[ Trojan-Spy.Win32.GreenScreen HELP ME !!!! ] [Résolu/Fermé]

Signaler
Messages postés
194
Date d'inscription
samedi 3 mars 2007
Statut
Membre
Dernière intervention
12 décembre 2018
-
 johnjohn91 -
Bonsoir à tous ,
comme le dit le titre je suis infecté par le trojan : Trojan-Spy.Win32.GreenScreen !!!!!!!!
J'ai utiliser Ccleaner , Spybot , Trojan Remover mais rien à faire , pas possible de le supprimer.
J'ai donc fait un scan avec Hijackthis afin de soliciter votre aide.
Je vous met donc le log de Hijackthis ( ainsi que celui de Trojan Remover au cas où ça pourrai aider ).
En vous remerçiant d'avance , bonne soirée .
Louiso.



Log Trojan Remover :


***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
09/10/2008 02:27:11: Trojan Remover has been restarted
C:\WINDOWS\Temp\ZLT01a17.TMP has been renamed to C:\WINDOWS\Temp\ZLT01a17.TMP.vir
C:\WINDOWS\Temp\ZLT01dfb.TMP has been renamed to C:\WINDOWS\Temp\ZLT01dfb.TMP.vir
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\[SpybotDeletingA4293] - already deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\[SpybotDeletingC6792] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\[SpybotDeletingB9834] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\[SpybotDeletingD2379] - already deleted
=======================================================
Unable to rename command /c del to command /c del .vir
(command /c del does not appear to exist)
Unable to rename del to del .vir
(del does not appear to exist)
09/10/2008 02:27:11: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Registered to: Vous en voulez un morceau ?
Non merci, j'ai déjà la diarhée]
Scan started at: 02:24:05 09 oct. 2008
Using Database v7147
Operating System: Windows XP SP3 [Windows XP Media Center Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\senez\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\senez\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
02:24:05: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
02:24:05: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
02:24:05: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
02:24:06: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: ehTray
Value Data: C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehtray.exe
67584 bytes
Created: 05/08/2005
Modified: 29/09/2005
Company: Microsoft Corporation
--------------------
Value Name: LaunchApp
Value Data: Alaunch
Alaunch [file not found to scan]
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7626752 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1519616 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company:
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company: NVIDIA Corporation
--------------------
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
16208384 bytes
Created: 01/06/2006
Modified: 01/06/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: SkyTel
Value Data: SkyTel.EXE
C:\WINDOWS\SkyTel.EXE
2879488 bytes
Created: 16/05/2006
Modified: 16/05/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
69632 bytes
Created: 03/05/2005
Modified: 03/05/2005
Company: Realtek Semiconductor Corp.
--------------------
Value Name: ntiMUI
Value Data: c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
45056 bytes
Created: 11/05/2005
Modified: 11/05/2005
Company:
--------------------
Value Name:
Value Data:
Blank entry: []
--------------------
Value Name: IMJPMIG8.1
Value Data: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
208952 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
Value Name: IMEKRMIG6.1
Value Data: C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
44032 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
Value Name: MSPY2002
Value Data: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
59392 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company:
--------------------
Value Name: PHIME2002ASync
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
Value Name: PHIME2002A
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SunJavaUpdateSched
Value Data: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
36975 bytes
Created: 18/08/2008
Modified: 10/11/2005
Company: Sun Microsystems, Inc.
--------------------
Value Name: Acer Empowering Technology Monitor
Value Data: C:\WINDOWS\system32\SysMonitor.exe
C:\WINDOWS\system32\SysMonitor.exe
49152 bytes
Created: 18/08/2008
Modified: 18/04/2006
Company:
--------------------
Value Name: eDataSecurity Loader
Value Data: C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
345088 bytes
Created: 17/03/2006
Modified: 17/03/2006
Company: HiTRUST
--------------------
Value Name: eRecoveryService
Value Data: C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
413696 bytes
Created: 18/08/2008
Modified: 01/06/2006
Company: Acer Inc.
--------------------
Value Name: WarReg_PopUp
Value Data: C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run1
C:\Acer\WR_PopUp\WarReg_PopUp.exe
61440 bytes
Created: 18/08/2008
Modified: 23/09/2006
Company: Acer Inc.
--------------------
Value Name: Workflow
Value Data: E:\install\Workflow.exe
E:\install\Workflow.exe [file not found to scan]
--------------------
Value Name: BJCFD
Value Data: C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
376912 bytes
Created: 18/08/2008
Modified: 27/01/2003
Company:
--------------------
Value Name: Motive SmartBridge
Value Data: C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
438359 bytes
Created: 18/08/2008
Modified: 24/08/2005
Company: Motive Communications, Inc.
--------------------
Value Name: DAEMON Tools
Value Data: "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
C:\Program Files\DAEMON Tools\daemon.exe
157592 bytes
Created: 12/11/2006
Modified: 12/11/2006
Company: DT Soft Ltd.
--------------------
Value Name: StartCCC
Value Data: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
61440 bytes
Created: 21/01/2008
Modified: 21/01/2008
Company: Advanced Micro Devices, Inc.
--------------------
Value Name: ZoneAlarm Client
Value Data: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
919016 bytes
Created: 10/09/2008
Modified: 09/07/2008
Company: Zone Labs, LLC
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 24/09/2008
Modified: 19/08/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: SpybotDeletingA2665
Value Data: command /c del "C:\WINDOWS\system32\h@tkeysh@@k.dll"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC2605
Value Data: cmd /c del "C:\WINDOWS\system32\h@tkeysh@@k.dll"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA9746
Value Data: command /c del "C:\WINDOWS\a.bat"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC5365
Value Data: cmd /c del "C:\WINDOWS\a.bat"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA2575
Value Data: command /c del "C:\WINDOWS\base64.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC4305
Value Data: cmd /c del "C:\WINDOWS\base64.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA2127
