:\WINDOWS\System32\dllhost.exe 
5120 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
Key:       SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
177664 bytes
Created:  17/11/2006
Modified: 14/02/2006
Company:  Synaptics, Inc.
----------
Key:       TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9343 bytes
Created:  17/11/2006
Modified: 02/10/2006
Company:  
----------
Key:       ThinkVantage Registry Monitor Service
ImagePath: "C:\Program Files\Fichiers communs\Lenovo	vt_reg_monitor_svc.exe"
C:\Program Files\Fichiers communs\Lenovo	vt_reg_monitor_svc.exe
644408 bytes
Created:  26/09/2007
Modified: 26/09/2007
Company:  Lenovo Group Limited
----------
Key:       TPDIGIMN
ImagePath: System32\DRIVERS\ApsHM86.sys
C:\WINDOWS\System32\DRIVERS\ApsHM86.sys
19760 bytes
Created:  25/12/2006
Modified: 25/12/2006
Company:  Lenovo.
----------
Key:       TPHDEXLGSVC
ImagePath: System32\TPHDEXLG.exe
C:\WINDOWS\System32\TPHDEXLG.exe
37168 bytes
Created:  25/12/2006
Modified: 25/12/2006
Company:  Lenovo.
----------
Key:       TPInput
ImagePath: System32\DRIVERS\TPInput.sys
C:\WINDOWS\System32\DRIVERS\TPInput.sys
6528 bytes
Created:  17/11/2006
Modified: 26/09/2006
Company:  Lenovo, Ltd. and IBM Corporation.
----------
Key:       TpKmpSVC
ImagePath: C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpKmpSVC.exe
32768 bytes
Created:  17/11/2006
Modified: 06/06/2005
Company:  
----------
Key:       TPM
ImagePath: System32\DRIVERS	pm.sys
C:\WINDOWS\System32\DRIVERS	pm.sys
17792 bytes
Created:  09/10/2005
Modified: 09/10/2005
Company:  Winbond Electronics Corp.
----------
Key:       TPPWRIF
ImagePath: System32\drivers\Tppwrif.sys
C:\WINDOWS\System32\drivers\Tppwrif.sys
4442 bytes
Created:  17/11/2006
Modified: 26/05/2006
Company:  
----------
Key:       TSMAPIP
ImagePath: System32\drivers\TSMAPIP.SYS
C:\WINDOWS\System32\drivers\TSMAPIP.SYS
7168 bytes
Created:  17/11/2006
Modified: 10/01/2007
Company:  
----------
Key:       TVT Scheduler
ImagePath: "C:\Program Files\Fichiers communs\Lenovo\Scheduler	vtsched.exe"
C:\Program Files\Fichiers communs\Lenovo\Scheduler	vtsched.exe
1122304 bytes
Created:  04/03/2008
Modified: 04/03/2008
Company:  Lenovo Group Limited
----------
Key:       usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created:  18/10/2007
Modified: 18/10/2007
Company:  Microsoft Corporation
----------
Key:       WinDefend
ImagePath: "C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Program Files\Windows Defender\MsMpEng.exe
13592 bytes
Created:  03/11/2006
Modified: 03/11/2006
Company:  Microsoft Corporation
----------
Key:       WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created:  25/10/2007
Modified: 25/10/2007
Company:  Microsoft Corporation
----------

************************************************************
15:56:13: Scanning -----VXD ENTRIES-----

************************************************************
15:56:13: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key    : igfxcui
DLLName: igfxdev.dll
C:\WINDOWS\system32\igfxdev.dll
204800 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
----------
Key    : tpfnf2
DLLName: notifyf2.dll
C:\WINDOWS\system32
otifyf2.dll
28672 bytes
Created:  06/07/2005
Modified: 06/07/2005
Company:  
----------
Key    : tphotkey
DLLName: tphklock.dll
C:\WINDOWS\system32	phklock.dll
24576 bytes
Created:  30/11/2005
Modified: 30/11/2005
Company:  
----------

************************************************************
15:56:13: Scanning ----- CONTEXTMENUHANDLERS -----
Key:   Cover Designer
CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
Path:  C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
2106664 bytes
Created:  24/09/2007
Modified: 24/09/2007
Company:  Nero AG
----------
Key:   Eset Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path:  C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
169216 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:   ShellExtension
CLSID: [empty]
----------

************************************************************
15:56:14: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key:  {04DAAD08-70EF-450E-834A-DCFAF9B48748}
File: C:\Program Files\FolderSize\FolderSizeColumn.dll
C:\Program Files\FolderSize\FolderSizeColumn.dll
102400 bytes
Created:  14/11/2007
Modified: 14/11/2007
Company:  Brio
----------
Key:  {F9DB5320-233E-11D1-9F84-707F02C10627}
File: [CLSID does not appear to reference a file]

************************************************************
15:56:14: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {07A11D74-9D25-4fea-A833-8B0D76A5577A}
BHO: C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
-R- 70928 bytes
Created:  24/07/2007
Modified: 24/07/2007
Company:  Mindjet
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
1562448 bytes
Created:  22/08/2008
Modified: 07/07/2008
Company:  Safer Networking Limited
----------
Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
BHO: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - file already scanned
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created:  20/09/2007
Modified: 20/09/2007
Company:  Microsoft Corporation
----------
Key: {AC41D38F-B56D-40AD-94E0-B493D130C959}
BHO: C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
-R- 65536 bytes
Created:  14/12/2006
Modified: 14/12/2006
Company:  Mindjet
----------

************************************************************
15:56:14: Scanning ----- SHELLSERVICEOBJECTS -----
Key:   SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path:  %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
Key:   WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path:  C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created:  18/10/2006
Modified: 18/10/2006
Company:  Microsoft Corporation
----------

************************************************************
15:56:15: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
15:56:15: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
15:56:15: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

************************************************************
15:56:15: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [file not found to scan]
----------

************************************************************
15:56:15: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created:  17/11/2006
Modified: 17/11/2006
Company:  
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
15:56:15: Scanning ----- SCHEDULED TASKS -----
Taskname:      MP Scheduled Scan.job
File:          C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
293144 bytes
Created:  03/11/2006
Modified: 03/11/2006
Company:  Microsoft Corporation
Parameters:    Scan -RestrictPrivileges
Next Run Time: 24/08/2008 01:54:00
Status:        La tâche n'a pas encore été exécutée
Creator:       SYSTEM
Comments:      Scheduled Scan
----------
Taskname:      PMTask.job
File:          C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
20480 bytes
Created:  17/11/2006
Modified: 26/05/2006
Company:  
Parameters:    [blank]
Next Run Time: Never
Status:        La tâche n'a pas encore été exécutée
Creator:       Administrateur
Comments:      [blank]
----------

************************************************************
15:56:15: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
15:56:15: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
11614518 bytes
Created:  17/11/2006
Modified: 21/02/2008
Company:  
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
11614518 bytes
Created:  17/11/2006
Modified: 21/02/2008
Company:  
----------
Additional checks completed

************************************************************
15:56:16: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\oek1.exe
FileSize:          2548288
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
15:56:18: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
15:56:18: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
15:56:18: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.centre-valdeloire.fr
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 15:56:18 23 août 2008
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 14:59:24 23 août 2008
Using Database v7109
Operating System:  Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System:       NTFS
Data directory:     C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory:  D:\Mes Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
ESET NOD32 Antivirus

************************************************************


************************************************************
14:59:24: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
14:59:24: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
14:59:24: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
14:59:25: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created:  29/05/2003
Modified: 13/06/2007
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinPatrol
Value Data: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
271936 bytes
Created:  19/04/2007
Modified: 19/04/2007
Company:  BillP Studios
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
856064 bytes
Created:  17/11/2006
Modified: 02/06/2006
Company:  Lenovo
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created:  25/07/2006
Modified: 02/10/2006
Company:  
--------------------
Value Name: PWRMGRTR
Value Data: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
151552 bytes
Created:  17/11/2006
Modified: 26/05/2006
Company:  Lenovo Group Limited
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
131072 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
163840 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
135168 bytes
Created:  15/09/2006
Modified: 13/01/2007
Company:  Intel Corporation
--------------------
Value Name: TVT Scheduler Proxy
Value Data: C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
487424 bytes
Created:  04/03/2008
Modified: 04/03/2008
Company:  Lenovo Group Limited
--------------------
Value Name: LXDDCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll
102400 bytes
Created:  19/01/2008
Modified: 23/01/2007
Company:  Lexmark International, Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1447168 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created:  23/08/2008
Modified: 19/08/2008
Company:  Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: pdfSaver3
Value Data: "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
380928 bytes
Created:  05/09/2004
Modified: 05/09/2004
Company:  Tracker Software Products Ltd.
--------------------
Value Name: SuperCopier2.exe
Value Data: C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
716808 bytes
Created:  07/07/2006
Modified: 25/06/2006
Company:  
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created:  01/04/2008
Modified: 01/04/2008
Company:  DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
14:59:26: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:      shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value:     Groove GFS Stub Execution Hook
File:      C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value:     Microsoft AntiMalware ShellExecuteHook
File:      C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created:  03/11/2006
Modified: 03/11/2006
Company:  Microsoft Corporation
----------

************************************************************
14:59:26: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
14:59:27: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
14:59:27: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
14:59:27: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key:  BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created:  17/11/2006
Modified: 20/08/2004
Company:  Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
14:59:27: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       AcPrfMgrSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
53248 bytes
Created:  17/11/2006
Modified: 25/12/2006
Company:  
----------
Key:       ACS
ImagePath: C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\acs.exe
36864 bytes
Created:  17/11/2006
Modified: 08/11/2005
Company:  
----------
Key:       AcSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
172032 bytes
Created:  17/11/2006
Modified: 25/12/2006
Company:  Lenovo
----------
Key:       aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
133200 bytes
Created:  17/11/2006
Modified: 17/05/2004
Company:  Andrea Electronics Corporation
----------
Key:       AegisP
ImagePath: System32\DRIVERS\AegisP.sys
C:\WINDOWS\System32\DRIVERS\AegisP.sys
21275 bytes
Created:  17/11/2006
Modified: 17/11/2006
Company:  Meetinghouse Data Communications
----------
Key:       ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created:  17/11/2006
Modified: 08/11/2005
Company:  IBM Corp.
----------
Key:       AR5211
ImagePath: System32\DRIVERS\ar5211.sys
C:\WINDOWS\System32\DRIVERS\ar5211.sys
471616 bytes
Created:  17/11/2006
Modified: 18/04/2006
Company:  Atheros Communications, Inc.
----------
Key:       b57w2k
ImagePath: System32\DRIVERS\b57xp32.sys
C:\WINDOWS\System32\DRIVERS\b57xp32.sys
152064 bytes
Created:  09/03/2006
Modified: 09/03/2006
Company:  Broadcom Corporation
----------
Key:       CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96370 bytes
Created:  31/01/2007
Modified: 31/01/2007
Company:  Canon Inc.
----------
Key:       Diskeeper
ImagePath: "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
C:\Program Files\Executive Software\Diskeeper\DkService.exe
606316 bytes
Created:  26/07/2005
Modified: 26/07/2005
Company:  Executive Software International, Inc.
----------
Key:       driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15352 bytes
Created:  02/12/2007
Modified: 02/12/2007
Company:  Ma-Config.com
----------
Key:       eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
39944 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
53256 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       EGATHDRV
ImagePath: \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
5120 bytes
Created:  19/03/2007
Modified: 25/02/2004
Company:  IBM Corporation
----------
Key:       EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
468224 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  ESET
----------
Key:       epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
34312 bytes
Created:  01/07/2008
Modified: 01/07/2008
Company:  
----------
Key:       FolderSize
ImagePath: "C:\Program Files\FolderSize\FolderSizeSvc.exe"
C:\Program Files\FolderSize\FolderSizeSvc.exe
131072 bytes
Created:  14/11/2007
Modified: 14/11/2007
Company:  Brio
----------
Key:       gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created:  19/01/2008
Modified: 04/01/2007
Company:  Google
----------
Key:       HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
242304 bytes
Created:  17/11/2006
Modified: 18/10/2005
Company:  Conexant Systems, Inc.
----------
Key:       ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5672032 bytes
Created:  03/02/2008
Modified: 13/01/2007
Company:  Intel Corporation
----------
Key:       IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
21424 bytes
Created:  11/11/2005
Modified: 31/05/2007
Company:  Lenovo.
----------
Key:       IBMPMSVC
ImagePath: %SystemRoot%\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ibmpmsvc.exe
36400 bytes
Created:  11/11/2005
Modified: 31/05/2007
Company:  Lenovo
----------
Key:       IBMTPCHK
ImagePath: \??\C:\WINDOWS\System32\Drivers\IBMBLDID.sys
C:\WINDOWS\System32\Drivers\IBMBLDID.sys
6016 bytes
Created:  17/11/2006
Modified: 13/01/2006
Company:  
----------
Key:       IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created:  14/11/2005
Modified: 14/11/2005
Company:  Macrovision Corporation
----------
Key:       IKFileFlt
ImagePath: system32\drivers\ikfileflt.sys
C:\WINDOWS\system32\drivers\ikfileflt.sys
39248 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
52304 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       IkSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
59984 bytes
Created:  21/08/2008
Modified: 19/04/2007
Company:  
----------
Key:       ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
Key:       lxdd_device
ImagePath: C:\WINDOWS\system32\lxddcoms.exe -service
C:\WINDOWS\system32\lxddcoms.exe
537520 bytes
Created:  19/01/2008
Modified: 13/02/2007
Company:   
----------
Key:       MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created:  26/10/2006
Modified: 26/10/2006
Company:  Microsoft Corporation
----------
Key:       NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
382248 bytes
Created:  20/09/2007
Modified: 20/09/2007
Company:  Nero AG
----------
Key:       NSCIRDA
ImagePath: System32\DRIVERS
scirda.sys
C:\WINDOWS\System32\DRIVERS
scirda.sys
28672 bytes
Created:  17/11/2006
Modified: 04/08/2004
Company:  National Semiconductor Corporation
----------
Key:       odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created:  24/08/2007
Modified: 24/08/2007
Company:  Microsoft Corporation
----------
Key:       ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created:  26/10/2006
Modified: 26/10/2006
Company:  Microsoft Corporation
----------
Key:       pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created:  19/01/2008
Modified: 19/01/2008
Company:  Padus, Inc.
----------
Key:       psadd
ImagePath: system32\DRIVERS\psadd.sys
C:\WINDOWS\system32\DRIVERS\psadd.sys
21376 bytes
Created:  18/01/2008
Modified: 19/02/2007
Company:  Lenovo (United States) Inc.
----------
Key:       Shockprf
ImagePath: System32\DRIVERS\Apsx86.sys
C:\WINDOWS\System32\DRIVERS\Apsx86.sys
100144 bytes
Created:  25/12/2006
Modified: 25/12/2006
Company:  Lenovo.
----------
Key:       Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created:  17/11/2006
Modified: 02/10/2006
Company:  Microsoft Corporation
----------
Key:       smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
260224 bytes
Created:  17/11/2006
Modified: 10/02/2005
Company:  Analog Devices, Inc.
----------
Key:       SolidWorks Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe"
C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
79360 bytes
Created:  07/03/2008
Modified: 07/03/2008
Company:  SolidWorks
----------
Key:       SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created:  17/11/2006
Modified: 20/09/2002
Company:  Analog Devices, Inc.
----------
Key:       sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key:       ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created:  19/01/2008
Modified: 30/08/2005
Company:  MCCI
----------
Key:       ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created:  19/01/2008
Modified: 30/08/2005
Company:  MCCI
----------
Key:       ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created:  19/01/2008
Modified: 30/08/2005
Company:  MCCI
----------
Key:       SUService
ImagePath: c:\program files\lenovo\system update\suservice.exe
c:\program files\lenovo\system update\suservice.exe
32768 bytes
Created:  16/05/2008
Modified: 16/05/2008
Company:  Lenovo Group Limited
----------
Key:       SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{80DC98F3-6751-434B-A813-D18D5EFD7A18}
C:\WINDOWS\System32\dllhost.exe 
5120 bytes
Created:  24/04/2003
Modified: 20/08/2004
Company:  Microsoft Corporation
----------
Key:       SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
177664 bytes
Created:  17/11/2006
Modified: 14/02/2006
Company:  Synaptics, Inc.
----------
Key:       TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9343 bytes
Created:  17/11/2006
Modified: 02/10/2006

vincolo · Answer

ce que je ne comprends pas c'est que malware me détecte encore le trojan downld en mode normal et que j'ai beau l'effacé il revient à chaque redémarrage

InfernO.vir · Answer

Fait ce que je t'ai dit avec OTMoveIt

vincolo · Answer

sorry
j'avis pas vu ton message
je m'en occupe
merci

InfernO.vir · Answer

J'espere que cela va marché! parce que sinon!

Utilisateur anonyme · Answer

Salut

pour aider,

branche tout tes disque (clé usb , disques externes...) sans les ouvrir

ensuite refais un scan combofix et post le rapport , et laisse tes disques externes branché pour l instant

à+

InfernO.vir · Answer

Atends il fait OTMoveIt normalement il devrait le virer!

vincolo · Answer

ca m'a donné ca

File/Folder  not found.
C:\WINDOWS\system32\drivers\downld moved successfully.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08232008_162613


tu penses que c'est bon????

Merci encore de ton aide

InfernO.vir · Answer

Normalement oui redemarre ton pc et dit moi

Utilisateur anonyme · Answer

Redémarre comme le dis infeno.vir et post un rapport findB pour verif stp

InfernO.vir · Answer

non pas findB , mbam

Utilisateur anonyme · Answer

findB-----> + rapide -;) on sera fixé qu en penses tu ?

InfernO.vir · Answer

Si mets les 2 rapport pour plus de clarté

InfernO.vir · Answer

Exact on a ecrit a 10 seconde d'intervalles ^^ bon Fix de ta part!?