Value Data: command /c del "C:\WINDOWS\bdn.com"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC8921
Value Data: cmd /c del "C:\WINDOWS\bdn.com"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA4162
Value Data: command /c del "C:\WINDOWS\FVProtect.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC753
Value Data: cmd /c del "C:\WINDOWS\FVProtect.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA2752
Value Data: command /c del "C:\WINDOWS\iTunesMusic.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC9732
Value Data: cmd /c del "C:\WINDOWS\iTunesMusic.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA2936
Value Data: command /c del "C:\WINDOWS\mssecu.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC6436
Value Data: cmd /c del "C:\WINDOWS\mssecu.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA31
Value Data: command /c del "C:\WINDOWS\userconfig9x.dll"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC5025
Value Data: cmd /c del "C:\WINDOWS\userconfig9x.dll"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA4293
Value Data: command /c del "C:\WINDOWS\winsystem.exe"
command /c del - has a *known* Malware filename: SUSPICIOUS.ENTRY
command /c del "C:\WINDOWS\winsystem.exe" - this registry value has been removed [file not found to scan]
command /c del - marked for renaming when the PC is restarted (if it exists)
--------------------
Value Name: SpybotDeletingC6792
Value Data: cmd /c del "C:\WINDOWS\winsystem.exe"
del - has a *known* Malware filename: SUSPICIOUS.ENTRY
cmd /c del "C:\WINDOWS\winsystem.exe" - this registry value has been removed [file not found to scan]
del - marked for renaming when the PC is restarted (if it exists)
--------------------
Value Name: SpybotDeletingA3861
Value Data: command /c del "C:\WINDOWS\zip1.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC7772
Value Data: cmd /c del "C:\WINDOWS\zip1.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA3377
Value Data: command /c del "C:\WINDOWS\zip2.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC9549
Value Data: cmd /c del "C:\WINDOWS\zip2.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA7626
Value Data: command /c del "C:\WINDOWS\zip3.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC815
Value Data: cmd /c del "C:\WINDOWS\zip3.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA8055
Value Data: command /c del "C:\WINDOWS\zipped.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC4469
Value Data: cmd /c del "C:\WINDOWS\zipped.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA742
Value Data: command /c del "C:\WINDOWS\system32\medup020.dll"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC5344
Value Data: cmd /c del "C:\WINDOWS\system32\medup020.dll"
del [file not found to scan]
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Value Name: qCRkFMec1d
Value Data: C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe
C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe
73728 bytes
Created: 06/10/2008
Modified: 06/10/2008
Company:
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
68856 bytes
Created: 18/09/2008
Modified: 18/09/2008
Company: Google Inc.
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
Value Name: procweb
Value Data: C:\WINDOWS\system32\odqfchmd.exe
C:\WINDOWS\system32\odqfchmd.exe
98304 bytes
Created: 06/10/2008
Modified: 06/10/2008
Company:
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: SpybotDeletingB8448
Value Data: command /c del "C:\WINDOWS\system32\h@tkeysh@@k.dll"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD7502
Value Data: cmd /c del "C:\WINDOWS\system32\h@tkeysh@@k.dll"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB4506
Value Data: command /c del "C:\WINDOWS\a.bat"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD2261
Value Data: cmd /c del "C:\WINDOWS\a.bat"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB3554
Value Data: command /c del "C:\WINDOWS\base64.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD6343
Value Data: cmd /c del "C:\WINDOWS\base64.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB2433
Value Data: command /c del "C:\WINDOWS\bdn.com"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD1149
Value Data: cmd /c del "C:\WINDOWS\bdn.com"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB5707
Value Data: command /c del "C:\WINDOWS\FVProtect.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD2448
Value Data: cmd /c del "C:\WINDOWS\FVProtect.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB5228
Value Data: command /c del "C:\WINDOWS\iTunesMusic.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD6738
Value Data: cmd /c del "C:\WINDOWS\iTunesMusic.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB7573
Value Data: command /c del "C:\WINDOWS\mssecu.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD9443
Value Data: cmd /c del "C:\WINDOWS\mssecu.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB598
Value Data: command /c del "C:\WINDOWS\userconfig9x.dll"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD3289
Value Data: cmd /c del "C:\WINDOWS\userconfig9x.dll"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB9834
Value Data: command /c del "C:\WINDOWS\winsystem.exe"
command /c del - has a *known* Malware filename: SUSPICIOUS.ENTRY
command /c del "C:\WINDOWS\winsystem.exe" - this registry value has been removed [file not found to scan]
command /c del - marked for renaming when the PC is restarted (if it exists)
--------------------
Value Name: SpybotDeletingD2379
Value Data: cmd /c del "C:\WINDOWS\winsystem.exe"
del - has a *known* Malware filename: SUSPICIOUS.ENTRY
cmd /c del "C:\WINDOWS\winsystem.exe" - this registry value has been removed [file not found to scan]
del - marked for renaming when the PC is restarted (if it exists)
--------------------
Value Name: SpybotDeletingB718
Value Data: command /c del "C:\WINDOWS\zip1.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD1777
Value Data: cmd /c del "C:\WINDOWS\zip1.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB6562
Value Data: command /c del "C:\WINDOWS\zip2.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD7183
Value Data: cmd /c del "C:\WINDOWS\zip2.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB4862
Value Data: command /c del "C:\WINDOWS\zip3.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD9677
Value Data: cmd /c del "C:\WINDOWS\zip3.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB8566
Value Data: command /c del "C:\WINDOWS\zipped.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD442
Value Data: cmd /c del "C:\WINDOWS\zipped.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB8700
Value Data: command /c del "C:\WINDOWS\system32\medup020.dll"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD9347
Value Data: cmd /c del "C:\WINDOWS\system32\medup020.dll"
del [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty

************************************************************
02:24:32: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
02:24:32: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
02:24:33: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\ssmypics.scr
C:\WINDOWS\system32\ssmypics.scr
47104 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------

************************************************************
02:24:33: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {407408d4-94ed-4d86-ab69-a7f649d112ee}
Path: %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf [file not found to scan]
----------

************************************************************
02:24:33: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: MHN
Path: %SystemRoot%\System32\mhn.dll
C:\WINDOWS\System32\mhn.dll
85504 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------

************************************************************
02:24:33: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AcerMemUsageCheckService
ImagePath: C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
28672 bytes
Created: 18/08/2008
Modified: 11/05/2006
Company: Acer Inc.
----------
Key: appdrv01
ImagePath: System32\Drivers\appdrv01.sys
C:\WINDOWS\System32\Drivers\appdrv01.sys
2915944 bytes
Created: 12/09/2008
Modified: 12/09/2008
Company: Protection Technology
----------
Key: appdrvrem01
ImagePath: %SystemRoot%\System32\appdrvrem01.exe svc
C:\WINDOWS\System32\appdrvrem01.exe
304528 bytes
Created: 12/09/2008
Modified: 12/09/2008
Company: Protection Technology
----------
Key: ATI Smart
ImagePath: C:\WINDOWS\system32\ati2sgag.exe
C:\WINDOWS\system32\ati2sgag.exe
593920 bytes
Created: 19/08/2008
Modified: 03/07/2008
Company:
----------
Key: ehRecvr
ImagePath: C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehRecvr.exe
237568 bytes
Created: 05/08/2005
Modified: 09/04/2006
Company: Microsoft Corporation
----------
Key: ehSched
ImagePath: C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehSched.exe
103424 bytes
Created: 05/08/2005
Modified: 05/08/2005
Company: Microsoft Corporation
----------
Key: FontCache3.0.0.0
ImagePath: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
36864 bytes
Created: 09/10/2007
Modified: 09/10/2007
Company: Microsoft Corporation
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
138168 bytes
Created: 20/08/2008
Modified: 20/08/2008
Company: Google
----------
Key: HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
144384 bytes
Created: 07/01/2005
Modified: 13/04/2008
Company: Windows (R) Server 2003 DDK provider
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
73728 bytes
Created: 22/10/2004
Modified: 22/10/2004
Company: Macrovision Corporation
----------
Key: idrmkl
ImagePath: \??\C:\DOCUME~1\senez\LOCALS~1\Temp\idrmkl.sys
C:\DOCUME~1\senez\LOCALS~1\Temp\idrmkl.sys [file not found to scan]
----------
Key: idsvc
ImagePath: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
864256 bytes
Created: 11/10/2007
Modified: 11/10/2007
Company: Microsoft Corporation
----------
Key: int15.sys
ImagePath: \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
C:\Acer\Empowering Technology\eRecovery\int15.sys
69632 bytes
Created: 18/08/2008
Modified: 13/01/2005
Company:
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RtkHDAud.sys
C:\WINDOWS\system32\drivers\RtkHDAud.sys
4284928 bytes
Created: 05/06/2006
Modified: 05/06/2006
Company: Realtek Semiconductor Corp.
----------
Key: KLIF
ImagePath: system32\DRIVERS\klif.sys
C:\WINDOWS\system32\DRIVERS\klif.sys
127768 bytes
Created: 10/09/2008
Modified: 19/07/2007
Company: Kaspersky Lab
----------
Key: LightScribeService
ImagePath: "c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
73728 bytes
Created: 17/02/2006
Modified: 17/02/2006
Company: Hewlett-Packard Company
----------
Key: mcdbus
ImagePath: system32\DRIVERS\mcdbus.sys
C:\WINDOWS\system32\DRIVERS\mcdbus.sys [file not found to scan]
----------
Key: McrdSvc
ImagePath: C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
99328 bytes
Created: 05/08/2005
Modified: 05/08/2005
Company: Microsoft Corporation
----------
Key: MHNDRV
ImagePath: system32\DRIVERS\mhndrv.sys
C:\WINDOWS\system32\DRIVERS\mhndrv.sys
11008 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
----------
Key: MRENDIS5
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
18003 bytes
Created: 18/08/2008
Modified: 22/11/2004
Company: Motive, Inc.
----------
Key: NTIDrvr
ImagePath: system32\DRIVERS\NTIDrvr.sys
C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
6144 bytes
Created: 11/08/2006
Modified: 11/08/2006
Company: NewTech Infosystems, Inc.
----------
Key: nvatabus
ImagePath: system32\drivers\nvatabus.sys
C:\WINDOWS\system32\drivers\nvatabus.sys
105088 bytes
Created: 28/06/2006
Modified: 28/06/2006
Company: NVIDIA Corporation
----------
Key: nvraid
ImagePath: system32\drivers\nvraid.sys
C:\WINDOWS\system32\drivers\nvraid.sys
89344 bytes
Created: 28/06/2006
Modified: 28/06/2006
Company: NVIDIA Corporation
----------
Key: psdfilter
ImagePath: \??\C:\WINDOWS\system32\Drivers\psdfilter.sys
C:\WINDOWS\system32\Drivers\psdfilter.sys
12288 bytes
Created: 07/04/2006
Modified: 07/04/2006
Company: HiTRUST
----------
Key: psdvdisk
ImagePath: \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys
C:\WINDOWS\system32\Drivers\psdvdisk.sys
60416 bytes
Created: 08/03/2006
Modified: 08/03/2006
Company: HiTRUST
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: srescan
ImagePath: system32\ZoneLabs\srescan.sys
C:\WINDOWS\system32\ZoneLabs\srescan.sys
51176 bytes
Created: 10/09/2008
Modified: 27/02/2008
Company: Zone Labs, LLC
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{37E16036-57B1-4DB1-B7DA-D0E751BA0E0A}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: UnlockerDriver5
ImagePath: \??\C:\Program Files\Unlocker\UnlockerDriver5.sys
C:\Program Files\Unlocker\UnlockerDriver5.sys
4096 bytes
Created: 02/05/2008
Modified: 02/05/2008
Company:
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: vsdatant
ImagePath: System32\vsdatant.sys
C:\WINDOWS\System32\vsdatant.sys
394952 bytes
Created: 10/09/2008
Modified: 09/07/2008
Company: Zone Labs, LLC
----------
Key: vsmon
ImagePath: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service - this file is globally excluded
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: xusb21
ImagePath: system32\DRIVERS\xusb21.sys
C:\WINDOWS\system32\DRIVERS\xusb21.sys
55808 bytes
Created: 28/08/2007
Modified: 28/08/2007
Company: Microsoft Corporation
----------
Key: yukonwxp
ImagePath: system32\DRIVERS\yk51x86.sys
C:\WINDOWS\system32\DRIVERS\yk51x86.sys
244864 bytes
Created: 29/06/2006
Modified: 29/06/2006
Company: Marvell
----------
Key: ZD1211BU(ZyDAS)
ImagePath: system32\DRIVERS\zd1211Bu.sys
C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
402432 bytes
Created: 28/10/2005
Modified: 28/10/2005
Company: ZyDAS Technology Corporation
----------
Key: ZD1211U(ZyDAS)
ImagePath: system32\DRIVERS\zd1211u.sys
C:\WINDOWS\system32\DRIVERS\zd1211u.sys
280064 bytes
Created: 04/10/2005
Modified: 04/10/2005
Company: ZyDAS Technology Corporation
----------
Key: ZDPSp50
ImagePath: System32\Drivers\ZDPSp50.sys
C:\WINDOWS\System32\Drivers\ZDPSp50.sys
17664 bytes
Created: 25/10/2004
Modified: 25/10/2004
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------