Utilisateur anonyme · Answer

Voila ce que je pense le dossier downld est vide mais au demarage il se regenere a cause de :

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4857-ca71-11dc-8f62-0014a4334df6}] 
\Shell\AutoRun\command - J:
tde1ect.com 
\Shell\explore\Command - J:
tde1ect.com 
\Shell\open\Command - J:
tde1ect.com 

donc il faut s ouccuper des infection usb avant

InfernO.vir · Answer

Oui jle pense aussi mais ces disques amovibles ne sont pas branchés et OTMoveIt a degager downld mais on verra bien, de tte facon lorsque son pc sera desinfecté il va falloir s'occuper de ses clés

vincolo · Answer

ca me soule

findb


+- FindB mis a jours le  21/08/08 par Chiquitine29



+- Recherche de fichier bagle :




+- Recherche dans : C:\WINDOWS\Prefetch :


C:\WINDOWS\Prefetch\WINTEMS.EXE Absent 
C:\WINDOWS\Prefetch\MDELK.EXE Absent 
C:\WINDOWS\Prefetch\HLDRRR.EXE Absent 
C:\WINDOWS\Prefetch\FLEC006.EXE Absent 


+- Recherche dans : C:\WINDOWS\system32 :


C:\WINDOWS\system32\hldrrr.exe Absent 
C:\WINDOWS\system32\mdelk.exe Absent 
C:\WINDOWS\system32\wintems.exe Absent 
C:\WINDOWS\system32\ban_list.txt Absent 


+- Recherche dans : C:\WINDOWS\system32\drivers :


C:\WINDOWS\system32\drivers\mdelk.exe Absent 
C:\WINDOWS\system32\drivers\srosa.sys Absent 
C:\WINDOWS\system32\drivers\hldrrr.exe Absent 
C:\WINDOWS\system32\drivers\downld Présent!!


+- Recherche dans : C:\Documents and Settings\Administrateur\Application Data :




+- Registre :


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    WinPatrol	REG_SZ	C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    TPKMAPHELPER	REG_SZ	C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    TPHOTKEY	REG_SZ	C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    PWRMGRTR	REG_SZ	rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    GrooveMonitor	REG_SZ	"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    IgfxTray	REG_SZ	C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds	REG_SZ	C:\WINDOWS\system32\hkcmd.exe
    Persistence	REG_SZ	C:\WINDOWS\system32\igfxpers.exe
    TVT Scheduler Proxy	REG_SZ	C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    LXDDCATS	REG_SZ	rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
    TrojanScanner	REG_SZ	C:\Program Files\Trojan Remover\Trjscan.exe /boot

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    pdfSaver3	REG_SZ	"C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    SuperCopier2.exe	REG_SZ	C:\Program Files\SuperCopier2\SuperCopier2.exe
    DAEMON Tools Lite	REG_SZ	"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe
    SpybotSD TeaTimer	REG_SZ	C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

+- Recherche terminee !



+- Execute le : 23/08/2008 a 16:49:25,76


et malware

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1078
Windows 5.1.2600 Service Pack 2

16:48:00 23/08/2008
mbam-log-08-23-2008 (16-47-58).txt

Type de recherche: Examen rapide
Eléments examinés: 47338
Temps écoulé: 4 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

voila ou j'en suis
merci encore de votre aide

InfernO.vir · Answer

Bon alors Chiquitine29 veut-tu stp prendre ma place pour desinfecter ses clés?

vincolo · Answer

je tiens à préciser qu'actuellement je n'ai pas de clé dans mon pc portable infecté donc je ne pense pas que ca vienne de la

InfernO.vir · Answer

Mais chiquitine est plus apte a le faire elle pense que ca vient de la donc je vai la laisser faire pour sa moi et les clé jme sens pas apte a le faire jveux pas te faire faire de conneries

vincolo · Answer

ok bah encore merci beaucoup pour ton aide
mais étant donné que depuis ce matin je n'ai pas connecté ma clé sur le pc infecté je ne pense pas que ca vienne de la
merci encore a toi

InfernO.vir · Answer

je reste quand meme sur ton sujet mais pour les clé je le laisse a chiquitine je vais la MP

Utilisateur anonyme · Answer

re 

donc si t a des clé suceptible d avoir été infecté , branches les 

refais un scan combofix et post le rapport je te dirai la suite

vincolo · Answer

voci le rapport combofix avec ma clé susceptible d'être infectée connectée a mon pc ComboFix 08-08-21.02 - Administrateur 2008-08-23 17:09:11.10 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1008 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\downld . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))))))) . 2008-08-23 14:46 . 2008-08-23 14:47 d-------- C:\Program Files\Trojan Remover 2008-08-23 14:46 . 2008-08-23 14:46 d----c--- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-08-23 14:46 . 2008-08-23 14:46 d----c--- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software 2008-08-23 14:46 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-08-23 14:46 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-08-23 14:46 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-08-23 14:46 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-08-23 11:15 . 2008-08-23 11:19 d----c--- C:\Combo-Fix 2008-08-22 23:50 . 2008-08-22 23:50 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-22 23:05 . 2008-08-22 23:08 d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-22 23:05 . 2008-08-22 23:32 d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-22 21:42 . 2008-08-22 21:42 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-22 21:42 . 2008-08-22 21:42 d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-22 21:42 . 2008-08-22 21:42 d----c--- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-08-22 21:42 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-22 21:42 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-22 21:11 . 2008-08-23 16:49 7,896 --a--c--- C:\FindB.txt) 2008-08-22 16:04 . 2008-08-22 16:04 d----c--- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-22 13:17 . 2008-08-22 13:17 d----c--- C:\logs 2008-08-21 11:23 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-21 11:23 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-21 11:23 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-08-20 15:06 . 2008-08-20 15:06 d-------- C:\Program Files\Fichiers communs\Lenovo 2008-08-15 12:18 . 2008-08-15 12:18 d----c--- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic 2008-08-14 07:40 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-23 14:23 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-23 10:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-21 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-21 08:49 --------- d-----w C:\Program Files\eMule 2008-08-20 17:35 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\uTorrent 2008-08-20 13:06 --------- d-----w C:\Program Files\Lenovo 2008-08-18 11:31 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\ZoomBrowser EX 2008-08-18 11:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\CameraWindowDC 2008-08-12 07:34 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\dvdcss 2008-07-25 21:54 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\BSplayer PRO 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-03 09:18 --------- d-----w C:\Program Files\Soulseek 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\GRETECH 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\GRETECH 2008-07-02 20:29 --------- d-----w C:\Program Files\GRETECH 2008-06-28 21:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-02-08 22:40 3,960,680 -c--a-w C:\Documents and Settings\Administrateur\TRACE_BOOT+DRIVERS_1_1.BIN 2007-03-31 14:06 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2007-03-29 14:01 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 18:20 380928] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-06-25 09:02 716808] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 14:33 271936] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 23:00 856064] "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19 94208] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 02:13 151552] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 10:47 131072] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 10:47 163840] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 10:46 135168] "TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 10:34 487424] "LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-23 00:05 102400] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-19 20:08 914512] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160] C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Post-it© Software Notes.lnk - C:\Program Files\3M\PSNotes2\Psn2.exe [2002-12-23 12:24:04 659456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify pfnf2] 2005-07-06 00:45 28672 C:\WINDOWS\system32 otifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify photkey] 2005-11-30 21:16 24576 C:\WINDOWS\system32 phklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "msacm.l3codec"= l3codecp.acm "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal ga.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk] path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray] --a------ 2006-12-25 11:34 409600 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon] --a------ 2006-12-25 11:29 110592 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] --a------ 2006-05-26 02:13 208896 C:\PROGRA~1\ThinkPad\UTILIT~1\BATLOGEX.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP] --a------ 2006-11-29 03:30 243248 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] --a------ 2004-08-06 03:10 442368 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a------ 2007-01-13 10:47 163840 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a------ 2007-01-13 10:46 135168 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2007-01-13 10:47 131072 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 10:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-02-14 15:16 512000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2006-02-14 15:17 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKBDLED] --a------ 2002-10-08 23:28 40960 C:\WINDOWS\system32\TpScrLk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX] --a------ 2005-10-17 02:11 65536 C:\WINDOWS\system32\TP4EX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks] --a------ 2006-12-25 22:15 181808 C:\WINDOWS\system32\TpShocks.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"= "C:\Program Files\Lexmark 2500 Series\App4R.exe"= "C:\WINDOWS\system32\lxddcoms.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18] R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2006-12-25 23:05] R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2006-12-25 23:03] R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 15:13] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\Drivers\IBMBLDID.sys [2006-01-13 01:33] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-26 02:13] R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 01:59] R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 15:13] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df0-cf27-11dc-bfe8-0014a4334df6}] \Shell\AutoRun\command - G: tde1ect.com \Shell\explore\Command - G: tde1ect.com \Shell\open\Command - G: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df2-cf27-11dc-bfe8-0014a4334df6}] \Shell\AutoRun\command - H: tde1ect.com \Shell\explore\Command - H: tde1ect.com \Shell\open\Command - H: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24c6baa3-c609-11dc-a9b3-0014a4334df6}] \Shell\AutoRun\command - ntde1ect.com \Shell\explore\Command - ntde1ect.com \Shell\open\Command - ntde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4855-ca71-11dc-8f62-0014a4334df6}] \Shell\AutoRun\command - I: tde1ect.com \Shell\explore\Command - I: tde1ect.com \Shell\open\Command - I: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4857-ca71-11dc-8f62-0014a4334df6}] \Shell\AutoRun\command - J: tde1ect.com \Shell\explore\Command - J: tde1ect.com \Shell\open\Command - J: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9caa018a-f680-11dc-824c-0014a4334df6}] \Shell\AutoRun\command - G:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6228a95-dbc1-11dc-8211-0014a4334df6}] \Shell\AutoRun\command - G:\ \Shell\explore\Command - RECYCLED\INFO.exe \Shell\open\Command - RECYCLED\INFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c7354b-dde7-11db-a670-0014a41d8fea}] \Shell\Auto\command - I:\sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da92fc4c-c9a5-11dc-814d-0014a4334df6}] \Shell\AutoRun\command - G: ideiect.com \Shell\explore\Command - G: ideiect.com \Shell\open\Command - G: ideiect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4c507aa-f296-11dc-8243-0014a4334df6}] \Shell\AutoRun\command - G:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db4077-e469-11dc-8225-ecac405be524}] \Shell\AutoRun\command - .\MigWiz\migsetup.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ff9lrx0z.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 17:10:24 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32 phklock.dll . Temps d'accomplissement: 2008-08-23 17:11:33 ComboFix-quarantined-files.txt 2008-08-23 15:11:15 Pre-Run: 1,585,143,808 octets libres Post-Run: 1,570,652,160 octets libres 262 --- E O F --- 2008-08-23 10:01:38 Merci de ton aide

vincolo · Answer

ma clé est en g:

Utilisateur anonyme · Answer

Copie le texte ci-dessous : 

File:: 
G:
tde1ect.com 
H:
tde1ect.com 
?:
tde1ect.com 
C:
tde1ect.com 
I:
tde1ect.com 
J:
tde1ect.com 
G:\ReadMe.exe 
G:\RECYCLED\INFO.exe 
I:\sxs.exe 
G:
ideiect.com 

Registry:: 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df0-cf27-11dc-bfe8-0014a4334df6}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df2-cf27-11dc-bfe8-0014a4334df6}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24c6baa3-c609-11dc-a9b3-0014a4334df6}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4855-ca71-11dc-8f62-0014a4334df6}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4857-ca71-11dc-8f62-0014a4334df6}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9caa018a-f680-11dc-824c-0014a4334df6}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6228a95-dbc1-11dc-8211-0014a4334df6}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c7354b-dde7-11db-a670-0014a41d8fea}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da92fc4c-c9a5-11dc-814d-0014a4334df6}] 
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db4077-e469-11dc-8225-ecac405be524}]


Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous : 

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt . 

S'il n'y a pas de rédémarrage, poste quand même le rapport.

InfernO.vir · Answer

Chapeau ^^

vincolo · Answer

pas de redémarrage et combofix ne m'a pas proposé de choix 1 ou 2 il a direct exécuté l'analyse ci dessous ComboFix 08-08-21.02 - Administrateur 2008-08-23 17:51:12.11 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.962 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] FILE :: C: tde1ect.com G: ideiect.com G: tde1ect.com G:\ReadMe.exe G:\RECYCLED\INFO.exe H: tde1ect.com I: tde1ect.com I:\sxs.exe J: tde1ect.com . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))))))) . 2008-08-23 14:46 . 2008-08-23 14:47 d-------- C:\Program Files\Trojan Remover 2008-08-23 14:46 . 2008-08-23 14:46 d----c--- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-08-23 14:46 . 2008-08-23 14:46 d----c--- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software 2008-08-23 14:46 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-08-23 14:46 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-08-23 14:46 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-08-23 14:46 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-08-23 11:15 . 2008-08-23 11:19 d----c--- C:\Combo-Fix 2008-08-22 23:50 . 2008-08-22 23:50 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-22 23:05 . 2008-08-22 23:08 d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-22 23:05 . 2008-08-22 23:32 d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-22 21:42 . 2008-08-22 21:42 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-22 21:42 . 2008-08-22 21:42 d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-22 21:42 . 2008-08-22 21:42 d----c--- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-08-22 21:42 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-22 21:42 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-22 21:11 . 2008-08-23 16:49 7,896 --a--c--- C:\FindB.txt) 2008-08-22 16:04 . 2008-08-22 16:04 d----c--- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-22 13:17 . 2008-08-22 13:17 d----c--- C:\logs 2008-08-21 11:23 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-21 11:23 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-21 11:23 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-08-20 15:06 . 2008-08-20 15:06 d-------- C:\Program Files\Fichiers communs\Lenovo 2008-08-15 12:18 . 2008-08-15 12:18 d----c--- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic 2008-08-14 07:40 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-23 14:23 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-23 10:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-21 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-21 08:49 --------- d-----w C:\Program Files\eMule 2008-08-20 17:35 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\uTorrent 2008-08-20 13:06 --------- d-----w C:\Program Files\Lenovo 2008-08-18 11:31 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\ZoomBrowser EX 2008-08-18 11:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\CameraWindowDC 2008-08-12 07:34 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\dvdcss 2008-07-25 21:54 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\BSplayer PRO 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-03 09:18 --------- d-----w C:\Program Files\Soulseek 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\GRETECH 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\GRETECH 2008-07-02 20:29 --------- d-----w C:\Program Files\GRETECH 2008-06-28 21:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-02-08 22:40 3,960,680 -c--a-w C:\Documents and Settings\Administrateur\TRACE_BOOT+DRIVERS_1_1.BIN 2007-03-31 14:06 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2007-03-29 14:01 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 18:20 380928] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-06-25 09:02 716808] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 14:33 271936] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 23:00 856064] "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19 94208] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 02:13 151552] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 10:47 131072] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 10:47 163840] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 10:46 135168] "TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 10:34 487424] "LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-23 00:05 102400] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-19 20:08 914512] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160] C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Post-it© Software Notes.lnk - C:\Program Files\3M\PSNotes2\Psn2.exe [2002-12-23 12:24:04 659456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify pfnf2] 2005-07-06 00:45 28672 C:\WINDOWS\system32 otifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify photkey] 2005-11-30 21:16 24576 C:\WINDOWS\system32 phklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll "msacm.l3codec"= l3codecp.acm "msacm.divxa32"= msaud32_divx.acm [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal ga.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk] path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray] --a------ 2006-12-25 11:34 409600 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon] --a------ 2006-12-25 11:29 110592 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] --a------ 2006-05-26 02:13 208896 C:\PROGRA~1\ThinkPad\UTILIT~1\BATLOGEX.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP] --a------ 2006-11-29 03:30 243248 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] --a------ 2004-08-06 03:10 442368 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a------ 2007-01-13 10:47 163840 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a------ 2007-01-13 10:46 135168 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2007-01-13 10:47 131072 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 10:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-02-14 15:16 512000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2006-02-14 15:17 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKBDLED] --a------ 2002-10-08 23:28 40960 C:\WINDOWS\system32\TpScrLk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX] --a------ 2005-10-17 02:11 65536 C:\WINDOWS\system32\TP4EX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks] --a------ 2006-12-25 22:15 181808 C:\WINDOWS\system32\TpShocks.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"= "C:\Program Files\Lexmark 2500 Series\App4R.exe"= "C:\WINDOWS\system32\lxddcoms.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18] R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2006-12-25 23:05] R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2006-12-25 23:03] R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 15:13] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\Drivers\IBMBLDID.sys [2006-01-13 01:33] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-26 02:13] R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 01:59] R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 15:13] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df0-cf27-11dc-bfe8-0014a4334df6}] \Shell\AutoRun\command - G: tde1ect.com \Shell\explore\Command - G: tde1ect.com \Shell\open\Command - G: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df2-cf27-11dc-bfe8-0014a4334df6}] \Shell\AutoRun\command - H: tde1ect.com \Shell\explore\Command - H: tde1ect.com \Shell\open\Command - H: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24c6baa3-c609-11dc-a9b3-0014a4334df6}] \Shell\AutoRun\command - ntde1ect.com \Shell\explore\Command - ntde1ect.com \Shell\open\Command - ntde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4855-ca71-11dc-8f62-0014a4334df6}] \Shell\AutoRun\command - I: tde1ect.com \Shell\explore\Command - I: tde1ect.com \Shell\open\Command - I: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4857-ca71-11dc-8f62-0014a4334df6}] \Shell\AutoRun\command - J: tde1ect.com \Shell\explore\Command - J: tde1ect.com \Shell\open\Command - J: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9caa018a-f680-11dc-824c-0014a4334df6}] \Shell\AutoRun\command - G:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6228a95-dbc1-11dc-8211-0014a4334df6}] \Shell\AutoRun\command - G:\ \Shell\explore\Command - RECYCLED\INFO.exe \Shell\open\Command - RECYCLED\INFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c7354b-dde7-11db-a670-0014a41d8fea}] \Shell\Auto\command - I:\sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da92fc4c-c9a5-11dc-814d-0014a4334df6}] \Shell\AutoRun\command - G: ideiect.com \Shell\explore\Command - G: ideiect.com \Shell\open\Command - G: ideiect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4c507aa-f296-11dc-8243-0014a4334df6}] \Shell\AutoRun\command - G:\wd_windows_tools\setup.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db4077-e469-11dc-8225-ecac405be524}] \Shell\AutoRun\command - .\MigWiz\migsetup.exe . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 17:52:14 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32 phklock.dll . Temps d'accomplissement: 2008-08-23 17:53:09 ComboFix-quarantined-files.txt 2008-08-23 15:52:45 ComboFix2.txt 2008-08-23 15:11:35 Pre-Run: 1,542,864,896 octets libres Post-Run: 1,526,628,352 octets libres 265 --- E O F --- 2008-08-23 10:01:38 Merci de ton aide

InfernO.vir · Answer

Ca a l'air d'etre bon, mais c'est chiquitine29 qui s'en occupe elle revient a 19h

vincolo · Answer

ok no problemo
j'ai pas tout compris ce que j'ai fait mais bon
et sinon au sujet du virus downld
tu as une idée pourkoi malgré sa suppression il réapparait à chaque démarrage

merci d'avance

InfernO.vir · Answer

Tt simplement parce que il y a des reste et ces restes se regeneres a chaque demarrage...une fois ces reste enlevés il ne pourra plus se reactiver.