************************************************************
02:24:38: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 18/08/2008
Modified: 28/02/2003
Company:
VxD Key = JAVASUP
----------
----------

************************************************************
02:24:38: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : AtiExtEvent
DLLName: Ati2evxx.dll
C:\WINDOWS\system32\Ati2evxx.dll
139264 bytes
Created: 04/07/2008
Modified: 04/07/2008
Company: ATI Technologies Inc.
----------

************************************************************
02:24:38: Scanning ----- CONTEXTMENUHANDLERS -----
Key: EDSshellExt
CLSID: {29FF7AB0-BE34-4992-A30B-53A9D86EE239}
Path: C:\WINDOWS\system32\eDSshellExt.dll
C:\WINDOWS\system32\eDSshellExt.dll
73728 bytes
Created: 08/03/2006
Modified: 08/03/2006
Company: HiTRUST
----------
Key: ZLAVShExt
CLSID: {D9872D13-7651-4471-9EEE-F0A00218BEBB}
Path: C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
50664 bytes
Created: 10/09/2008
Modified: 09/07/2008
Company: Zone Labs, LLC
----------

************************************************************
02:24:38: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
110592 bytes
Created: 14/12/2004
Modified: 14/12/2004
Company: Adobe Systems, Inc.
----------

************************************************************
02:24:39: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
63136 bytes
Created: 14/12/2004
Modified: 14/12/2004
Company: Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
1562448 bytes
Created: 10/09/2008
Modified: 07/07/2008
Company: Safer Networking Limited
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
184423 bytes
Created: 10/11/2005
Modified: 10/11/2005
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar1.dll
c:\program files\google\googletoolbar1.dll
-R- 2436160 bytes
Created: 20/08/2008
Modified: 20/08/2008
Company: Google Inc.
----------

************************************************************
02:24:39: Scanning ----- SHELLSERVICEOBJECTS -----
Key: msgsmart
CLSID: {203CBB11-B270-5708-F2FA-05C7388D3774}
Path: C:\Program Files\umtjtgf\msgsmart.dll
C:\Program Files\umtjtgf\msgsmart.dll
159744 bytes
Created: 06/10/2008
Modified: 06/10/2008
Company:
----------