Utilisateur anonyme · Answer

il faut recommencer 

copie/colle ce script :

http://sd-1.archive-host.com/membres/up/116615172019703188/CFScript.txt

renome le CFScipt.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous : 

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt

vincolo · Answer

ca n'a encore pas redémarré mais voila le rapport ComboFix 08-08-21.02 - Administrateur 2008-08-23 18:38:44.13 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.936 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe Command switches used :: C:\Documents and Settings\Administrateur\Bureau\CFScript.txt * Création d'un nouveau point de restauration [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] FILE :: C: tde1ect.com G: ideiect.com G: tde1ect.com G:\ReadMe.exe G:\RECYCLED\INFO.exe G:\wd_windows_tools\setup.exe H: tde1ect.com I: tde1ect.com I:\sxs.exe J: tde1ect.com . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))))))) . 2008-08-23 14:46 . 2008-08-23 14:47 d-------- C:\Program Files\Trojan Remover 2008-08-23 14:46 . 2008-08-23 14:46 d----c--- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-08-23 14:46 . 2008-08-23 14:46 d----c--- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software 2008-08-23 14:46 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-08-23 14:46 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-08-23 14:46 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-08-23 14:46 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-08-23 11:15 . 2008-08-23 11:19 d----c--- C:\Combo-Fix 2008-08-22 23:50 . 2008-08-22 23:50 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-22 23:05 . 2008-08-22 23:08 d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-22 23:05 . 2008-08-22 23:32 d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-22 21:42 . 2008-08-22 21:42 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-22 21:42 . 2008-08-22 21:42 d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-22 21:42 . 2008-08-22 21:42 d----c--- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-08-22 21:42 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-22 21:42 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-22 21:11 . 2008-08-23 16:49 7,896 --a--c--- C:\FindB.txt) 2008-08-22 16:04 . 2008-08-22 16:04 d----c--- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-22 13:17 . 2008-08-22 13:17 d----c--- C:\logs 2008-08-21 11:23 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-21 11:23 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-21 11:23 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-08-20 15:06 . 2008-08-20 15:06 d-------- C:\Program Files\Fichiers communs\Lenovo 2008-08-15 12:18 . 2008-08-15 12:18 d----c--- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic 2008-08-14 07:40 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-23 14:23 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-23 10:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-21 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-21 08:49 --------- d-----w C:\Program Files\eMule 2008-08-20 17:35 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\uTorrent 2008-08-20 13:06 --------- d-----w C:\Program Files\Lenovo 2008-08-18 11:31 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\ZoomBrowser EX 2008-08-18 11:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\CameraWindowDC 2008-08-12 07:34 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\dvdcss 2008-07-25 21:54 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\BSplayer PRO 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-03 09:18 --------- d-----w C:\Program Files\Soulseek 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\GRETECH 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\GRETECH 2008-07-02 20:29 --------- d-----w C:\Program Files\GRETECH 2008-06-28 21:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-02-08 22:40 3,960,680 -c--a-w C:\Documents and Settings\Administrateur\TRACE_BOOT+DRIVERS_1_1.BIN 2007-03-31 14:06 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2007-03-29 14:01 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-08-23_17.11.03.95 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-23 16:13:28 16,384 ----atw C:\WINDOWS emp\Perflib_Perfdata_730.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 18:20 380928] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-06-25 09:02 716808] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 14:33 271936] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 23:00 856064] "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19 94208] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 02:13 151552] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 10:47 131072] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 10:47 163840] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 10:46 135168] "TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 10:34 487424] "LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-23 00:05 102400] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-19 20:08 914512] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160] C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Post-it© Software Notes.lnk - C:\Program Files\3M\PSNotes2\Psn2.exe [2002-12-23 12:24:04 659456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify pfnf2] 2005-07-06 00:45 28672 C:\WINDOWS\system32 otifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify photkey] 2005-11-30 21:16 24576 C:\WINDOWS\system32 phklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal ga.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk] path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray] --a------ 2006-12-25 11:34 409600 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon] --a------ 2006-12-25 11:29 110592 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] --a------ 2006-05-26 02:13 208896 C:\PROGRA~1\ThinkPad\UTILIT~1\BATLOGEX.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP] --a------ 2006-11-29 03:30 243248 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] --a------ 2004-08-06 03:10 442368 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a------ 2007-01-13 10:47 163840 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a------ 2007-01-13 10:46 135168 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2007-01-13 10:47 131072 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 10:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-02-14 15:16 512000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2006-02-14 15:17 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKBDLED] --a------ 2002-10-08 23:28 40960 C:\WINDOWS\system32\TpScrLk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX] --a------ 2005-10-17 02:11 65536 C:\WINDOWS\system32\TP4EX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks] --a------ 2006-12-25 22:15 181808 C:\WINDOWS\system32\TpShocks.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"= "C:\Program Files\Lexmark 2500 Series\App4R.exe"= "C:\WINDOWS\system32\lxddcoms.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18] R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2006-12-25 23:05] R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2006-12-25 23:03] R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 15:13] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\Drivers\IBMBLDID.sys [2006-01-13 01:33] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-26 02:13] R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 01:59] R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 15:13] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df0-cf27-11dc-bfe8-0014a4334df6}] \Shell\AutoRun\command - G: tde1ect.com \Shell\explore\Command - G: tde1ect.com \Shell\open\Command - G: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df2-cf27-11dc-bfe8-0014a4334df6}] \Shell\AutoRun\command - H: tde1ect.com \Shell\explore\Command - H: tde1ect.com \Shell\open\Command - H: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24c6baa3-c609-11dc-a9b3-0014a4334df6}] \Shell\AutoRun\command - ntde1ect.com \Shell\explore\Command - ntde1ect.com \Shell\open\Command - ntde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4855-ca71-11dc-8f62-0014a4334df6}] \Shell\AutoRun\command - I: tde1ect.com \Shell\explore\Command - I: tde1ect.com \Shell\open\Command - I: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4857-ca71-11dc-8f62-0014a4334df6}] \Shell\AutoRun\command - J: tde1ect.com \Shell\explore\Command - J: tde1ect.com \Shell\open\Command - J: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9caa018a-f680-11dc-824c-0014a4334df6}] \Shell\AutoRun\command - G:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6228a95-dbc1-11dc-8211-0014a4334df6}] \Shell\AutoRun\command - G:\ \Shell\explore\Command - RECYCLED\INFO.exe \Shell\open\Command - RECYCLED\INFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c7354b-dde7-11db-a670-0014a41d8fea}] \Shell\Auto\command - I:\sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da92fc4c-c9a5-11dc-814d-0014a4334df6}] \Shell\AutoRun\command - G: ideiect.com \Shell\explore\Command - G: ideiect.com \Shell\open\Command - G: ideiect.com . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20] . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 18:39:49 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32 phklock.dll . Temps d'accomplissement: 2008-08-23 18:40:31 ComboFix-quarantined-files.txt 2008-08-23 16:40:29 ComboFix2.txt 2008-08-23 16:23:47 ComboFix3.txt 2008-08-23 15:53:11 ComboFix4.txt 2008-08-23 15:11:35 Pre-Run: 1,508,958,208 octets libres Post-Run: 1,492,865,024 octets libres 264 --- E O F --- 2008-08-23 10:01:38 Merci de ton aide

Utilisateur anonyme · Answer

attend je te prepare un truc

Utilisateur anonyme · Answer

telecharge ce fichier sur le bureau :

http://sd-1.archive-host.com/membres/up/116615172019703188/Vincolo.rar

decompresse le sur le bureau et double clic sur vincolo.reg

accepte la fusion avec le registre

ensuite:

télécharge OTMoveIt http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe (de Old_Timer) sur ton Bureau. 
double-clique sur OTMoveIt.exe pour le lancer. 
Assure toi que la case Unregister Dll's and Ocx's soit bien cochée 
copie la liste qui se trouve en gras ci-dessous, 
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved. 

C:
tde1ect.com 
G:
ideiect.com 
G:
tde1ect.com 
G:\ReadMe.exe 
G:\RECYCLED\INFO.exe 
G:\wd_windows_tools\setup.exe 
H:
tde1ect.com 
I:
tde1ect.com 
I:\sxs.exe 
J:
tde1ect.com 
C:\Windows\System32\drivers\downld\

clique sur MoveIt! pour lancer la suppression. 
le résultat apparaitra dans le cadre "Results". 
clique sur Exit pour fermer. 
poste le rapport situé dans C:\_OTMoveIt\MovedFiles. 

il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.

vincolo · Answer

pas bon 
kan je clik sur move it j'obtiens
File/Folder C:
tde1ect.com not found.
File/Folder G:
ideiect.com not found.
File/Folder G:
tde1ect.com not found.
File/Folder G:\ReadMe.exe not found.
File/Folder G:\RECYCLED\INFO.exe not found.
File/Folder G:\wd_windows_tools\setup.exe not found.
File/Folder H:
tde1ect.com not found.
File/Folder I:
tde1ect.com not found.
File/Folder I:\sxs.exe not found.
File/Folder J:
tde1ect.com not found.
Folder C:\Windows\System32\drivers\downld\ not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08232008_191531
que doisje faire?

vincolo · Answer

merci du temps que tu m'accordes

vincolo · Answer

je ne redémarre pas mon pc je ne fais rien avant que tu me dises quoi faire car j'ai pas envie de modifier un truc.
je suis resté sur l'écran d'otmovit2 avec le message d'erreur

Utilisateur anonyme · Answer

refais un scan combofix pour verif stp

vincolo · Answer

ComboFix 08-08-21.02 - Administrateur 2008-08-23 19:30:16.14 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.928 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))))))) . 2008-08-23 19:14 . 2008-08-23 19:14 d----c--- C:\_OTMoveIt 2008-08-23 14:46 . 2008-08-23 14:47 d-------- C:\Program Files\Trojan Remover 2008-08-23 14:46 . 2008-08-23 14:46 d----c--- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-08-23 14:46 . 2008-08-23 14:46 d----c--- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software 2008-08-23 14:46 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-08-23 14:46 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-08-23 14:46 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-08-23 14:46 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-08-23 11:15 . 2008-08-23 11:19 d----c--- C:\Combo-Fix 2008-08-22 23:50 . 2008-08-22 23:50 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-22 23:05 . 2008-08-22 23:08 d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-22 23:05 . 2008-08-22 23:32 d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-22 21:42 . 2008-08-22 21:42 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-22 21:42 . 2008-08-22 21:42 d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-22 21:42 . 2008-08-22 21:42 d----c--- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-08-22 21:42 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-22 21:42 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-22 21:11 . 2008-08-23 16:49 7,896 --a--c--- C:\FindB.txt) 2008-08-22 16:04 . 2008-08-22 16:04 d----c--- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-22 13:17 . 2008-08-22 13:17 d----c--- C:\logs 2008-08-21 11:23 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-21 11:23 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-21 11:23 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-08-20 15:06 . 2008-08-20 15:06 d-------- C:\Program Files\Fichiers communs\Lenovo 2008-08-15 12:18 . 2008-08-15 12:18 d----c--- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic 2008-08-14 07:40 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-23 14:23 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-23 10:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-21 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-21 08:49 --------- d-----w C:\Program Files\eMule 2008-08-20 17:35 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\uTorrent 2008-08-20 13:06 --------- d-----w C:\Program Files\Lenovo 2008-08-18 11:31 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\ZoomBrowser EX 2008-08-18 11:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\CameraWindowDC 2008-08-12 07:34 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\dvdcss 2008-07-25 21:54 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\BSplayer PRO 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-03 09:18 --------- d-----w C:\Program Files\Soulseek 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\GRETECH 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\GRETECH 2008-07-02 20:29 --------- d-----w C:\Program Files\GRETECH 2008-06-28 21:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-02-08 22:40 3,960,680 -c--a-w C:\Documents and Settings\Administrateur\TRACE_BOOT+DRIVERS_1_1.BIN 2007-03-31 14:06 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2007-03-29 14:01 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-08-23_17.11.03.95 ))))))))))))))))))))))))))))))))))))))))) . + 2008-08-23 16:13:28 16,384 ----atw C:\WINDOWS emp\Perflib_Perfdata_730.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 18:20 380928] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-06-25 09:02 716808] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 14:33 271936] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 23:00 856064] "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19 94208] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 02:13 151552] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 10:47 131072] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 10:47 163840] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 10:46 135168] "TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 10:34 487424] "LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-23 00:05 102400] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-19 20:08 914512] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160] C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Post-it© Software Notes.lnk - C:\Program Files\3M\PSNotes2\Psn2.exe [2002-12-23 12:24:04 659456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify pfnf2] 2005-07-06 00:45 28672 C:\WINDOWS\system32 otifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify photkey] 2005-11-30 21:16 24576 C:\WINDOWS\system32 phklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal ga.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk] path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray] --a------ 2006-12-25 11:34 409600 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon] --a------ 2006-12-25 11:29 110592 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] --a------ 2006-05-26 02:13 208896 C:\PROGRA~1\ThinkPad\UTILIT~1\BATLOGEX.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP] --a------ 2006-11-29 03:30 243248 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] --a------ 2004-08-06 03:10 442368 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a------ 2007-01-13 10:47 163840 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a------ 2007-01-13 10:46 135168 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2007-01-13 10:47 131072 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 10:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-02-14 15:16 512000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2006-02-14 15:17 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKBDLED] --a------ 2002-10-08 23:28 40960 C:\WINDOWS\system32\TpScrLk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX] --a------ 2005-10-17 02:11 65536 C:\WINDOWS\system32\TP4EX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks] --a------ 2006-12-25 22:15 181808 C:\WINDOWS\system32\TpShocks.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"= "C:\Program Files\Lexmark 2500 Series\App4R.exe"= "C:\WINDOWS\system32\lxddcoms.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18] R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2006-12-25 23:05] R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2006-12-25 23:03] R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 15:13] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\Drivers\IBMBLDID.sys [2006-01-13 01:33] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-26 02:13] R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 01:59] R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 15:13] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df0-cf27-11dc-bfe8-0014a4334df6}] \Shell\AutoRun\command - G: tde1ect.com \Shell\explore\Command - G: tde1ect.com \Shell\open\Command - G: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df2-cf27-11dc-bfe8-0014a4334df6}] \Shell\AutoRun\command - H: tde1ect.com \Shell\explore\Command - H: tde1ect.com \Shell\open\Command - H: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24c6baa3-c609-11dc-a9b3-0014a4334df6}] \Shell\AutoRun\command - ntde1ect.com \Shell\explore\Command - ntde1ect.com \Shell\open\Command - ntde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4855-ca71-11dc-8f62-0014a4334df6}] \Shell\AutoRun\command - I: tde1ect.com \Shell\explore\Command - I: tde1ect.com \Shell\open\Command - I: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4857-ca71-11dc-8f62-0014a4334df6}] \Shell\AutoRun\command - J: tde1ect.com \Shell\explore\Command - J: tde1ect.com \Shell\open\Command - J: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9caa018a-f680-11dc-824c-0014a4334df6}] \Shell\AutoRun\command - G:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6228a95-dbc1-11dc-8211-0014a4334df6}] \Shell\AutoRun\command - G:\ \Shell\explore\Command - RECYCLED\INFO.exe \Shell\open\Command - RECYCLED\INFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c7354b-dde7-11db-a670-0014a41d8fea}] \Shell\Auto\command - I:\sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da92fc4c-c9a5-11dc-814d-0014a4334df6}] \Shell\AutoRun\command - G: ideiect.com \Shell\explore\Command - G: ideiect.com \Shell\open\Command - G: ideiect.com . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ff9lrx0z.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 19:31:15 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32 phklock.dll . Temps d'accomplissement: 2008-08-23 19:32:14 ComboFix-quarantined-files.txt 2008-08-23 17:31:48 ComboFix2.txt 2008-08-23 16:40:33 ComboFix3.txt 2008-08-23 16:23:47 ComboFix4.txt 2008-08-23 15:53:11 ComboFix5.txt 2008-08-23 17:30:04 Pre-Run: 1,516,933,120 octets libres Post-Run: 1,500,393,472 octets libres 261 --- E O F --- 2008-08-23 10:01:38

InfernO.vir · Answer

Ca m'a tout l'air d'etre bon signe n'est-ce pas chiquitine?

Utilisateur anonyme · Answer

non c est pas bon 

verifie si tu peux afficher les fichiers/doosiers caché et dis moi :

Affiche tous les fichiers et dossiers : 
Pour cela : 
Clique sur démarrer/panneau de configuration/option des dossiers/affichage 

Cocher afficher les dossiers cacher 

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" 

Décocher masquer les extensions dont le type est connu 

Puis fais «appliquer» pour valider les changements. 

Et OK

InfernO.vir · Answer

Bizarre il ne le detecte plus!

Utilisateur anonyme · Answer

c est ça qu il faut retirer :

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df2-cf27-11dc-bfe8-0014a4334df6}] 
\Shell\AutoRun\command - H:
tde1ect.com 
\Shell\explore\Command - H:
tde1ect.com 
\Shell\open\Command - H:
tde1ect.com 

c est une infection sur support amovible la preuve du passage bagle

vincolo · Answer

je viens de faite ta manip pour afficher les dossiers...
Que dois-je faire ensuite stp?
Merci d'avcance

Utilisateur anonyme · Answer

tu repete vincolo.reg (double clic dessus ) et tu refais la manip otmoveit et post le rapport stp le tout en mode sans echec 


Comment redémarrer en mode sans echec? 

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter. 
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal! 
Ps : si F8 ne marche pas utilise la touche F5. 

-> Tuto :https://www.malekal.com/demarrer-windows-mode-sans-echec/

vincolo · Answer

Je viens de refiare les meme manip en mode sans échec mais toujours le même résultat ca me soule je ne comprends pas

File/Folder C:
tde1ect.com not found.
File/Folder G:
ideiect.com not found.
File/Folder G:
tde1ect.com not found.
File/Folder G:\ReadMe.exe not found.
File/Folder G:\RECYCLED\INFO.exe not found.
File/Folder G:\wd_windows_tools\setup.exe not found.
File/Folder H:
tde1ect.com not found.
File/Folder I:
tde1ect.com not found.
File/Folder I:\sxs.exe not found.
File/Folder J:
tde1ect.com not found.
Folder C:\Windows\System32\drivers\downld\ not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08232008_211803

Utilisateur anonyme · Answer

ok un scan combo pour voir stp

vincolo · Answer

par contre pour répondre j'ai été obligé de redémarrer en mode normal donc scan combo en mode normal ci dessous ComboFix 08-08-21.02 - Administrateur 2008-08-23 21:39:45.15 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.986 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . C:\WINDOWS\system32\drivers\downld . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))))))) . 2008-08-23 19:14 . 2008-08-23 19:14 d----c--- C:\_OTMoveIt 2008-08-23 14:46 . 2008-08-23 14:47 d-------- C:\Program Files\Trojan Remover 2008-08-23 14:46 . 2008-08-23 14:46 d----c--- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-08-23 14:46 . 2008-08-23 14:46 d----c--- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software 2008-08-23 14:46 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-08-23 14:46 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-08-23 14:46 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-08-23 14:46 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-08-23 11:15 . 2008-08-23 11:19 d----c--- C:\Combo-Fix 2008-08-22 23:50 . 2008-08-22 23:50 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-22 23:05 . 2008-08-22 23:08 d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-22 23:05 . 2008-08-22 23:32 d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-22 21:42 . 2008-08-22 21:42 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-22 21:42 . 2008-08-22 21:42 d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-22 21:42 . 2008-08-22 21:42 d----c--- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-08-22 21:42 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-22 21:42 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-22 21:11 . 2008-08-23 16:49 7,896 --a--c--- C:\FindB.txt) 2008-08-22 16:04 . 2008-08-22 16:04 d----c--- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-22 13:17 . 2008-08-22 13:17 d----c--- C:\logs 2008-08-21 11:23 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-21 11:23 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-21 11:23 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-08-20 15:06 . 2008-08-20 15:06 d-------- C:\Program Files\Fichiers communs\Lenovo 2008-08-15 12:18 . 2008-08-15 12:18 d----c--- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic 2008-08-14 07:40 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-23 14:23 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-23 10:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-21 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-21 08:49 --------- d-----w C:\Program Files\eMule 2008-08-20 17:35 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\uTorrent 2008-08-20 13:06 --------- d-----w C:\Program Files\Lenovo 2008-08-18 11:31 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\ZoomBrowser EX 2008-08-18 11:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\CameraWindowDC 2008-08-12 07:34 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\dvdcss 2008-07-25 21:54 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\BSplayer PRO 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-03 09:18 --------- d-----w C:\Program Files\Soulseek 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\GRETECH 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\GRETECH 2008-07-02 20:29 --------- d-----w C:\Program Files\GRETECH 2008-06-28 21:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-02-08 22:40 3,960,680 -c--a-w C:\Documents and Settings\Administrateur\TRACE_BOOT+DRIVERS_1_1.BIN 2007-03-31 14:06 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2007-03-29 14:01 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-08-23_17.11.03.95 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-23 13:57:48 16,384 ----atw C:\WINDOWS emp\Perflib_Perfdata_72c.dat + 2008-08-23 19:20:15 16,384 ----atw C:\WINDOWS emp\Perflib_Perfdata_72c.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 18:20 380928] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-06-25 09:02 716808] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 14:33 271936] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 23:00 856064] "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19 94208] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 02:13 151552] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 10:47 131072] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 10:47 163840] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 10:46 135168] "TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 10:34 487424] "LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-23 00:05 102400] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-19 20:08 914512] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160] C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Post-it© Software Notes.lnk - C:\Program Files\3M\PSNotes2\Psn2.exe [2002-12-23 12:24:04 659456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify pfnf2] 2005-07-06 00:45 28672 C:\WINDOWS\system32 otifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify photkey] 2005-11-30 21:16 24576 C:\WINDOWS\system32 phklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal ga.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk] path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray] --a------ 2006-12-25 11:34 409600 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon] --a------ 2006-12-25 11:29 110592 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] --a------ 2006-05-26 02:13 208896 C:\PROGRA~1\ThinkPad\UTILIT~1\BATLOGEX.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP] --a------ 2006-11-29 03:30 243248 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] --a------ 2004-08-06 03:10 442368 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a------ 2007-01-13 10:47 163840 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a------ 2007-01-13 10:46 135168 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2007-01-13 10:47 131072 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 10:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-02-14 15:16 512000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2006-02-14 15:17 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKBDLED] --a------ 2002-10-08 23:28 40960 C:\WINDOWS\system32\TpScrLk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX] --a------ 2005-10-17 02:11 65536 C:\WINDOWS\system32\TP4EX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks] --a------ 2006-12-25 22:15 181808 C:\WINDOWS\system32\TpShocks.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"= "C:\Program Files\Lexmark 2500 Series\App4R.exe"= "C:\WINDOWS\system32\lxddcoms.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18] R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2006-12-25 23:05] R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2006-12-25 23:03] R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 15:13] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\Drivers\IBMBLDID.sys [2006-01-13 01:33] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-26 02:13] R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 01:59] R3 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-08-17 15:01] R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 15:13] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df0-cf27-11dc-bfe8-0014a4334df6}] \Shell\AutoRun\command - G: tde1ect.com \Shell\explore\Command - G: tde1ect.com \Shell\open\Command - G: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df2-cf27-11dc-bfe8-0014a4334df6}] \Shell\AutoRun\command - H: tde1ect.com \Shell\explore\Command - H: tde1ect.com \Shell\open\Command - H: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24c6baa3-c609-11dc-a9b3-0014a4334df6}] \Shell\AutoRun\command - ntde1ect.com \Shell\explore\Command - ntde1ect.com \Shell\open\Command - ntde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4855-ca71-11dc-8f62-0014a4334df6}] \Shell\AutoRun\command - I: tde1ect.com \Shell\explore\Command - I: tde1ect.com \Shell\open\Command - I: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4857-ca71-11dc-8f62-0014a4334df6}] \Shell\AutoRun\command - J: tde1ect.com \Shell\explore\Command - J: tde1ect.com \Shell\open\Command - J: tde1ect.com [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9caa018a-f680-11dc-824c-0014a4334df6}] \Shell\AutoRun\command - G:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6228a95-dbc1-11dc-8211-0014a4334df6}] \Shell\AutoRun\command - G:\ \Shell\explore\Command - RECYCLED\INFO.exe \Shell\open\Command - RECYCLED\INFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c7354b-dde7-11db-a670-0014a41d8fea}] \Shell\Auto\command - I:\sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da92fc4c-c9a5-11dc-814d-0014a4334df6}] \Shell\AutoRun\command - G: ideiect.com \Shell\explore\Command - G: ideiect.com \Shell\open\Command - G: ideiect.com *Newly Created Service* - CATCHME *Newly Created Service* - MBAMSWISSARMY . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ff9lrx0z.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-23 21:41:20 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32 phklock.dll . Temps d'accomplissement: 2008-08-23 21:42:22 ComboFix-quarantined-files.txt 2008-08-23 19:41:58 ComboFix2.txt 2008-08-23 17:32:17 ComboFix3.txt 2008-08-23 16:40:33 ComboFix4.txt 2008-08-23 16:23:47 ComboFix5.txt 2008-08-23 19:39:32 Pre-Run: 1,539,809,280 octets libres Post-Run: 1,522,692,096 octets libres 269 --- E O F --- 2008-08-23 10:01:38 Merci encore de ton aide

vincolo · Answer

par la meme occasion je viens de refaire un malware en mode normal et il me détecte encore downld

Utilisateur anonyme · Answer

essai ceci :

avec les fichiers caché ok 

dans menu demarre rechercher copie colle : ntde1ect.com et dis moi si il trouve

vincolo · Answer

c'est ca que je comprends pas c'est qu'il ne les trouve pas
j'avais déjà essayé ta manip mais non il ne trouve pas (recherche avec fichiers cachés OK)
je comprends pas

Utilisateur anonyme · Answer

tu sais manipuler le registre ? 

executer ----> regedit ... 

allez a cette clé par exemple : 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da92fc4c-c9a5-11dc-814d-0014a4334df6}] 


et supprimer

Utilisateur anonyme · Answer

re 

ce que tu fais , 

Désactive le contrôle des comptes utilisateurs (tu le réactiveras après ta désinfection): 

- Vas dans "Démarrer" puis Panneau de configuration. 
- Double Clique sur l'icône Comptes d'utilisateurs et sur Activer ou désactiver le contrôle des comptes d'utilisateurs. 
- Clique sur Continuer. 
- Décoche la case Utiliser le contrôle des comptes d'utilisateurs pour vous aider à protéger votre ordinateur. 
- Valide par OK et redémarre. 

Tuto : https://forum.malekal.com/viewtopic.php?f=59&t=6517


ensuite double clic sur vincolo.reg et accepte

ensuite repasse combo

vincolo · Answer

je viens de supprimer la clé que tu m'as dit avec regedit
par contre ensuite quand je Double Clique sur l'icône Comptes d'utilisateurs je n'ai pas l'option Activer ou désactiver le contrôle des comptes d'utilisateurs car je suis sur windows xp
que faut-il que je fasse

merci d'avance

Utilisateur anonyme · Answer

ah oui sorry

idem pour ces clé :

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df0-cf27-11dc-bfe8-0014a4334df6}] 
 

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df2-cf27-11dc-bfe8-0014a4334df6}] 


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24c6baa3-c609-11dc-a9b3-0014a4334df6}] 


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4855-ca71-11dc-8f62-0014a4334df6}] 


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4857-ca71-11dc-8f62-0014a4334df6}]

vincolo · Answer

ca y est je viens de supprimer toutes les clés dans regedit
que dois je faire
pour l'instant je n'ai pas redémarré
j'attends tes conseils
merci

Utilisateur anonyme · Answer

refais un scan combofix et post le rapport stp

vincolo · Answer

voici le rapport combofix réalisé juste après la suppression des clés dans regedit en mode normal: ComboFix 08-08-21.02 - Administrateur 2008-08-24 0:08:43.16 - NTFSx86 Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.913 [GMT 2:00] Endroit: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 )))))))))))))))))))))))))))))))))))) . 2008-08-23 19:14 . 2008-08-23 19:14 d----c--- C:\_OTMoveIt 2008-08-23 14:46 . 2008-08-23 14:47 d-------- C:\Program Files\Trojan Remover 2008-08-23 14:46 . 2008-08-23 14:46 d----c--- C:\Documents and Settings\All Users\Application Data\Simply Super Software 2008-08-23 14:46 . 2008-08-23 14:46 d----c--- C:\Documents and Settings\Administrateur\Application Data\Simply Super Software 2008-08-23 14:46 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll 2008-08-23 14:46 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll 2008-08-23 14:46 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll 2008-08-23 14:46 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll 2008-08-23 11:15 . 2008-08-23 11:19 d----c--- C:\Combo-Fix 2008-08-22 23:50 . 2008-08-22 23:50 d-------- C:\WINDOWS\system32\Kaspersky Lab 2008-08-22 23:05 . 2008-08-22 23:08 d-------- C:\Program Files\Spybot - Search & Destroy 2008-08-22 23:05 . 2008-08-22 23:32 d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-22 21:42 . 2008-08-22 21:42 d-------- C:\Program Files\Malwarebytes' Anti-Malware 2008-08-22 21:42 . 2008-08-22 21:42 d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-22 21:42 . 2008-08-22 21:42 d----c--- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes 2008-08-22 21:42 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-22 21:42 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys 2008-08-22 21:11 . 2008-08-23 16:49 7,896 --a--c--- C:\FindB.txt) 2008-08-22 16:04 . 2008-08-22 16:04 d----c--- C:\Documents and Settings\All Users\Application Data\ESET 2008-08-22 13:17 . 2008-08-22 13:17 d----c--- C:\logs 2008-08-21 11:23 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys 2008-08-21 11:23 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys 2008-08-21 11:23 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys 2008-08-21 11:23 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys 2008-08-20 15:06 . 2008-08-20 15:06 d-------- C:\Program Files\Fichiers communs\Lenovo 2008-08-15 12:18 . 2008-08-15 12:18 d----c--- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic 2008-08-14 07:40 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-23 14:23 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP 2008-08-23 10:01 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help 2008-08-21 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-08-21 08:49 --------- d-----w C:\Program Files\eMule 2008-08-20 17:35 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\uTorrent 2008-08-20 13:06 --------- d-----w C:\Program Files\Lenovo 2008-08-18 11:31 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\ZoomBrowser EX 2008-08-18 11:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\CameraWindowDC 2008-08-12 07:34 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\dvdcss 2008-07-25 21:54 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\BSplayer PRO 2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll 2008-07-03 09:18 --------- d-----w C:\Program Files\Soulseek 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\GRETECH 2008-07-02 20:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\GRETECH 2008-07-02 20:29 --------- d-----w C:\Program Files\GRETECH 2008-06-28 21:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser 2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll 2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll 2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll 2008-02-08 22:40 3,960,680 -c--a-w C:\Documents and Settings\Administrateur\TRACE_BOOT+DRIVERS_1_1.BIN 2007-03-31 14:06 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat 2007-03-29 14:01 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat . ((((((((((((((((((((((((((((( snapshot@2008-08-23_17.11.03.95 ))))))))))))))))))))))))))))))))))))))))) . - 2008-08-23 13:57:48 16,384 ----atw C:\WINDOWS emp\Perflib_Perfdata_72c.dat + 2008-08-23 19:20:15 16,384 ----atw C:\WINDOWS emp\Perflib_Perfdata_72c.dat . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 18:20 380928] "SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-06-25 09:02 716808] "DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856] "ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360] "SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 14:33 271936] "TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 23:00 856064] "TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19 94208] "PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 02:13 151552] "GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648] "IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 10:47 131072] "HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 10:47 163840] "Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 10:46 135168] "TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 10:34 487424] "LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-23 00:05 102400] "TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-19 20:08 914512] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160] C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\ Post-it© Software Notes.lnk - C:\Program Files\3M\PSNotes2\Psn2.exe [2002-12-23 12:24:04 659456] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify pfnf2] 2005-07-06 00:45 28672 C:\WINDOWS\system32 otifyf2.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify photkey] 2005-11-30 21:16 24576 C:\WINDOWS\system32 phklock.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "VIDC.ACDV"= ACDV.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr] @="Service" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal ga.sys] @="Driver" [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys] @="Driver" [HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk] path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk] path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray] --a------ 2006-12-25 11:34 409600 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon] --a------ 2006-12-25 11:29 110592 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG] --a------ 2006-05-26 02:13 208896 C:\PROGRA~1\ThinkPad\UTILIT~1\BATLOGEX.DLL [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe] --a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP] --a------ 2006-11-29 03:30 243248 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages] --a------ 2004-08-06 03:10 442368 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd] --a------ 2007-01-13 10:47 163840 C:\WINDOWS\system32\hkcmd.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers] --a------ 2007-01-13 10:46 135168 C:\WINDOWS\system32\igfxpers.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray] --a------ 2007-01-13 10:47 131072 C:\WINDOWS\system32\igfxtray.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS] --a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX] --a------ 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP] --a------ 2004-10-14 10:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh] --a------ 2006-02-14 15:16 512000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr] --a------ 2006-02-14 15:17 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKBDLED] --a------ 2002-10-08 23:28 40960 C:\WINDOWS\system32\TpScrLk.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX] --a------ 2005-10-17 02:11 65536 C:\WINDOWS\system32\TP4EX.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks] --a------ 2006-12-25 22:15 181808 C:\WINDOWS\system32\TpShocks.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusDisableNotify"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "C:\Program Files\Windows Live\Messenger\msnmsgr.exe"= "C:\Program Files\Windows Live\Messenger\livecall.exe"= "C:\Program Files\Lexmark 2500 Series\lxddamon.exe"= "C:\Program Files\Lexmark 2500 Series\App4R.exe"= "C:\WINDOWS\system32\lxddcoms.exe"= "C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"= "C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"= "C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"= "C:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\uTorrent\uTorrent.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "135:TCP"= 135:TCP:TCP Port 135 "5000:TCP"= 5000:TCP:TCP Port 5000 "5001:TCP"= 5001:TCP:TCP Port 5001 "5002:TCP"= 5002:TCP:TCP Port 5002 "5003:TCP"= 5003:TCP:TCP Port 5003 "5004:TCP"= 5004:TCP:TCP Port 5004 "5005:TCP"= 5005:TCP:TCP Port 5005 "5006:TCP"= 5006:TCP:TCP Port 5006 "5007:TCP"= 5007:TCP:TCP Port 5007 "5008:TCP"= 5008:TCP:TCP Port 5008 "5009:TCP"= 5009:TCP:TCP Port 5009 "5010:TCP"= 5010:TCP:TCP Port 5010 "5011:TCP"= 5011:TCP:TCP Port 5011 "5012:TCP"= 5012:TCP:TCP Port 5012 "5013:TCP"= 5013:TCP:TCP Port 5013 "5014:TCP"= 5014:TCP:TCP Port 5014 "5015:TCP"= 5015:TCP:TCP Port 5015 "5016:TCP"= 5016:TCP:TCP Port 5016 "5017:TCP"= 5017:TCP:TCP Port 5017 "5018:TCP"= 5018:TCP:TCP Port 5018 "5019:TCP"= 5019:TCP:TCP Port 5019 "5020:TCP"= 5020:TCP:TCP Port 5020 R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18] R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2006-12-25 23:05] R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2006-12-25 23:03] R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 15:13] R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27] R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\Drivers\IBMBLDID.sys [2006-01-13 01:33] R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-26 02:13] R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 01:59] R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 15:13] Stop Pending4 MBAMSwissArmy;MBAMSwissArmy;C:\WINDOWS\system32\drivers\mbamswissarmy.sys [2008-08-17 15:01] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9caa018a-f680-11dc-824c-0014a4334df6}] \Shell\AutoRun\command - G:\ReadMe.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6228a95-dbc1-11dc-8211-0014a4334df6}] \Shell\AutoRun\command - G:\ \Shell\explore\Command - RECYCLED\INFO.exe \Shell\open\Command - RECYCLED\INFO.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c7354b-dde7-11db-a670-0014a41d8fea}] \Shell\Auto\command - I:\sxs.exe \Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe *Newly Created Service* - CATCHME *Newly Created Service* - MBAMSWISSARMY . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job - C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20] . . ------- Supplementary Scan ------- . FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ff9lrx0z.default\ FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/ . ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-24 00:09:44 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** . --------------------- DLLs a chargé sous des processus courants --------------------- PROCESS: C:\WINDOWS\system32\winlogon.exe -> C:\WINDOWS\system32 phklock.dll . Temps d'accomplissement: 2008-08-24 0:10:44 ComboFix-quarantined-files.txt 2008-08-23 22:10:16 ComboFix2.txt 2008-08-23 19:42:25 ComboFix3.txt 2008-08-23 17:32:17 ComboFix4.txt 2008-08-23 16:40:33 ComboFix5.txt 2008-08-23 22:08:31 Pre-Run: 1,525,706,752 octets libres Post-Run: 1,509,752,832 octets libres 241 --- E O F --- 2008-08-23 10:01:38 Merci de ton aide

vincolo · Answer

dois je supprimer les trois clés restantes?