************************************************************
02:24:39: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
02:24:39: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
02:24:39: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

************************************************************
02:24:39: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
02:24:39: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
45056 bytes
Created: 18/08/2008
Modified: 01/06/2006
Company: Acer Inc.
Acer Empowering Technology.lnk - links to C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
--------------------
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
745472 bytes
Created: 16/11/2005
Modified: 16/11/2005
Company: X-Micro Technology Corp.
Acer WLAN 11g USB Dongle.lnk - links to C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
--------------------
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
29696 bytes
Created: 14/12/2004
Modified: 14/12/2004
Company: Adobe Systems Incorporated
Adobe Reader Speed Launch.lnk - links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
--------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 11/08/2006
Modified: 11/08/2006
Company:
--------------------
C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
217088 bytes
Created: 18/08/2008
Modified: 03/06/2005
Company: Motive Communications, Inc.
LE COMPAGNON CLUB.lnk - links to C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
02:24:39: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

************************************************************
02:24:39: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
02:24:39: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\senez\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\senez\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created: 18/08/2008
Modified: 07/09/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\senez\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created: 18/08/2008
Modified: 07/09/2008
Company:
----------
Additional checks completed

************************************************************
02:24:46: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[15 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[67 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[28 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[59 loaded modules in total]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
[33 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[53 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[39 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe
[160 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[33 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[37 loaded modules in total]
--------------------
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[no modules loaded]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
[37 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE
[112 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[54 loaded modules in total]
--------------------
C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe
[52 loaded modules in total]
--------------------
C:\WINDOWS\ehome\ehtray.exe
[54 loaded modules in total]
--------------------
C:\WINDOWS\RTHDCPL.EXE
[46 loaded modules in total]
--------------------
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[18 loaded modules in total]
--------------------
C:\WINDOWS\system32\SysMonitor.exe
[47 loaded modules in total]
--------------------
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
[45 loaded modules in total]
--------------------
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[49 loaded modules in total]
--------------------
C:\Program Files\BroadJump\Client Foundation\CFD.exe
[54 loaded modules in total]
--------------------
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
[70 loaded modules in total]
--------------------
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[no modules loaded]
--------------------
C:\WINDOWS\system32\ctfmon.exe
[35 loaded modules in total]
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[63 loaded modules in total]
--------------------
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
[140 loaded modules in total]
--------------------
C:\WINDOWS\system32\odqfchmd.exe
[52 loaded modules in total]
--------------------
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
[42 loaded modules in total]
--------------------
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
[86 loaded modules in total]
--------------------
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
[45 loaded modules in total]
--------------------
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[31 loaded modules in total]
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[61 loaded modules in total]
--------------------
C:\WINDOWS\eHome\ehRecvr.exe
[44 loaded modules in total]
--------------------
C:\WINDOWS\eHome\ehSched.exe
[40 loaded modules in total]
--------------------
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
[18 loaded modules in total]
--------------------
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
[37 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[37 loaded modules in total]
--------------------
C:\WINDOWS\ehome\mcrdsvc.exe
[30 loaded modules in total]
--------------------
C:\WINDOWS\system32\dllhost.exe
[42 loaded modules in total]
--------------------
C:\WINDOWS\eHome\ehmsas.exe
[22 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[34 loaded modules in total]
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
[173 loaded modules in total]
--------------------
C:\WINDOWS\system32\wuauclt.exe
[43 loaded modules in total]
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe
[19 loaded modules in total]
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 2548288
[This is a Trojan Remover component]
[67 loaded modules in total]
--------------------

************************************************************
02:25:26: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
02:25:26: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
02:25:26: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
02:25:26: Scanning ------ %TEMP% DIRECTORY ------
C:\DOCUME~1\senez\LOCALS~1\Temp\~DF5866.tmp appears to be in-use/locked
C:\DOCUME~1\senez\LOCALS~1\Temp\~DF6464.tmp appears to be in-use/locked
C:\DOCUME~1\senez\LOCALS~1\Temp\~DFB1B2.tmp appears to be in-use/locked
C:\DOCUME~1\senez\LOCALS~1\Temp\~DFCC71.tmp appears to be in-use/locked
************************************************************
02:25:27: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
C:\WINDOWS\Temp\ZLT01a17.TMP appears to be in-use/locked
C:\WINDOWS\Temp\ZLT01a17.TMP - file ownership assigned to: ACER-7989E0343A\senez
C:\WINDOWS\Temp\ZLT01a17.TMP - file backed up to C:\WINDOWS\Temp\ZLT01a17.TMP.vir
C:\WINDOWS\Temp\ZLT01a17.TMP - file has been neutralised
C:\WINDOWS\Temp\ZLT01a17.TMP - marked for renaming when the PC is restarted
--------------------
C:\WINDOWS\Temp\ZLT01dfb.TMP appears to be in-use/locked
C:\WINDOWS\Temp\ZLT01dfb.TMP - file ownership assigned to: ACER-7989E0343A\senez
C:\WINDOWS\Temp\ZLT01dfb.TMP - file backed up to C:\WINDOWS\Temp\ZLT01dfb.TMP.vir
C:\WINDOWS\Temp\ZLT01dfb.TMP - file has been neutralised
C:\WINDOWS\Temp\ZLT01dfb.TMP - marked for renaming when the PC is restarted
--------------------
************************************************************
02:25:41: Scanning ------ ROOT DIRECTORY ------