Utilisateur anonyme · Answer

yes bon boulot oui supprime les 3 apres post un rapport hijackthis 

et on termine

vincolo · Answer

3 clés supprimées OK

rapport hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 00:35:31, on 24/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\Executive Software\Diskeeper\DkService.exe
C:\Program Files\FolderSize\FolderSizeSvc.exe
C:\WINDOWS\system32\lxddcoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Lenovo	vt_reg_monitor_svc.exe
C:\WINDOWS\System32\TPHDEXLG.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler	vtsched.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
c:\program files\lenovo\system update\suservice.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\WINDOWS\system32undll32.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
C:\Program Files\DAEMON Tools Lite\daemon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNotes2\Psn2.exe
C:\WINDOWS\System32\acs.exe
C:\PROGRA~1\3M\PSNotes2\PSNGive.exe
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Documents and Settings\Administrateur\Bureau\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.centre-valdeloire.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = "C:\Program Files\Outlook Express\msimn.exe"
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: CmjBrowserHelperObject Object - {07A11D74-9D25-4fea-A833-8B0D76A5577A} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: CmjBrowserHelperObject Object - {AC41D38F-B56D-40AD-94E0-B493D130C959} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O4 - HKLM\..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [PWRMGRTR] rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TVT Scheduler Proxy] C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
O4 - HKLM\..\Run: [LXDDCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [pdfSaver3] "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
O4 - HKCU\..\Run: [SuperCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: Post-it® Software Notes.lnk = C:\Program Files\3M\PSNotes2\Psn2.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Send to Mindjet MindManager - {531B9DC0-D8EE-4c76-A6EE-6C1E50569655} - C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Envoyer à Mindjet MindManager - {941E1A34-C6AF-4baa-A973-224F9C3E04BF} - C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
O9 - Extra button: Mise à jour de logiciels ThinkPad - {D1A4DEBD-C2EE-449f-B9FB-E8409F9A0BC5} - C:\Program Files\Lenovo\PkgMgr\PkgMgr.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/...
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Ac Profile Manager Service (AcPrfMgrSvc) - Unknown owner - C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
O23 - Service: ACU Configuration Service (ACS) - Unknown owner - C:\WINDOWS\System32\acs.exe
O23 - Service: Access Connections Main Service (AcSvc) - Lenovo - C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: Diskeeper - Executive Software International, Inc. - C:\Program Files\Executive Software\Diskeeper\DkService.exe
O23 - Service: Folder Size (FolderSize) - Brio - C:\Program Files\FolderSize\FolderSizeSvc.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ThinkPad PM Service (IBMPMSVC) - Lenovo - C:\WINDOWS\system32\ibmpmsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: lxdd_device -   - C:\WINDOWS\system32\lxddcoms.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
O23 - Service: SolidWorks Licensing Service - SolidWorks - C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: System Update (SUService) - Lenovo Group Limited - c:\program files\lenovo\system update\suservice.exe
O23 - Service: ThinkVantage Registry Monitor Service - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo	vt_reg_monitor_svc.exe
O23 - Service: ThinkPad HDD APS Logging Service (TPHDEXLGSVC) - Lenovo. - C:\WINDOWS\System32\TPHDEXLG.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
O23 - Service: TVT Scheduler - Lenovo Group Limited - C:\Program Files\Fichiers communs\Lenovo\Scheduler	vtsched.exe

Utilisateur anonyme · Answer

oui c est good 

t as pas d antivirus .....

* pour supprimer les outils/fix utilisés : 

Télécharge ToolsCleaner sur ton bureau. 
--> 
ftp://ftp.commentcamarche.com/download/ToolsCleaner2.exe
http://www.commentcamarche.net/telecharger/telecharger 34055291 toolscleaner
http://pc-system.fr/ 

# Clique sur Recherche et laisse le scan agir ... 
# Clique sur Suppression pour finaliser. 
# Tu peux, si tu le souhaites, te servir des Options facultatives. 
# Clique sur Quitter pour obtenir le rapport. 
# Poste le rapport (TCleaner.txt) qui se trouve à la racine de ton disque dur (C:\).

vincolo · Answer

Voici le rapport

-->- Recherche: 

C:\Qoobox: trouvé !
C:\_OtMoveIt: trouvé !
C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe: trouvé !
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe: trouvé !

---------------------------------
-->- Suppression: 

C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe: Erreur de suppression !
C:\Documents and Settings\Administrateur\Bureau\HijackThis.exe: Erreur de suppression !
C:\Qoobox: supprimé !
C:\_OtMoveIt: supprimé !


donc pour toi je ne suis plus infecté par downld???
Tout y va bien????
Merci de ton aide

vincolo · Answer

j'avais supprimé nod32 ce matin car je pensais qu'il pouvait interférer avec la suppression de downld mais je vais le réinstaller si tu penses que tout est bon

Peux tu me conseiller des logiciels qui m'assureront une protection efficace.
Merci

vincolo · Answer

dois je redémarrer et exécuter un malware pour en etre bien sur????

merci de ta précieuse aide

vincolo · Answer

bon
bad news
je viens de redémarrer et d'exécuter un Malware et il me détecte encore la présence du trojan
C:\Windows\System32\drivers\downld

sur cela bonne nuit et merci de ton aide

Utilisateur anonyme · Answer

re 

essai ça :

Affiche tous les fichiers et dossiers : 
Pour cela : 
Clique sur démarrer/panneau de configuration/option des dossiers/affichage 

Cocher afficher les dossiers cacher 

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" 

Décocher masquer les extensions dont le type est connu 

Puis fais «appliquer» pour valider les changements. 

Et OK 

trouve et supprime : C:\Windows\System32\drivers\downld 

redémarre et réitère le scan malewarebyte

vincolo · Answer

suppression réussie + vidage de la corbeille
redémarrage
et le dossier en question downld réapparaît

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1078
Windows 5.1.2600 Service Pack 2

13:52:21 24/08/2008
mbam-log-08-24-2008 (13-52-18).txt

Type de recherche: Examen rapide
Eléments examinés: 47304
Temps écoulé: 2 minute(s), 43 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

par contre j'ai une question:malware le détecte comme trojan mais ce dossier est vide
y-a-t-il un réel risque????
Sais tu pourquoi il ce dossier réapparait après redémarrage
merci d'avance

InfernO.vir · Answer

Est-ce que tu supprime ce qu'il te trouve a chaque fois ....no action taken
Cela veut dire que tu ne supprimes pas.

Utilisateur anonyme · Answer

Télécharge OAD http://sosvirus.changelog.fr/OAD.exe 
- Enregistre le sur ton bureau 

Double clique sur le OAD pour le lancer 

- nom de fichier à rechercher tape ou fais un copier coller de : 

downld

- Type de recherche : sélectionne l'option 6 puis valide 

OAD va maintenant rechercher le fichier. Laisse le travailler jusqu'à ce qu'il en ait terminé. 
Le rapport de recherche s'affichera automatiquement à l’écran dès qu'il aura terminé. 

- Fais un copier / coller de ce rapport dans ton prochain post. 

Note importante : Suivant la taille des disques durs cette recherche peut prendre plusieurs minutes. Sois patient

vincolo · Answer

voila le résultat de l'analyse 

24/08/2008 ---- 14:16:22,48  

----------------------------------
§§§§§§ [downld] §§§§§§
----------------------------------
[X] Registre
 
-------------- [  ] rapide
-- Fichier --- [  ] disque systeme
 ------------- [X] complete


********************
     [Registre] 
********************


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\VolumeCaches\Active Setup Temp Folders]
"Folder"="C:\WINDOWS\msdownld.tmp|?:\msdownld.tmp"

*******************
     [Fichier] 
*******************

c:\WINDOWS\system32\drivers\downld


*********************
     [Même date] 
*********************

[R‚pertoire ] --- REP ---> C:\Program Files\Files   



Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§ 
----------------------------------

vincolo · Answer

dois je supprimer la clé du registre ainsi que le dossir ds c:windows....
par contre je ne trouve pas C:Program Files\Files
je ne vois pas le dossier files

vincolo · Answer

j'ai supprimé la clé dans le registre et le dossier dans l'explorateur
puis redémarrage
maiss malware me détecte encore downld
comment faire?

Merci de ton aide

Utilisateur anonyme · Answer

oki 

supprime findB si present :


Telecharge FindB :

- Fas un clic droit sur le lien, enregistrer sous .... sur le bureau 

---> http://sd-1.archive-host.com/membres/up/116615172019703188/FindB.exe


1) Double clic sur FindB

2) Post le rapport FindB.txt dans ton prochain message

note :  le rapport FindB.txt est sauvegardé a la racine du disque

vincolo · Answer

merci de ton aide

voici le rapport findb


+- FindB mis a jours le  24/08/08 par Chiquitine29



+- Recherche de fichier infectueux :




+- Recherche dans : C:\WINDOWS\Prefetch :




+- Recherche dans : C:\WINDOWS\system32 :




+- Recherche dans : C:\WINDOWS\system32\drivers :


C:\WINDOWS\system32\drivers\downld Présent!! 


+- Recherche dans : C:\Documents and Settings\Administrateur\Application Data :


C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\list.oct Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\data.octt Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\shared Présent!! )


+- Registre :


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    WinPatrol	REG_SZ	C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    TPKMAPHELPER	REG_SZ	C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    TPHOTKEY	REG_SZ	C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    PWRMGRTR	REG_SZ	rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    GrooveMonitor	REG_SZ	"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    IgfxTray	REG_SZ	C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds	REG_SZ	C:\WINDOWS\system32\hkcmd.exe
    Persistence	REG_SZ	C:\WINDOWS\system32\igfxpers.exe
    TVT Scheduler Proxy	REG_SZ	C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    LXDDCATS	REG_SZ	rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
    TrojanScanner	REG_SZ	C:\Program Files\Trojan Remover\Trjscan.exe /boot

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    pdfSaver3	REG_SZ	"C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    SuperCopier2.exe	REG_SZ	C:\Program Files\SuperCopier2\SuperCopier2.exe
    DAEMON Tools Lite	REG_SZ	"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe
    SpybotSD TeaTimer	REG_SZ	C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


+- Registre, recherche Srosa :


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\FirstRRRun


+- Recherche terminee !



+- Execute le : 24/08/2008 a 17:53:19,26

Utilisateur anonyme · Answer

* Télécharge OTMoveIt2 (de Old_Timer) sur ton bureau : http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe 

n´y touche pas 

redemarre en mode sans echec: 

Comment redémarrer en mode sans echec? 

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter. 
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 

Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal! 
Ps : si F8 ne marche pas utilise la touche F5. 

Note : en mode sans echec tu n´auras plus acces au net alors imprime ou copie les instructions ci dessous dans un fichier texte que tu pourras consulter a souhait 
une fois en mode sans echec. 


Fix.reg 

Ouvre le bloc-notes (click droit sur le bureau > dans l´arborescence choisie nouveau et nouveau fichier texte) et fais un copier coller de ce qui est en citation ci-dessous (copie tout d'un trait-sans les barres(x)) : 

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 
REGEDIT3.0

[-HKEY_CURRENT_USER\Software\FirstRRRun]

XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 
Note : Regedit4 est sur la premiere ligne dans le bloc note et il y a une ligne blanche a la fin. 
Puis click sur "fichier"/"enregistrer sous" : 
dans : sur le bureau 
Nom du fichier : fix.reg 
Type de fichier : "tous les fichiers" 
clique sur "enregistrer" 

ca doit ressembler a ca une fois enrregistré : 

http://img520.imageshack.us/img520/4251/screenshot005ps2.png 

double clique sur fix.reg => tu dois obligatoirement avoir un message "voulez-vous vraiment ajouter les informations contenues dans ce fichier .reg au registre ?" 
Si c'est bien le cas, clique sur "oui" 

* Double-clique sur OTMoveIt.exe pour lancer le programme, 
* Copie la liste de fichiers ou de dossiers ci-dessous et colle-la dans la fenêtre du programme "Paste Custom List of Files/Folders to Move" : 

C:\WINDOWS\system32\drivers\downld 
C:\Documents and Settings\Administrateur\Application Data\m\

* Clique sur MoveIt! pour lancer la suppression, 
* Le résultat appraraîtra dans le cadre Results. 
* Clique sur Exit pour fermer le programme. 
* Poste le rapport qui est situé ici : C:\\_OTMoveIt\MovedFiles 
* Il te sera peut-être demandé de redémarrer ton PC. Dans ce cas, clique sur Yes. 

Redemarre normalement et post le rapport de ot_move it ici stp ainsi qu´un nouveau rapport FindB

vincolo · Answer

arg ca a pas marché

otmovit
C:\WINDOWS\system32\drivers\downld moved successfully.
Folder C:\Documents and Settings\Administrateur\Application Data\m\ not found.
 
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08242008_182531


findb

+- FindB mis a jours le  24/08/08 par Chiquitine29



+- Recherche de fichier infectueux :




+- Recherche dans : C:\WINDOWS\Prefetch :




+- Recherche dans : C:\WINDOWS\system32 :




+- Recherche dans : C:\WINDOWS\system32\drivers :


C:\WINDOWS\system32\drivers\downld Présent!! 


+- Recherche dans : C:\Documents and Settings\Administrateur\Application Data :


C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\list.oct Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\data.octt Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\shared Présent!! )


+- Registre :


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    WinPatrol	REG_SZ	C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    TPKMAPHELPER	REG_SZ	C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    TPHOTKEY	REG_SZ	C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    PWRMGRTR	REG_SZ	rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    GrooveMonitor	REG_SZ	"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    IgfxTray	REG_SZ	C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds	REG_SZ	C:\WINDOWS\system32\hkcmd.exe
    Persistence	REG_SZ	C:\WINDOWS\system32\igfxpers.exe
    TVT Scheduler Proxy	REG_SZ	C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    LXDDCATS	REG_SZ	rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
    TrojanScanner	REG_SZ	C:\Program Files\Trojan Remover\Trjscan.exe /boot

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    pdfSaver3	REG_SZ	"C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    SuperCopier2.exe	REG_SZ	C:\Program Files\SuperCopier2\SuperCopier2.exe
    DAEMON Tools Lite	REG_SZ	"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe
    SpybotSD TeaTimer	REG_SZ	C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


+- Registre, recherche Srosa :


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\FirstRRRun


+- Recherche terminee !



+- Execute le : 24/08/2008 a 18:28:35,96


Je n'y comprends vraiment rien.
Comment va t on faire pour le supprimer????

Je te remrcie vraiment du temps que tu m'accordes

vincolo · Answer

je viens de jeter un coup d'oeil ds l'explorateur avec fichier masqué OK...
et aucune trace du dossier m
il n'existe pas ou enfin je ne le vois pas ds l'arborescence
merci

Utilisateur anonyme · Answer

ça c est un bug :

C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe Présent!! ) 
C:\Documents and Settings\Administrateur\Application Data\m\list.oct Présent!! ) 
C:\Documents and Settings\Administrateur\Application Data\m\data.octt Présent!! ) 
C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct Présent!! ) 
C:\Documents and Settings\Administrateur\Application Data\m Présent!! ) 
C:\Documents and Settings\Administrateur\Application Data\m\shared Présent!! ) 


probleme de compatibilité 

fais un fix reg pour cette clé ainsi :

REGEDIT4 

HKEY_CURRENT_USER\Software\FirstRRRun 


ensuite nouveau rapport findB si ça marche pas supprime la clé manuellement

vincolo · Answer

ji comprend rien
fix reg avec autre clé marche pas
suppression clé manuelle marche mais dès redémarrage du pc elle réapparait

rapport aprè suppression clé en mode ss echec et redémarrage mode normal
merci d'avance
+- FindB mis a jours le  24/08/08 par Chiquitine29



+- Recherche de fichier infectueux :




+- Recherche dans : C:\WINDOWS\Prefetch :




+- Recherche dans : C:\WINDOWS\system32 :




+- Recherche dans : C:\WINDOWS\system32\drivers :


C:\WINDOWS\system32\drivers\downld Présent!! 


+- Recherche dans : C:\Documents and Settings\Administrateur\Application Data :


C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\list.oct Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\data.octt Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\shared Présent!! )


+- Registre :


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    WinPatrol	REG_SZ	C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    TPKMAPHELPER	REG_SZ	C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    TPHOTKEY	REG_SZ	C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    PWRMGRTR	REG_SZ	rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    GrooveMonitor	REG_SZ	"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    IgfxTray	REG_SZ	C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds	REG_SZ	C:\WINDOWS\system32\hkcmd.exe
    Persistence	REG_SZ	C:\WINDOWS\system32\igfxpers.exe
    TVT Scheduler Proxy	REG_SZ	C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    LXDDCATS	REG_SZ	rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
    TrojanScanner	REG_SZ	C:\Program Files\Trojan Remover\Trjscan.exe /boot

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    pdfSaver3	REG_SZ	"C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    SuperCopier2.exe	REG_SZ	C:\Program Files\SuperCopier2\SuperCopier2.exe
    DAEMON Tools Lite	REG_SZ	"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe
    SpybotSD TeaTimer	REG_SZ	C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


+- Registre, recherche Srosa :


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\FirstRRRun


+- Recherche terminee !



+- Execute le : 24/08/2008 a 19:11:42,10

Utilisateur anonyme · Answer

supprime findb


Telecharge FindyKill a la racine de ton disque

http://sd-1.archive-host.com/membres/up/116615172019703188/FindyKill_96.rar

dezippe le a la racine du disque

-> Redémarre en mode sans échec : 

Comment redémarrer en mode sans echec? 

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter. 
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée. 
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal! 
Ps : si F8 ne marche pas utilise la touche F5. 

-> Tuto :https://www.malekal.com/demarrer-windows-mode-sans-echec/

une fois dans ce mode : 

supprime le dossier : C:\Windows\system32\drivers\downld

entre dans le dossier FindyKill 

double clic sur findyKill.bat

choisi l option 2

il y aura 2 redémarrage, laisse travailler l outils jusqu a l apparition du rapport (post le)

vincolo · Answer

voici le rapport

 
               ** Rapport FindyKill ** 
 
 
+-  Suppression des clefs du registre.. 
 
 
+-  Suppression des clefs du registre effectuée ! 
 
 
               /!\..... Premier passage ...../!\ 
 
 
 
 
+-  Suppression des fichiers dans C: 
 
 
+-  Suppression des fichiers dans C:\WINDOWS\Prefetch 
 
 
+-  Suppression des fichiers dans C:\WINDOWS\system32 
 
 
+-  Suppression des fichiers dans C:\WINDOWS\system32\drivers 
 
 
+-  Suppression des fichiers dans C:\Documents and Settings\Administrateur\Application Data 
 
 
              /!\..... Second passage ...../!\ 
 
 
 
 
+-  Suppression des fichiers dans C: 
 
 
+-  Suppression des fichiers dans C:\WINDOWS\Prefetch 
 
 
+-  Suppression des fichiers dans C:\WINDOWS\system32 
 
 
+-  Suppression des fichiers dans C:\WINDOWS\system32\drivers 
 
 
+-  Suppression des fichiers dans C:\Documents and Settings\Administrateur\Application Data 
 
 
        ! Nettoyage realisé avec succès ! 
 
 
					   Suppression executée le 24/08/2008 a 20:13:40,46 
 
 
mais pourtant la je viens de chercher dans l'explorateur et le dossier downld est toujours présent!!!!!
merci

InfernO.vir · Answer

Supprime le manuellement! (je suppose que tu ne peut pas !)

Utilisateur anonyme · Answer

re

supprime findykill , supprime findb 

Telecharge FindB :

- Fas un clic droit sur le lien, enregistrer sous .... sur le bureau 


---> http://sd-1.archive-host.com/membres/up/116615172019703188/FindB.rar

1) Double clic sur FindB

2) Post le rapport FindB.txt dans ton prochain message

note :  le rapport FindB.txt est sauvegardé a la racine du disque

vincolo · Answer

+- FindB mis a jours le  21/08/08 par Chiquitine29



+- Recherche de fichier infectueux :




+- Recherche dans : C:\WINDOWS\Prefetch :




+- Recherche dans : C:\WINDOWS\system32 :




+- Recherche dans : C:\WINDOWS\system32\drivers :


C:\WINDOWS\system32\drivers\downld Présent!! 


+- Recherche dans : C:\Documents and Settings\Administrateur\Application Data :


C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\list.oct Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\data.octt Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\shared Présent!! )


+- Registre :


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    WinPatrol	REG_SZ	C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    TPKMAPHELPER	REG_SZ	C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    TPHOTKEY	REG_SZ	C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    PWRMGRTR	REG_SZ	rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    GrooveMonitor	REG_SZ	"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    IgfxTray	REG_SZ	C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds	REG_SZ	C:\WINDOWS\system32\hkcmd.exe
    Persistence	REG_SZ	C:\WINDOWS\system32\igfxpers.exe
    TVT Scheduler Proxy	REG_SZ	C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    LXDDCATS	REG_SZ	rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
    TrojanScanner	REG_SZ	C:\Program Files\Trojan Remover\Trjscan.exe /boot

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    pdfSaver3	REG_SZ	"C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    SuperCopier2.exe	REG_SZ	C:\Program Files\SuperCopier2\SuperCopier2.exe
    DAEMON Tools Lite	REG_SZ	"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe
    SpybotSD TeaTimer	REG_SZ	C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


+- Registre, recherche Srosa :


! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\FirstRRRun


+- Recherche terminee !



+- Execute le : 24/08/2008 a 20:29:22,60

Utilisateur anonyme · Answer

Telecharge Kb2 sur ce lien : (merci a moe pour la réalisation !) 

http://sd-1.archive-host.com/membres/up/1366464061/KB2.exe 

Telecharge la nouvelle version d´eliblaga ici : (en bas de cette page) 

http://www.zonavirus.com/datos/descargas/95/elibagla.asp (clique sur le bouton "Descargar Elibagla") sur ton bureau. 

Etape 1 : 

Si tu as connecté une cle usb depuis que tu as été infecté branche la sans l´ouvrir... 

Etape 2 : 

Sur ton bureau double clic sur KB.exe. 
Tu verras apparaître sur le bureau, un raccourci nommé "KillB". 
Fait glisser le fichier Elibagla.exe sur ce raccourci, exactement comme si tu voulais le déposer dans un dossier. 

Elibagla va se lancer automatiquement. 
Clic sur "Ok" aux premières boîtes de dialogue qui peuvent apparaître avant le menu principal de l'outil : 

Por favor, envienos una muestra del fichero 
C:\Muestras\HLDRRR.EXE.Muestra EliBagle v11.18 
a "virus@satinfo.es". Gracias 
et/ou 
Eliminando Gusano BAGLE

Une fois fait, le menu principal d'Elibagla apparaîtra : 

- Laisse la case "Eliminar ficheros automaticamente" coché 
- Clic sur "Explorar" pour lancer le scan. 

/!\ Pendant toute la durée du scan, n'utilise pas ton pc, n'ouvre aucun programmes et laisse l'outil travailler. 
/!\ Ne redemarre pas le pc après le scan. 

Le scan terminé, copie/colle sur le forum le rapport situé dans C:\KB\KB.txt et celui d'Elibagla situé dans C:\Infosat.txt

vincolo · Answer

salut
voila ce que ca donne

KB : Exécuté le : 24/08/2008 à 20:51:01

+- Processus infectieux actifs :
 - Aucun processus infectieux en cours d'utilisation.


+- Affichage des fichiers cachés :
 - Réparé.


+- Fin du rapport

Elibagle


	  Sun Aug 24 20:51:02 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Acción Directa):

	  Sun Aug 24 20:51:25 2008
EliBagle v11.66  (c)2008 S.G.H. / Satinfo S.L. (Actualizado el 1 de Agosto del 2008)
----------------------------------------------
Lista de Acciones (por Exploración):
Explorando Unidad C:\

Nº Total de Directorios:   5512
Nº Total de Ficheros:      59639
Nº de Ficheros Analizados: 12987
Nº de Ficheros Infectados: 0
Nº de Ficheros Limpiados:  0


Merci de ton aide

Utilisateur anonyme · Answer

voila ce que je te propose,

fais le point sur le pc 

comment va le parefeu antivirus centre de secu windows update etc et dis moi 

pour la clé y a un soucis sur un autre topic on a le meme soucis

donc on aura une soluce je pense d ici demain 

demain reviens aux nouvelles avec le bilan de santé du pc 

qu en penses tu ? 

supprime tout les outils utilisé aussi afin de faire un coup de propre (sauf malewarebyte)

vincolo · Answer

ouai c'est bien ce que je pensais
je vais lacher l'affaire

centre de sécu ok pare feu actif
je vais installer nod32 dem1 matin
nettoyer tout comme tu as dit
et puis je pense que je vais rester comme ca
le pc tourne nickel
donc je pense que ca va aller,enfin j'espère

je te dis VRAIMENT UN GRAND MERCI

je repasserais demain voir si tas du nouveau pour la clé

merci encore et bonne soirée

Utilisateur anonyme · Answer

oui remet tout propre et on voit demain pour la clé et le dossier 

bonne nuit

afideg · Answer

Salut à vous trois,

Courage les gars.
De plus en plus compliqué !

Beagle en mutation perpétuelle  ==> 
•- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersio­n\Explorer\VolumeCaches\Active Setup Temp Folders] 
"Folder"="C:\WINDOWS\msdownld.tmp|?:\msdownld.tmp" 
•- C:\Documents and Settings\Administrateur\Application Data\m\data.octt 
• HKEY_CURRENT_USER\Software\FirstRRRun 

Essaie de lui faire utiliser IceSword pour voir s'il lui aussi reçoit ce message d'erreur qui empêche de lancer  IceSword.exe

Merci
Al.

InfernO.vir · Answer

Slt XD ouais ma foie, c'est du coriace celui-la ! ^^

Il s'accroche durement.

Utilisateur anonyme · Answer

je vais te mp Al

afideg · Answer

Bonjour TLM Salut vincolo ==> as-tu des nouvelles à nous apporter ? Télécharger OAD par ce lien: < http://sosvirus.changelog.fr/OAD.exe > •-Enregistre-le sur ton bureau Pour l'utilisation sous XP: Lancer « OAD.exe » en cliquant sur < http://sosvirus.changelog.fr/OAD/1.bmp >. Pour l'utilisation sous Vista: Clique droit sur le fichier « OAD.exe » et sur « Propriétés », dans l'onglet « Compatibilité », Cadre "Niveau de privilège" il faut cocher "Exécuter ce programme en tant qu'administrateur". •- Lancer « OAD.exe » en cliquant sur < http://sosvirus.changelog.fr/OAD/1.bmp > , puis « Exécuter en tant que » ==> une page bleue s’affiche. •- Saisir la valeur recherchée ( = nom de fichier à rechercher ) : taper SROSA puis [Enter] ==> une nouvelle page bleue s’affiche. - Type de recherche : taper 6 (sélectionner l'option 6) puis valide [entrée]< http://sosvirus.changelog.fr/OAD/4.bmp > •- OAD va maintenant rechercher le fichier. Laisse-le travailler jusqu'à ce qu'il en ait terminé. Suivant la taille des disques durs, cette recherche peut prendre plusieurs minutes. Patienter. •- Le rapport de recherche s'affichera automatiquement dès qu'il en aura terminé. •- Faire un copier/coller de ce rapport dans ton prochain post. •-Note: Certains Antivirus (comme Panda) peuvent émettre une alerte lors de "téléchargement / utilisation". Refais la même chose, mais avec le mot LEGACY_SROSA Merci Al.

vincolo · Answer

Bonjour à tous

bon j'ai fait un gros nettoyage de toutes les applications que vous m'aviez fait utiliser
je viens d'installer nod 32
tt va bien sauf que malware me détetce encore C:\Windows\System32\drivers\downld

sinon voici les deux rapports

 25/08/2008 ---- 14:12:08,07  

----------------------------------
§§§§§§ [SROSA] §§§§§§
----------------------------------
[X] Registre
 
-------------- [  ] rapide
-- Fichier --- [  ] disque systeme
 ------------- [X] complete


********************
     [Registre] 
********************

Aucune entrée détectée

*******************
     [Fichier] 
*******************



*********************
     [Même date] 
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§ 
----------------------------------


et

 25/08/2008 ---- 14:14:36,79  

----------------------------------
§§§§§§ [LEGACY_SROSA] §§§§§§
----------------------------------
[X] Registre
 
-------------- [  ] rapide
-- Fichier --- [  ] disque systeme
 ------------- [X] complete


********************
     [Registre] 
********************

Aucune entrée détectée

*******************
     [Fichier] 
*******************



*********************
     [Même date] 
*********************

Aucun fichier créé à la même date détecté


Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§ 
----------------------------------


Voila
j'espère que ca va vous aider
merci encore de votre aide

afideg · Answer

Bonjour

Bien

Essaie ceci et ensuite vois si ce dossier downld vit toujours :

Télécharge  http://cjoint.com/data/iyvrUHUOIl_Kill_leg.zip 

Dézipper l'archive "iyvrUHUOIl_Kill_leg.zip" (Clic-droit > ouvrir)  sur le bureau 
Lance le fichier "Kill_leg.bat" -> "Exécuter"  
La fenêtre de l'invite de commande va s'ouvrir et se refermer rapidement, c'est normal. 


Vois si ce dossier down vit toujours
Si OUI, relance une recherche avec OAD sur le mot  downld 

Merci
Al

vincolo · Answer

Salut
après exécution de kill leg le dossier downld est toujours présent
j'ai donc exécuté OAD et voici le rapport:
 25/08/2008 ---- 16:55:31,70  

----------------------------------
§§§§§§ [downld] §§§§§§
----------------------------------
[X] Registre
 
-------------- [  ] rapide
-- Fichier --- [  ] disque systeme
 ------------- [X] complete


********************
     [Registre] 
********************

Aucune entrée détectée

*******************
     [Fichier] 
*******************

c:\WINDOWS\system32\drivers\downld


*********************
     [Même date] 
*********************

[R‚pertoire ] --- REP ---> C:\Program Files\Files   



Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§ 
----------------------------------


Mais si je supprime manuellement le dossier (qui est vide d'ailleurs!!!!) il réapparait lorsque je redémarre Windows
Penses tu que ce dossier downld est dangereux????car il est vide et mon ordi tourne parfaitement bien

Merci beaucoup pour ton aide

afideg · Answer

Re,

Merci

Via "Poste de travail", vas supprimer ce dossier en gras C:\Program Files\SuperCopier2


Ensuite, télécharge IceSword sur ton Bureau, du lien suivant :
https://www.majorgeeks.com/downloadget.php?id=5199&file=10&evp=0d36c3ec48c6373fd5daac78f0c6a417 ; ensuite comme ceci : http://img299.imageshack.us/img299/815/screenshot418ok7.png 

1) Double clique sur le fichier téléchargé, puis déplace (glisser/coller) le dossier jaune IceSword122_en sur ton Bureau.
N'oublie pas de lancer IceSword en mode de compatibilité "Microsoft Win XP SP2" 
clic droit sur l'exécutable icesword.exe après décompression de l'archive,
puis Propriétés => onglet Compatibilité => cocher "Exécuter ce programme en mode de compatibilité" => choisir "Windows XP Service Pack 2"
valider par OK

2) Double clique sur ce dossier, puis sur IceSword.exe (contenant l’épée dans un carré jaune) afin de lancer l'outil.

3) Agrandis la fenêtre de l'outil en plein écran, en cliquant sur le petit carré (au haut, à droite)

4)- Dans le menu de la colonne de gauche, clic sur [FILE]  > choisis l'onglet [Settings]
En standard, l'option [Don't display ''Deleting'' state process] est activée. 
En la désactivant on obtient un liste de [Process] plus étoffée où figurent des processus signalés en rouge 
==> donc, désactive l'option [Don't display ''Deleting'' state process] 
Et rapporte-moi toutes les lignes figurées en rouge dans l'analyse.
(tu les colles au fur et à mesure dans le bloc-notes; pour ensuite en poster l'ensemble)



Merci

Utilisateur anonyme · Answer

supprime findB si present

j ai besoin de ce rapport stp:

Telecharge FindB :

- Fas un clic droit sur le lien, enregistrer sous .... sur le bureau 


---> http://sd-1.archive-host.com/membres/up/116615172019703188/FindB.rar

----> dezippe le 

1) Double clic sur FindB

2) Post le rapport FindB.txt dans ton prochain message

note :  le rapport FindB.txt est sauvegardé a la racine du disque

afideg · Answer

Re,

Et dans la liste, tu ne vois pas c:\WINDOWS\system32\drivers\downld  ?

Dans la colonne de gauche, sous "Functions", choisis le bouton radio [Win32 Services], laisse afficher tous les services dans la plage de droite. 
Ensuite retrouve cette saleté de downld que tu supprimes.
S'il y en a d'autres en rouge, donne-les moi.

vincolo · Answer

négatif
il n'est pas présent dans la liste des process
c'est bien la dedans que tu me demandes de regarder?

merci à toi

afideg · Answer

Non, ce n'est pas dans [Process]

Regarde ce que j'ai écrit ==> sous "Functions", choisis le bouton radio [Win32 Services],

vincolo · Answer

je viens de me taper toute la liste dans win32 services et downld absent!!!!!!!
merci de ton aide

afideg · Answer

OK pour moi

Maintenant suis bien ce que demande Chiquitine29 


Merci à toi.
Al.

Utilisateur anonyme · Answer

re vincolo

je vais te mp

vincolo · Answer

mp?????
merci de votre aide à tous c'est cool!!!
j'attends de tes news

afideg · Answer

MP= Messagerie Privée  ( au-dessus, à droite de la page CCM )
Quand tu reçois un MP, il y a un petit clignotant sous ton pseudo, et une petite enveloppe "à cliquer", pour l'ouvrir.

vincolo · Answer

Salut!!!!!!
On avance
voici le rapport findb:plus de downld (j'ai refait deux démarrages pour m'en assurer et c'est good!!!!)
malware confirme et ne détecte rien!!!!
Par contre dans srosa il y a des nouvelles clés dans le registre
que dois-je faire stp?????


+- FindB mis a jours le  21/08/08 par Chiquitine29



+- Recherche de fichier infectueux :




+- Recherche dans : C:\WINDOWS\Prefetch :




+- Recherche dans : C:\WINDOWS\system32 :




+- Recherche dans : C:\WINDOWS\system32\drivers :




+- Recherche dans : C:\Documents and Settings\Administrateur\Application Data :


C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\list.oct Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\data.octt Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\shared Présent!! )


+- Registre :


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    WinPatrol	REG_SZ	C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    TPKMAPHELPER	REG_SZ	C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    TPHOTKEY	REG_SZ	C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    PWRMGRTR	REG_SZ	rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    GrooveMonitor	REG_SZ	"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    IgfxTray	REG_SZ	C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds	REG_SZ	C:\WINDOWS\system32\hkcmd.exe
    Persistence	REG_SZ	C:\WINDOWS\system32\igfxpers.exe
    TVT Scheduler Proxy	REG_SZ	C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    LXDDCATS	REG_SZ	rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
    TrojanScanner	REG_SZ	C:\Program Files\Trojan Remover\Trjscan.exe /boot
    egui	REG_SZ	"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    pdfSaver3	REG_SZ	"C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    DAEMON Tools Lite	REG_SZ	"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe
    SpybotSD TeaTimer	REG_SZ	C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


+- Registre, recherche Srosa :


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe

! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe


+- Recherche terminee !