************************************************************
02:25:41: ------ Scan for other files to remove ------
C:\WINDOWS\system32\akttzn.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\akttzn.exe, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\system32\anticipator.dll has been deleted
C:\WINDOWS\system32\awtoolb.dll has been deleted
C:\WINDOWS\system32\bdn.com - process is either not running or could not be terminated
C:\WINDOWS\system32\bdn.com, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\system32\bsva-egihsg52.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\bsva-egihsg52.exe has been deleted
C:\WINDOWS\system32\dpcproxy.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\dpcproxy.exe has been deleted
C:\WINDOWS\system32\emesx.dll has been deleted
C:\WINDOWS\system32\hoproxy.dll has been deleted
C:\WINDOWS\system32\hxiwlgpm.dat has been deleted
C:\WINDOWS\system32\hxiwlgpm.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\hxiwlgpm.exe has been deleted
C:\WINDOWS\system32\medup012.dll has been deleted
C:\WINDOWS\system32\msgp.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\msgp.exe has been deleted
C:\WINDOWS\system32\msnbho.dll has been deleted
C:\WINDOWS\system32\mssecu.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\mssecu.exe has been deleted
C:\WINDOWS\system32\msvchost.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\msvchost.exe has been deleted
C:\WINDOWS\system32\mtr2.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\mtr2.exe has been deleted
C:\WINDOWS\system32\mwin32.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\mwin32.exe has been deleted
C:\WINDOWS\system32\netode.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\netode.exe has been deleted
C:\WINDOWS\system32\newsd32.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\newsd32.exe has been deleted
C:\WINDOWS\system32\ps1.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\ps1.exe has been deleted
C:\WINDOWS\system32\psof1.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\psof1.exe has been deleted
C:\WINDOWS\system32\psoft1.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\psoft1.exe has been deleted
C:\WINDOWS\system32\regc64.dll has been deleted
C:\WINDOWS\system32\regm64.dll has been deleted
C:\WINDOWS\system32\Rundl1.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\Rundl1.exe has been deleted
C:\WINDOWS\system32\smp\msrc.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\smp\msrc.exe has been deleted
C:\WINDOWS\system32\sncntr.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\sncntr.exe has been deleted
C:\WINDOWS\system32\ssurf022.dll has been deleted
C:\WINDOWS\system32\ssvchost.com - process is either not running or could not be terminated
C:\WINDOWS\system32\ssvchost.com has been deleted
C:\WINDOWS\system32\ssvchost.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\ssvchost.exe has been deleted
C:\WINDOWS\system32\sysreq.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\sysreq.exe has been deleted
C:\WINDOWS\system32\taack.dat has been deleted
C:\WINDOWS\system32\taack.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\taack.exe has been deleted
C:\WINDOWS\system32\temp#01.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\temp#01.exe has been deleted
C:\WINDOWS\system32\thun32.dll has been deleted
C:\WINDOWS\system32\thun.dll has been deleted
C:\WINDOWS\system32\VBIEWER.OCX has been deleted
C:\WINDOWS\system32\vbsys2.dll has been deleted
C:\WINDOWS\system32\vcatchpi.dll has been deleted
C:\WINDOWS\system32\winlogonpc.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\winlogonpc.exe has been deleted
C:\WINDOWS\system32\winsystem.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\winsystem.exe has been deleted
C:\WINDOWS\system32\WINWGPX.EXE - process is either not running or could not be terminated
C:\WINDOWS\system32\WINWGPX.EXE has been deleted
----------
42 malware-related files deleted (or marked for deletion)

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
www.google.fr/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl

************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 02:25:43 09 oct. 2008
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
09/10/2008 02:25:47: restart commenced
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Registered to: François Pignon]
Scan started at: 11:49:30 07 oct. 2008
Using Database v7147
Operating System: Windows XP SP3 [Windows XP Media Center Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\senez\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\senez\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
11:49:30: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
11:49:30: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
11:49:30: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
11:49:31: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: ehTray
Value Data: C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehtray.exe
67584 bytes
Created: 05/08/2005
Modified: 29/09/2005
Company: Microsoft Corporation
--------------------
Value Name: LaunchApp
Value Data: Alaunch
Alaunch [file not found to scan]
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7626752 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1519616 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company:
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company: NVIDIA Corporation
--------------------
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
16208384 bytes
Created: 01/06/2006
Modified: 01/06/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: SkyTel
Value Data: SkyTel.EXE
C:\WINDOWS\SkyTel.EXE
2879488 bytes
Created: 16/05/2006
Modified: 16/05/2006
Company: Realtek Semiconductor Corp.
--------------------
Value

14 réponses

Messages postés
194
Date d'inscription
samedi 3 mars 2007
Statut
Membre
Dernière intervention
12 décembre 2018
9
Désolé il y à eu un petit probleme semble t'il