+- Execute le : 25/08/2008 a 23:03:53,18


Merci encore pour tout le temps que tu m'accordes

afideg · Answer

Re,

Télécharge Gmer  http://www2.gmer.net/gmer.zip
Décompresse-le sur ton bureau.
Ferme toutes les fenêtres actives. 
Double-clique sur Gmer.exe 

Si une alerte de ton antivirus apparaît pour gmer.sys ou gmer.exe ,ignore-le. 
Clique sur l'onglet rootkit. ==> à droite coche tout. 
Clique maintenant sur Scan. 

Lorsque le scan est terminé, clique sur Copy. 

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller. 
Le rapport doit alors apparaître. 
Enregistre le fichier puis poste le contenu ici. 


Ensuite, "démarrer" >> "exécuter" >> saisir dans la petite lucarne toute la liste en gras ci-dessous (en une fois):
 
gmer -killall
gmer -del reg "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe" 
gmer -del reg "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\wintems.exe"
gmer -del reg "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\hldrrr.exe" 
gmer -del reg "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\flec006.exe" 
gmer -del reg "HKLM\SYSTEM\CurrentControlSet\Services\SROSA" 
gmer -del reg "HKLM\SYSTEM\ControlSet001\Services\SROSA" 
gmer -del reg "HKLM\SYSTEM\ControlSet002\Services\SROSA" 
gmer -del reg "HKCU\Software\FirstRRRun
gmer -del service SROSA 
gmer -del file "C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe" 
gmer -del file "C:\Documents and Settings\Administrateur\Application Data\m\list.oct" 
gmer -del file "C:\Documents and Settings\Administrateur\Application Data\m\data.octt" 
gmer -del file "C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct" 
gmer -del file "C:\Documents and Settings\Administrateur\Application Data\m"  
gmer -del file "C:\Documents and Settings\Administrateur\Application Data\m\shared"
gmer -del file "C:\WINDOWS\system32\drivers\downld"
gmer -del file "C:\Program Files\SuperCopier2 
gmer -del file "C:\WINDOWS\system32\drivers	askmgr.exe" 
gmer -del file "C:\WINDOWS\SYSTEM32\WINTEMS.EXE" 
gmer -del file "C:\WINDOWS\SYSTEM32\BAN_LIST.TXT" 
gmer -del file "C:\WINDOWS\system32\MDELK.EXE" 
gmer -del file "C:\WINDOWS\SYSTEM32\DRIVERS\HLDRRR.EXE" 
gmer -reboot

Et valide par [OK]
À la fin le pc devrait rebooter.
S'il ne redémarre pas, fais-le toi redémarrer toi même.
Au redémarrage vois si tes protections fonctionnent. 

Si ca ne refonctionne pas, alors fais comme ceci: "démarrer" >> "exécuter" >> saisir CMD puis valide par [ok]. Ensuite, colle ligne par ligne en validant entre deux (par Entrée) les lignes suivantes dans la fenêtre noire qui apparaît:  ==> voir liste ci-dessus.


Merci
Al.

vincolo · Answer

j'ai supprimé les clé srosa ds le registre
j'espère que j'ai pas fait une connerie

sinon voici le rapport

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-08-26 00:10:26
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.14 ----

SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwAdjustPrivilegesToken [0xA889BC8C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwConnectPort [0xA889B3C4]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwCreateFile [0xA889B8A0]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwCreateKey [0xA889C43C]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwCreatePort [0xA889B080]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwCreateSection [0xA889D084]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwCreateSymbolicLinkObject [0xA889BE72]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwCreateThread [0xA889AC50]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwDeleteKey [0xA889C0B8]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwDeleteValueKey [0xA889C268]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwDuplicateObject [0xA889AB02]
SSDT            spzh.sys                                                                                                                                                                   ZwEnumerateKey [0xB9EC6CA2]
SSDT            spzh.sys                                                                                                                                                                   ZwEnumerateValueKey [0xB9EC7030]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwLoadDriver [0xA889CD24]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwOpenFile [0xA889BAB0]
SSDT            spzh.sys                                                                                                                                                                   ZwOpenKey [0xB9EA80C0]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwOpenProcess [0xA889A822]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwOpenSection [0xA889B744]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwOpenThread [0xA889A9AA]
SSDT            spzh.sys                                                                                                                                                                   ZwQueryKey [0xB9EC7108]
SSDT            spzh.sys                                                                                                                                                                   ZwQueryValueKey [0xB9EC6F88]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwRenameKey [0xA889C7F2]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwRequestWaitReplyPort [0xA889B196]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwSecureConnectPort [0xA889CAE6]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwSetSystemInformation [0xA889CEC4]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwSetValueKey [0xA889C602]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwShutdownSystem [0xA889B5D2]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwSystemDebugControl [0xA889B638]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwTerminateProcess [0xA889AF4A]
SSDT            \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Firewall Pro Sandbox Driver/COMODO)                                                                                      ZwTerminateThread [0xA889AE18]

INT 0x62        ?                                                                                                                                                                          89A5CBF8
INT 0x63        ?                                                                                                                                                                          896E6F00
INT 0x82        ?                                                                                                                                                                          89A5CBF8
INT 0x94        ?                                                                                                                                                                          896E6F00
INT 0xA4        ?                                                                                                                                                                          896E6F00
INT 0xB4        ?                                                                                                                                                                          896E6F00

---- Kernel code sections - GMER 1.0.14 ----

.text           ntkrnlpa.exe!ZwCallbackReturn + 25F2                                                                                                                                       805014C2 2 Bytes  [ EC, B9 ]
?               spzh.sys                                                                                                                                                                   Le fichier spécifié est introuvable. !
.text           USBPORT.SYS!DllUnload                                                                                                                                                      B8E3962C 5 Bytes  JMP 896E64E0 
.text           a7yinhk8.SYS                                                                                                                                                               B8A6F384 1 Byte  [ 20 ]
.text           a7yinhk8.SYS                                                                                                                                                               B8A6F386 35 Bytes  [ 00, 68, 00, 00, 00, 00, 00, ... ]
.text           a7yinhk8.SYS                                                                                                                                                               B8A6F3AA 24 Bytes  [ 00, 00, 20, 00, 00, E0, 00, ... ]
.text           a7yinhk8.SYS                                                                                                                                                               B8A6F3C4 3 Bytes  [ 00, 00, 00 ]
.text           a7yinhk8.SYS                                                                                                                                                               B8A6F3C9 1 Byte  [ 00 ]
.text           ...                                                                                                                                                                        

---- User code sections - GMER 1.0.14 ----

.text           C:\WINDOWS\Explorer.EXE[296] ntdll.dll!NtClose                                                                                                                             7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[296] ntdll.dll!LdrUnloadDll                                                                                                                        7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[296] GDI32.dll!BitBlt                                                                                                                              77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[296] GDI32.dll!CreateDCA                                                                                                                           77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[296] GDI32.dll!CreateDCW                                                                                                                           77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[296] GDI32.dll!CreateDCW + 3                                                                                                                       77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\WINDOWS\Explorer.EXE[296] USER32.dll!EndTask                                                                                                                            7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[296] USER32.dll!mouse_event                                                                                                                        7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[296] USER32.dll!keybd_event                                                                                                                        7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[296] ole32.dll!CoCreateInstanceEx                                                                                                                  774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\Explorer.EXE[296] ole32.dll!CoGetClassObject                                                                                                                    774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Executive Software\Diskeeper\DkService.exe[352] ntdll.dll!NtClose                                                                                         7C91D586 5 Bytes  JMP 006B5060 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Executive Software\Diskeeper\DkService.exe[352] ntdll.dll!LdrUnloadDll                                                                                    7C92718B 5 Bytes  JMP 006B4F90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Executive Software\Diskeeper\DkService.exe[352] USER32.dll!EndTask                                                                                        7E3D9E75 5 Bytes  JMP 006B4C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Executive Software\Diskeeper\DkService.exe[352] USER32.dll!mouse_event                                                                                    7E3E6515 5 Bytes  JMP 006B16D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Executive Software\Diskeeper\DkService.exe[352] USER32.dll!keybd_event                                                                                    7E3E6559 5 Bytes  JMP 006B1550 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Executive Software\Diskeeper\DkService.exe[352] GDI32.dll!BitBlt                                                                                          77EF6F79 5 Bytes  JMP 006B1860 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Executive Software\Diskeeper\DkService.exe[352] GDI32.dll!CreateDCA                                                                                       77EFB249 5 Bytes  JMP 006B1230 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Executive Software\Diskeeper\DkService.exe[352] GDI32.dll!CreateDCW                                                                                       77EFBE89 2 Bytes  JMP 006B13C0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Executive Software\Diskeeper\DkService.exe[352] GDI32.dll!CreateDCW + 3                                                                                   77EFBE8C 2 Bytes  [ 7B, 88 ]
.text           C:\Program Files\Executive Software\Diskeeper\DkService.exe[352] ole32.dll!CoCreateInstanceEx                                                                              774BFA6B 5 Bytes  JMP 006B4960 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Executive Software\Diskeeper\DkService.exe[352] ole32.dll!CoGetClassObject                                                                                774D5DB2 5 Bytes  JMP 006B4AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[616] ntdll.dll!NtClose                                                                                           7C91D586 5 Bytes  JMP 009F5060 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[616] ntdll.dll!LdrUnloadDll                                                                                      7C92718B 5 Bytes  JMP 009F4F90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[616] GDI32.dll!BitBlt                                                                                            77EF6F79 5 Bytes  JMP 009F1860 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[616] GDI32.dll!CreateDCA                                                                                         77EFB249 5 Bytes  JMP 009F1230 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[616] GDI32.dll!CreateDCW                                                                                         77EFBE89 2 Bytes  JMP 009F13C0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[616] GDI32.dll!CreateDCW + 3                                                                                     77EFBE8C 2 Bytes  [ AF, 88 ]
.text           C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[616] USER32.dll!EndTask                                                                                          7E3D9E75 5 Bytes  JMP 009F4C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[616] USER32.dll!mouse_event                                                                                      7E3E6515 5 Bytes  JMP 009F16D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[616] USER32.dll!keybd_event                                                                                      7E3E6559 5 Bytes  JMP 009F1550 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[616] ole32.dll!CoCreateInstanceEx                                                                                774BFA6B 5 Bytes  JMP 009F4960 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe[616] ole32.dll!CoGetClassObject                                                                                  774D5DB2 5 Bytes  JMP 009F4AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[640] ntdll.dll!NtClose                                                                                                 7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[640] ntdll.dll!LdrUnloadDll                                                                                            7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[640] GDI32.dll!BitBlt                                                                                                  77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[640] GDI32.dll!CreateDCA                                                                                               77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[640] GDI32.dll!CreateDCW                                                                                               77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[640] GDI32.dll!CreateDCW + 3                                                                                           77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[640] USER32.dll!EndTask                                                                                                7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[640] USER32.dll!mouse_event                                                                                            7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[640] USER32.dll!keybd_event                                                                                            7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[640] ole32.dll!CoCreateInstanceEx                                                                                      774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe[640] ole32.dll!CoGetClassObject                                                                                        774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[644] ntdll.dll!NtClose                                                                                                 7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[644] ntdll.dll!LdrUnloadDll                                                                                            7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[644] kernel32.dll!SetUnhandledExceptionFilter                                                                          7C84467D 4 Bytes  [ C2, 04, 00, 00 ]
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[644] USER32.dll!EndTask                                                                                                7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[644] USER32.dll!mouse_event                                                                                            7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[644] USER32.dll!keybd_event                                                                                            7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[644] GDI32.dll!BitBlt                                                                                                  77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[644] GDI32.dll!CreateDCA                                                                                               77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[644] GDI32.dll!CreateDCW                                                                                               77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[644] GDI32.dll!CreateDCW + 3                                                                                           77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[644] ole32.dll!CoCreateInstanceEx                                                                                      774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe[644] ole32.dll!CoGetClassObject                                                                                        774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\FolderSize\FolderSizeSvc.exe[724] ntdll.dll!NtClose                                                                                                       7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\FolderSize\FolderSizeSvc.exe[724] ntdll.dll!LdrUnloadDll                                                                                                  7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\FolderSize\FolderSizeSvc.exe[724] GDI32.dll!BitBlt                                                                                                        77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\FolderSize\FolderSizeSvc.exe[724] GDI32.dll!CreateDCA                                                                                                     77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\FolderSize\FolderSizeSvc.exe[724] GDI32.dll!CreateDCW                                                                                                     77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\FolderSize\FolderSizeSvc.exe[724] GDI32.dll!CreateDCW + 3                                                                                                 77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\Program Files\FolderSize\FolderSizeSvc.exe[724] USER32.dll!EndTask                                                                                                      7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\FolderSize\FolderSizeSvc.exe[724] USER32.dll!mouse_event                                                                                                  7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\FolderSize\FolderSizeSvc.exe[724] USER32.dll!keybd_event                                                                                                  7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\FolderSize\FolderSizeSvc.exe[724] ole32.dll!CoCreateInstanceEx                                                                                            774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\FolderSize\FolderSizeSvc.exe[724] ole32.dll!CoGetClassObject                                                                                              774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[856] ntdll.dll!NtClose                                                                                                                    7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[856] ntdll.dll!LdrUnloadDll                                                                                                               7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[856] USER32.dll!EndTask                                                                                                                   7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[856] USER32.dll!mouse_event                                                                                                               7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[856] USER32.dll!keybd_event                                                                                                               7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[856] GDI32.dll!BitBlt                                                                                                                     77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[856] GDI32.dll!CreateDCA                                                                                                                  77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[856] GDI32.dll!CreateDCW                                                                                                                  77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[856] GDI32.dll!CreateDCW + 3                                                                                                              77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\WINDOWS\system32\winlogon.exe[856] ole32.dll!CoCreateInstanceEx                                                                                                         774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\winlogon.exe[856] ole32.dll!CoGetClassObject                                                                                                           774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[900] ntdll.dll!NtClose                                                                                                                    7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[900] ntdll.dll!LdrUnloadDll                                                                                                               7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[900] USER32.dll!EndTask                                                                                                                   7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[900] USER32.dll!mouse_event                                                                                                               7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[900] USER32.dll!keybd_event                                                                                                               7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[900] GDI32.dll!BitBlt                                                                                                                     77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[900] GDI32.dll!CreateDCA                                                                                                                  77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[900] GDI32.dll!CreateDCW                                                                                                                  77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[900] GDI32.dll!CreateDCW + 3                                                                                                              77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\WINDOWS\system32\services.exe[900] ole32.dll!CoCreateInstanceEx                                                                                                         774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\services.exe[900] ole32.dll!CoGetClassObject                                                                                                           774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[912] ntdll.dll!NtClose                                                                                                                       7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[912] ntdll.dll!LdrUnloadDll                                                                                                                  7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[912] USER32.dll!EndTask                                                                                                                      7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[912] USER32.dll!mouse_event                                                                                                                  7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[912] USER32.dll!keybd_event                                                                                                                  7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[912] GDI32.dll!BitBlt                                                                                                                        77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[912] GDI32.dll!CreateDCA                                                                                                                     77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[912] GDI32.dll!CreateDCW                                                                                                                     77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[912] GDI32.dll!CreateDCW + 3                                                                                                                 77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\WINDOWS\system32\lsass.exe[912] ole32.dll!CoCreateInstanceEx                                                                                                            774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lsass.exe[912] ole32.dll!CoGetClassObject                                                                                                              774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ibmpmsvc.exe[1064] ntdll.dll!NtClose                                                                                                                   7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ibmpmsvc.exe[1064] ntdll.dll!LdrUnloadDll                                                                                                              7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ibmpmsvc.exe[1064] USER32.dll!EndTask                                                                                                                  7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ibmpmsvc.exe[1064] USER32.dll!mouse_event                                                                                                              7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ibmpmsvc.exe[1064] USER32.dll!keybd_event                                                                                                              7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ibmpmsvc.exe[1064] GDI32.dll!BitBlt                                                                                                                    77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ibmpmsvc.exe[1064] GDI32.dll!CreateDCA                                                                                                                 77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ibmpmsvc.exe[1064] GDI32.dll!CreateDCW                                                                                                                 77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ibmpmsvc.exe[1064] GDI32.dll!CreateDCW + 3                                                                                                             77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\WINDOWS\system32\ibmpmsvc.exe[1064] ole32.dll!CoCreateInstanceEx                                                                                                        774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\ibmpmsvc.exe[1064] ole32.dll!CoGetClassObject                                                                                                          774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!NtClose                                                                                                                    7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1100] ntdll.dll!LdrUnloadDll                                                                                                               7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!EndTask                                                                                                                   7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!mouse_event                                                                                                               7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1100] USER32.dll!keybd_event                                                                                                               7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1100] GDI32.dll!BitBlt                                                                                                                     77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1100] GDI32.dll!CreateDCA                                                                                                                  77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1100] GDI32.dll!CreateDCW                                                                                                                  77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1100] GDI32.dll!CreateDCW + 3                                                                                                              77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\WINDOWS\system32\svchost.exe[1100] ole32.dll!CoCreateInstanceEx                                                                                                         774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1100] ole32.dll!CoGetClassObject                                                                                                           774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!NtClose                                                                                                                    7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1148] ntdll.dll!LdrUnloadDll                                                                                                               7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!EndTask                                                                                                                   7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!mouse_event                                                                                                               7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1148] USER32.dll!keybd_event                                                                                                               7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1148] GDI32.dll!BitBlt                                                                                                                     77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1148] GDI32.dll!CreateDCA                                                                                                                  77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1148] GDI32.dll!CreateDCW                                                                                                                  77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1148] GDI32.dll!CreateDCW + 3                                                                                                              77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\WINDOWS\system32\svchost.exe[1148] ole32.dll!CoCreateInstanceEx                                                                                                         774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1148] ole32.dll!CoGetClassObject                                                                                                           774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Defender\MsMpEng.exe[1188] ntdll.dll!NtClose                                                                                                      7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Defender\MsMpEng.exe[1188] ntdll.dll!LdrUnloadDll                                                                                                 7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Defender\MsMpEng.exe[1188] USER32.dll!EndTask                                                                                                     7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Defender\MsMpEng.exe[1188] USER32.dll!mouse_event                                                                                                 7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Defender\MsMpEng.exe[1188] USER32.dll!keybd_event                                                                                                 7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Defender\MsMpEng.exe[1188] GDI32.dll!BitBlt                                                                                                       77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Defender\MsMpEng.exe[1188] GDI32.dll!CreateDCA                                                                                                    77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Defender\MsMpEng.exe[1188] GDI32.dll!CreateDCW                                                                                                    77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Defender\MsMpEng.exe[1188] GDI32.dll!CreateDCW + 3                                                                                                77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\Program Files\Windows Defender\MsMpEng.exe[1188] ole32.dll!CoCreateInstanceEx                                                                                           774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Windows Defender\MsMpEng.exe[1188] ole32.dll!CoGetClassObject                                                                                             774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!NtClose                                                                                                                    7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1232] ntdll.dll!LdrUnloadDll                                                                                                               7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1232] USER32.dll!EndTask                                                                                                                   7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1232] USER32.dll!mouse_event                                                                                                               7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1232] USER32.dll!keybd_event                                                                                                               7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1232] GDI32.dll!BitBlt                                                                                                                     77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1232] GDI32.dll!CreateDCA                                                                                                                  77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1232] GDI32.dll!CreateDCW                                                                                                                  77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1232] GDI32.dll!CreateDCW + 3                                                                                                              77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\WINDOWS\System32\svchost.exe[1232] ole32.dll!CoCreateInstanceEx                                                                                                         774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1232] ole32.dll!CoGetClassObject                                                                                                           774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!NtClose                                                                                                                    7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1376] ntdll.dll!LdrUnloadDll                                                                                                               7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1376] USER32.dll!EndTask                                                                                                                   7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1376] USER32.dll!mouse_event                                                                                                               7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1376] USER32.dll!keybd_event                                                                                                               7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1376] GDI32.dll!BitBlt                                                                                                                     77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1376] GDI32.dll!CreateDCA                                                                                                                  77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1376] GDI32.dll!CreateDCW                                                                                                                  77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1376] GDI32.dll!CreateDCW + 3                                                                                                              77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\WINDOWS\System32\svchost.exe[1376] ole32.dll!CoCreateInstanceEx                                                                                                         774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\System32\svchost.exe[1376] ole32.dll!CoGetClassObject                                                                                                           774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lxddcoms.exe[1412] ntdll.dll!NtClose                                                                                                                   7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lxddcoms.exe[1412] ntdll.dll!LdrUnloadDll                                                                                                              7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lxddcoms.exe[1412] USER32.dll!EndTask                                                                                                                  7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lxddcoms.exe[1412] USER32.dll!mouse_event                                                                                                              7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lxddcoms.exe[1412] USER32.dll!keybd_event                                                                                                              7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lxddcoms.exe[1412] GDI32.dll!BitBlt                                                                                                                    77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lxddcoms.exe[1412] GDI32.dll!CreateDCA                                                                                                                 77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lxddcoms.exe[1412] GDI32.dll!CreateDCW                                                                                                                 77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lxddcoms.exe[1412] GDI32.dll!CreateDCW + 3                                                                                                             77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\WINDOWS\system32\lxddcoms.exe[1412] ole32.dll!CoCreateInstanceEx                                                                                                        774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\lxddcoms.exe[1412] ole32.dll!CoGetClassObject                                                                                                          774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!NtClose                                                                                                                    7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1460] ntdll.dll!LdrUnloadDll                                                                                                               7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!EndTask                                                                                                                   7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!mouse_event                                                                                                               7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1460] USER32.dll!keybd_event                                                                                                               7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1460] GDI32.dll!BitBlt                                                                                                                     77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1460] GDI32.dll!CreateDCA                                                                                                                  77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1460] GDI32.dll!CreateDCW                                                                                                                  77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1460] GDI32.dll!CreateDCW + 3                                                                                                              77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\WINDOWS\system32\svchost.exe[1460] ole32.dll!CoCreateInstanceEx                                                                                                         774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\svchost.exe[1460] ole32.dll!CoGetClassObject                                                                                                           774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DAEMON Tools Lite\daemon.exe[1576] ntdll.dll!NtClose                                                                                                      7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DAEMON Tools Lite\daemon.exe[1576] ntdll.dll!LdrUnloadDll                                                                                                 7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DAEMON Tools Lite\daemon.exe[1576] USER32.dll!EndTask                                                                                                     7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DAEMON Tools Lite\daemon.exe[1576] USER32.dll!mouse_event                                                                                                 7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DAEMON Tools Lite\daemon.exe[1576] USER32.dll!keybd_event                                                                                                 7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DAEMON Tools Lite\daemon.exe[1576] GDI32.dll!BitBlt                                                                                                       77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DAEMON Tools Lite\daemon.exe[1576] GDI32.dll!CreateDCA                                                                                                    77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DAEMON Tools Lite\daemon.exe[1576] GDI32.dll!CreateDCW                                                                                                    77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DAEMON Tools Lite\daemon.exe[1576] GDI32.dll!CreateDCW + 3                                                                                                77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\Program Files\DAEMON Tools Lite\daemon.exe[1576] ole32.dll!CoCreateInstanceEx                                                                                           774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\DAEMON Tools Lite\daemon.exe[1576] ole32.dll!CoGetClassObject                                                                                             774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe[1644] ntdll.dll!NtClose                                                                                7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe[1644] ntdll.dll!LdrUnloadDll                                                                           7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe[1644] ole32.dll!CoCreateInstanceEx                                                                     774BFA6B 5 Bytes  JMP 10004960 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe[1644] ole32.dll!CoGetClassObject                                                                       774D5DB2 5 Bytes  JMP 10004AD0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe[1644] GDI32.dll!BitBlt                                                                                 77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe[1644] GDI32.dll!CreateDCA                                                                              77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe[1644] GDI32.dll!CreateDCW                                                                              77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe[1644] GDI32.dll!CreateDCW + 3                                                                          77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe[1644] USER32.dll!EndTask                                                                               7E3D9E75 5 Bytes  JMP 10004C30 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe[1644] USER32.dll!mouse_event                                                                           7E3E6515 5 Bytes  JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text           C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe[1644] USER32.dll!keybd_event                                                                           7E3E6559 5 Bytes  JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!NtClose                                                                                                                    7C91D586 5 Bytes  JMP 10005060 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1732] ntdll.dll!LdrUnloadDll                                                                                                               7C92718B 5 Bytes  JMP 10004F90 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1732] GDI32.dll!BitBlt                                                                                                                     77EF6F79 5 Bytes  JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1732] GDI32.dll!CreateDCA                                                                                                                  77EFB249 5 Bytes  JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1732] GDI32.dll!CreateDCW                                                                                                                  77EFBE89 2 Bytes  JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text           C:\WINDOWS\system32\spoolsv.exe[1732] GDI32.dll!CreateDCW + 3                                                                                                              77EFBE8C 2 Bytes  [ 10, 98 ]
.text           C:\WINDOWS\system32\spoolsv.exe[1732] U

afideg · Answer

OK
Merci

Poursuis avec  l'injection du script maintenant

Et ensuite tu relanceras l'outil  FindB mis à jour le 21/08/08 par Chiquitine29, pour vérification

vincolo · Answer

Salut à tous

Je n'ai pas réussi à saisir l'ensemble des lignes dans démarrer exécuter: comment faut-il faire?
il faut tout taper à la main avec un espace au lieu d'aller à la ligne?????

Sinon voici le rapport findb sans avoir inscrit les commandes dans démarrer exécuter:



+- FindB mis a jours le  21/08/08 par Chiquitine29



+- Recherche de fichier infectueux :




+- Recherche dans : C:\WINDOWS\Prefetch :




+- Recherche dans : C:\WINDOWS\system32 :




+- Recherche dans : C:\WINDOWS\system32\drivers :




+- Recherche dans : C:\Documents and Settings\Administrateur\Application Data :


C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\list.oct Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\data.octt Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\shared Présent!! )


+- Registre :


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    WinPatrol	REG_SZ	C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    TPKMAPHELPER	REG_SZ	C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    TPHOTKEY	REG_SZ	C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    PWRMGRTR	REG_SZ	rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    GrooveMonitor	REG_SZ	"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    IgfxTray	REG_SZ	C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds	REG_SZ	C:\WINDOWS\system32\hkcmd.exe
    Persistence	REG_SZ	C:\WINDOWS\system32\igfxpers.exe
    TVT Scheduler Proxy	REG_SZ	C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    LXDDCATS	REG_SZ	rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
    TrojanScanner	REG_SZ	C:\Program Files\Trojan Remover\Trjscan.exe /boot
    egui	REG_SZ	"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    COMODO Firewall Pro	REG_SZ	"C:\Program Files\COMODO\Firewall\cfp.exe" -h

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    pdfSaver3	REG_SZ	"C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    DAEMON Tools Lite	REG_SZ	"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe
    SpybotSD TeaTimer	REG_SZ	C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


+- Registre, recherche Srosa :



+- Recherche terminee !



+- Execute le : 26/08/2008 a 10:45:51,50


Merci encore pour votre aide

Utilisateur anonyme · Answer

salut , je vois qu il y a du mieux 

ceci est un bug (que j ai rectifié) :

C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe Présent!! ) 
C:\Documents and Settings\Administrateur\Application Data\m\list.oct Présent!! ) 
C:\Documents and Settings\Administrateur\Application Data\m\data.octt Présent!! ) 
C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct Présent!! ) 
C:\Documents and Settings\Administrateur\Application Data\m Présent!! ) 
C:\Documents and Settings\Administrateur\Application Data\m\shared Présent!! ) 


-----> ne pas en tenir compte

comment va le pc ?

vincolo · Answer

salut
le pc va parfaitement bien
par contre je ne sais pas comment faire pour coller l'ensemble des lignes en gras dans démarrer exécuter
sais tu faire cela
merci

afideg · Answer

Re,

Puisque tu n'as pu inclure le script en une seule fois (tout en un seul copier/coller) dans la zone de saisie de la commande; j'écrivais clairement ceci:

« Si ca ne refonctionne pas, alors fais comme ceci: "démarrer" >> "exécuter" >> saisir CMD puis valide par [ok]. Ensuite, colle ligne par ligne en validant entre deux (par Entrée) les lignes suivantes dans la fenêtre noire qui apparaît: ==> voir liste ci-dessus. »



C'est-à-dire:
1°- Clic sur "Démarrer", puis clic sur "Exécuter" , tape CMD dans la zone de saisie, puis [OK].
Cela va ouvrir une page de commande, de couleur noire avec un petit tiret clignotant.
2°- À l'endroit de ce petit tiret clignotant, tu dois coller la première ligne de script ==> gmer -killall puis clic sur [Enter]
3°- Après quoi, tu vois encore une ligne avec ce petit tiret clignotant où tu dois coller la seconde ligne du script ==> gmer -del reg "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mdelk.exe" puis clic sur [Enter]
4°- Ainsi de suite pour tout le srcript, sans oublier la dernière ligne !

Je n'ai jamais dit de taper tout cela.
Il faut faire un copier/coller de chaque ligne suivie de [Enter]

Al.

EDIT: Salut Chiquitine29

vincolo · Answer

Salut al

excuses moi j'avais mal lu hier
je viens donc d'essayer la procédure à partir de cmd

mais petit pb
dès que je colle la première ligne gmer -killall
tout l'environnement windows disparait et il ne me reste donc que l'invite de commande en dos et l'image de mon bureau sinon rien du tout
je ne peux tonc rien coller
j'ai donc commencé à les taper manuellement
mais à chaque enter
il me dit erreur ou impossible de trouver le fichier spécifié.
j'ai donc arrêté car c'est un peu long
dois je faire cela en mode sans échec???comme ca je pourrais peut etre coller

merci encore de ton aide

afideg · Answer

OK
Stoppe ça.
L'essai ne vaut rien.
Je voulais le tester.
Merci pour ta collaboration.
Al

vincolo · Answer

salut à tous

MERCI A TOUS POUR VOTRE EXCELLENT TRAVAIL

voici le dernier scan findb que je viens de réaliser

+- FindB mis a jours le  21/08/08 par Chiquitine29



+- Recherche de fichier infectueux :




+- Recherche dans : C:\WINDOWS\Prefetch :




+- Recherche dans : C:\WINDOWS\system32 :




+- Recherche dans : C:\WINDOWS\system32\drivers :




+- Recherche dans : C:\Documents and Settings\Administrateur\Application Data :


C:\Documents and Settings\Administrateur\Application Data\m\flec006.exe Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\list.oct Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\data.octt Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\srvlist.oct Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m Présent!! )
C:\Documents and Settings\Administrateur\Application Data\m\shared Présent!! )


+- Registre :


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    WinPatrol	REG_SZ	C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    TPKMAPHELPER	REG_SZ	C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    TPHOTKEY	REG_SZ	C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    PWRMGRTR	REG_SZ	rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    GrooveMonitor	REG_SZ	"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    IgfxTray	REG_SZ	C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds	REG_SZ	C:\WINDOWS\system32\hkcmd.exe
    Persistence	REG_SZ	C:\WINDOWS\system32\igfxpers.exe
    TVT Scheduler Proxy	REG_SZ	C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    LXDDCATS	REG_SZ	rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
    TrojanScanner	REG_SZ	C:\Program Files\Trojan Remover\Trjscan.exe /boot
    egui	REG_SZ	"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    COMODO Firewall Pro	REG_SZ	"C:\Program Files\COMODO\Firewall\cfp.exe" -h

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    pdfSaver3	REG_SZ	"C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    DAEMON Tools Lite	REG_SZ	"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe
    SpybotSD TeaTimer	REG_SZ	C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


+- Registre, recherche Srosa :



+- Recherche terminee !



+- Execute le : 26/08/2008 a 13:29:29,46

Pour moi,maintenant tout est bon.
Qu'en pensez-vous
je peux donc passer ce sujet en résolu????

MERCI ENCORE BEAUCOUP POUR LE TEMPS QUE VOUS M'AVEZ ACCORDE
Vincolo

afideg · Answer

Re,

Attends l'avis de Chiquitine qui doit confirmer s'il faut passer outre dudit "bug", et si le topic est résolu.

Merci
Al.

Utilisateur anonyme · Answer

re vincolo

supprime findB 


Telecharge FindB :

- Fas un clic droit sur le lien, enregistrer sous .... sur le bureau 


---> http://sd-1.archive-host.com/membres/up/116615172019703188/FindB.exe



--> Double clic sur FindB

--> Post le rapport FindB.txt dans ton prochain message

Note :  le rapport FindB.txt est sauvegardé a la racine du disque

vincolo · Answer

voici le rapport demandé


+- FindB mis a jours le  21/08/08 par Chiquitine29



+- Recherche de fichier infectueux :




+- Recherche dans : C:\WINDOWS\Prefetch :




+- Recherche dans : C:\WINDOWS\system32 :




+- Recherche dans : C:\WINDOWS\system32\drivers :




+- Recherche dans : C:\Documents and Settings\Administrateur\Application Data :




+- Registre :


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
    WinPatrol	REG_SZ	C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
    TPKMAPHELPER	REG_SZ	C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
    TPHOTKEY	REG_SZ	C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
    PWRMGRTR	REG_SZ	rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
    GrooveMonitor	REG_SZ	"C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
    IgfxTray	REG_SZ	C:\WINDOWS\system32\igfxtray.exe
    HotKeysCmds	REG_SZ	C:\WINDOWS\system32\hkcmd.exe
    Persistence	REG_SZ	C:\WINDOWS\system32\igfxpers.exe
    TVT Scheduler Proxy	REG_SZ	C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
    LXDDCATS	REG_SZ	rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
    TrojanScanner	REG_SZ	C:\Program Files\Trojan Remover\Trjscan.exe /boot
    egui	REG_SZ	"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
    COMODO Firewall Pro	REG_SZ	"C:\Program Files\COMODO\Firewall\cfp.exe" -h

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
    pdfSaver3	REG_SZ	"C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
    DAEMON Tools Lite	REG_SZ	"C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
    ctfmon.exe	REG_SZ	C:\WINDOWS\system32\ctfmon.exe
    SpybotSD TeaTimer	REG_SZ	C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe


+- Registre, recherche Srosa :



+- Recherche terminee !



+- Execute le : 26/08/2008 a 15:56:25,39


merci

vincolo · Answer

Salut à tous

Qu'en pensez vous???
Je peux marquer résolu?
Merci encore de votre aide

Utilisateur anonyme · Answer

yes c est good

InfernO.vir · Answer

Bonjour,

Bien joué a vous deux je tire mon chapeau, serieusement je me voyais pas du tout faire ceci !

Je n'ais pas fait grand chose ds cette desinfection ^^

vincolo · Answer

Rebonjour à tous
et surtout
UN GRAND MERCI POUR VOS CONSEILS....
Sans vous je ne m'en serais jamais sorti.
Cette expérience m'a aussi permis d'en apprendre un peu plus sur la résolution des virus.......
JE VOUS TIRE MON CHAPEAU
vous ètes vraiment une équipe de choc!!!!!!!!!!!!!!!!!!!

Salutations
Vince

Utilisateur anonyme · Answer

de rien vince ,

moi je remercie Al pour son aide/soutien

vince pour t informer :

Les dangers des cracks : http://forum.malekal.com/ftopic893.php 

Le crack dans toute sa splendeur, journal d'une infection attendue : 
https://forum.zebulon.fr/topic/93281-pr%C3%A9vention-le-crack-dans-toute-sa-splendeur/ 

* Le P2P ( l'utilisation de logiciels comme eMule, Sharazaa, LimeWire, Bit torrent): 

Les conséquences du P2P : https://forum.zebulon.fr/topic/85544-pr%C3%A9vention-le-p2p-et-ses-cons%C3%A9quences/ 

Pourquoi éviter le P2P : http://www.speedweb1.org/forum-tesgaz/viewtopic.php?t=1793 
https://lexpansion.lexpress.fr/actualite-economique/­ 

* Prévention sur deux autres types d'infection d'actualité : 

MSN prévention : https://forum.zebulon.fr/topic/130590-infection-par-msn-ou-wlm/ 

Infection par supports amovibles (clefs usb, flash, DD externes ..) https://forum.zebulon.fr/topic/131959-infections-par-supports-amovibles/ 
https://forum.malekal.com/viewtopic.php?f=45&t=5544 


@++ sur CCM

afideg · Answer

Salut à tous
Nous ne faisons qu'à notre mesure
Mais notre bonne volonté est sans limite
Bravo pour ce beau topic
Al

Chiquitine29, je vais te poster un MP d'ici 10 minutes.

Pb virus srosa.sys et autres

211 réponses

Discussions similaires