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Registered to: Mais pas si viiiiiiiiite!]
Scan started at: 03:42:55 09 oct. 2008
Using Database v7147
Operating System: Windows XP SP3 [Windows XP Media Center Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\senez\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\senez\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
03:42:55: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
03:42:55: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
03:42:55: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
03:42:56: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: ehTray
Value Data: C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehtray.exe
67584 bytes
Created: 05/08/2005
Modified: 29/09/2005
Company: Microsoft Corporation
--------------------
Value Name: LaunchApp
Value Data: Alaunch
Alaunch [file not found to scan]
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7626752 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1519616 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company:
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company: NVIDIA Corporation
--------------------
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
16208384 bytes
Created: 01/06/2006
Modified: 01/06/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: SkyTel
Value Data: SkyTel.EXE
C:\WINDOWS\SkyTel.EXE
2879488 bytes
Created: 16/05/2006
Modified: 16/05/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
69632 bytes
Created: 03/05/2005
Modified: 03/05/2005
Company: Realtek Semiconductor Corp.
--------------------
Value Name: ntiMUI
Value Data: c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
45056 bytes
Created: 11/05/2005
Modified: 11/05/2005
Company:
--------------------
Value Name:
Value Data:
Blank entry: []
--------------------
Value Name: IMJPMIG8.1
Value Data: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
208952 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
Value Name: IMEKRMIG6.1
Value Data: C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
44032 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
Value Name: MSPY2002
Value Data: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
59392 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company:
--------------------
Value Name: PHIME2002ASync
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
Value Name: PHIME2002A
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SunJavaUpdateSched
Value Data: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
36975 bytes
Created: 18/08/2008
Modified: 10/11/2005
Company: Sun Microsystems, Inc.
--------------------
Value Name: Acer Empowering Technology Monitor
Value Data: C:\WINDOWS\system32\SysMonitor.exe
C:\WINDOWS\system32\SysMonitor.exe
49152 bytes
Created: 18/08/2008
Modified: 18/04/2006
Company:
--------------------
Value Name: eDataSecurity Loader
Value Data: C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
345088 bytes
Created: 17/03/2006
Modified: 17/03/2006
Company: HiTRUST
--------------------
Value Name: eRecoveryService
Value Data: C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
413696 bytes
Created: 18/08/2008
Modified: 01/06/2006
Company: Acer Inc.
--------------------
Value Name: WarReg_PopUp
Value Data: C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run1
C:\Acer\WR_PopUp\WarReg_PopUp.exe
61440 bytes
Created: 18/08/2008
Modified: 23/09/2006
Company: Acer Inc.
--------------------
Value Name: Workflow
Value Data: E:\install\Workflow.exe
E:\install\Workflow.exe [file not found to scan]
--------------------
Value Name: BJCFD
Value Data: C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
376912 bytes
Created: 18/08/2008
Modified: 27/01/2003
Company:
--------------------
Value Name: Motive SmartBridge
Value Data: C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
438359 bytes
Created: 18/08/2008
Modified: 24/08/2005
Company: Motive Communications, Inc.
--------------------
Value Name: DAEMON Tools
Value Data: "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
C:\Program Files\DAEMON Tools\daemon.exe
157592 bytes
Created: 12/11/2006
Modified: 12/11/2006
Company: DT Soft Ltd.
--------------------
Value Name: StartCCC
Value Data: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
61440 bytes
Created: 21/01/2008
Modified: 21/01/2008
Company: Advanced Micro Devices, Inc.
--------------------
Value Name: ZoneAlarm Client
Value Data: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
919016 bytes
Created: 10/09/2008
Modified: 09/07/2008
Company: Zone Labs, LLC
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 24/09/2008
Modified: 19/08/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Value Name: qCRkFMec1d
Value Data: C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe
C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe
73728 bytes
Created: 06/10/2008
Modified: 06/10/2008
Company:
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
68856 bytes
Created: 18/09/2008
Modified: 18/09/2008
Company: Google Inc.
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
Value Name: procweb
Value Data: C:\WINDOWS\system32\odqfchmd.exe
C:\WINDOWS\system32\odqfchmd.exe
98304 bytes
Created: 06/10/2008
Modified: 06/10/2008
Company:
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: SpybotDeletingB8448
Value Data: command /c del "C:\WINDOWS\system32\h@tkeysh@@k.dll"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD7502
Value Data: cmd /c del "C:\WINDOWS\system32\h@tkeysh@@k.dll"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB4506
Value Data: command /c del "C:\WINDOWS\a.bat"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD2261
Value Data: cmd /c del "C:\WINDOWS\a.bat"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB3554
Value Data: command /c del "C:\WINDOWS\base64.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD6343
Value Data: cmd /c del "C:\WINDOWS\base64.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB2433
Value Data: command /c del "C:\WINDOWS\bdn.com"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD1149
Value Data: cmd /c del "C:\WINDOWS\bdn.com"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB5707
Value Data: command /c del "C:\WINDOWS\FVProtect.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD2448
Value Data: cmd /c del "C:\WINDOWS\FVProtect.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB5228
Value Data: command /c del "C:\WINDOWS\iTunesMusic.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD6738
Value Data: cmd /c del "C:\WINDOWS\iTunesMusic.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB7573
Value Data: command /c del "C:\WINDOWS\mssecu.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD9443
Value Data: cmd /c del "C:\WINDOWS\mssecu.exe"
del [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty

************************************************************
03:42:59: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
03:42:59: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
03:43:00: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\ssmypics.scr
C:\WINDOWS\system32\ssmypics.scr
47104 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------

************************************************************
03:43:00: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {407408d4-94ed-4d86-ab69-a7f649d112ee}
Path: %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf [file not found to scan]
----------

************************************************************
03:43:00: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: MHN
Path: %SystemRoot%\System32\mhn.dll
C:\WINDOWS\System32\mhn.dll
85504 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------

************************************************************
03:43:03: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AcerMemUsageCheckService
ImagePath: C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
28672 bytes
Created: 18/08/2008
Modified: 11/05/2006
Company: Acer Inc.
----------
Key: appdrv01
ImagePath: System32\Drivers\appdrv01.sys
C:\WINDOWS\System32\Drivers\appdrv01.sys
2915944 bytes
Created: 12/09/2008
Modified: 12/09/2008
Company: Protection Technology
----------
Key: appdrvrem01
ImagePath: %SystemRoot%\System32\appdrvrem01.exe svc
C:\WINDOWS\System32\appdrvrem01.exe
304528 bytes
Created: 12/09/2008
Modified: 12/09/2008
Company: Protection Technology
----------
Key: ATI Smart
ImagePath: C:\WINDOWS\system32\ati2sgag.exe
C:\WINDOWS\system32\ati2sgag.exe
593920 bytes
Created: 19/08/2008
Modified: 03/07/2008
Company:
----------
Key: ehRecvr
ImagePath: C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehRecvr.exe
237568 bytes
Created: 05/08/2005
Modified: 09/04/2006
Company: Microsoft Corporation
----------
Key: ehSched
ImagePath: C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehSched.exe
103424 bytes
Created: 05/08/2005
Modified: 05/08/2005
Company: Microsoft Corporation
----------
Key: F-Secure Standalone Minifilter
ImagePath: \??\C:\DOCUME~1\senez\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys
C:\DOCUME~1\senez\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys
65024 bytes
Created: 09/10/2008
Modified: 09/10/2008
Company:
----------
Key: FontCache3.0.0.0
ImagePath: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
36864 bytes
Created: 09/10/2007
Modified: 09/10/2007
Company: Microsoft Corporation
----------
Key: fsbl
ImagePath: \??\C:\DOCUME~1\senez\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys
C:\DOCUME~1\senez\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys [file not found to scan]
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
138168 bytes
Created: 20/08/2008
Modified: 20/08/2008
Company: Google
----------
Key: HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
144384 bytes
Created: 07/01/2005
Modified: 13/04/2008
Company: Windows (R) Server 2003 DDK provider
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
73728 bytes
Created: 22/10/2004
Modified: 22/10/2004
Company: Macrovision Corporation
----------
Key: idrmkl
ImagePath: \??\C:\DOCUME~1\senez\LOCALS~1\Temp\idrmkl.sys
C:\DOCUME~1\senez\LOCALS~1\Temp\idrmkl.sys [file not found to scan]
----------
Key: idsvc
ImagePath: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
864256 bytes
Created: 11/10/2007
Modified: 11/10/2007
Company: Microsoft Corporation
----------
Key: int15.sys
ImagePath: \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
C:\Acer\Empowering Technology\eRecovery\int15.sys
69632 bytes
Created: 18/08/2008
Modified: 13/01/2005
Company:
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RtkHDAud.sys
C:\WINDOWS\system32\drivers\RtkHDAud.sys
4284928 bytes
Created: 05/06/2006
Modified: 05/06/2006
Company: Realtek Semiconductor Corp.
----------
Key: KLIF
ImagePath: system32\DRIVERS\klif.sys
C:\WINDOWS\system32\DRIVERS\klif.sys
127768 bytes
Created: 10/09/2008
Modified: 19/07/2007
Company: Kaspersky Lab
----------
Key: LightScribeService
ImagePath: "c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
73728 bytes
Created: 17/02/2006
Modified: 17/02/2006
Company: Hewlett-Packard Company
----------
Key: mcdbus
ImagePath: system32\DRIVERS\mcdbus.sys
C:\WINDOWS\system32\DRIVERS\mcdbus.sys [file not found to scan]
----------
Key: McrdSvc
ImagePath: C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
99328 bytes
Created: 05/08/2005
Modified: 05/08/2005
Company: Microsoft Corporation
----------
Key: MHNDRV
ImagePath: system32\DRIVERS\mhndrv.sys
C:\WINDOWS\system32\DRIVERS\mhndrv.sys
11008 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
----------
Key: MRENDIS5
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
18003 bytes
Created: 18/08/2008
Modified: 22/11/2004
Company: Motive, Inc.
----------
Key: NTIDrvr
ImagePath: system32\DRIVERS\NTIDrvr.sys
C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
6144 bytes
Created: 11/08/2006
Modified: 11/08/2006
Company: NewTech Infosystems, Inc.
----------
Key: nvatabus
ImagePath: system32\drivers\nvatabus.sys
C:\WINDOWS\system32\drivers\nvatabus.sys
105088 bytes
Created: 28/06/2006
Modified: 28/06/2006
Company: NVIDIA Corporation
----------
Key: nvraid
ImagePath: system32\drivers\nvraid.sys
C:\WINDOWS\system32\drivers\nvraid.sys
89344 bytes
Created: 28/06/2006
Modified: 28/06/2006
Company: NVIDIA Corporation
----------
Key: psdfilter
ImagePath: \??\C:\WINDOWS\system32\Drivers\psdfilter.sys
C:\WINDOWS\system32\Drivers\psdfilter.sys
12288 bytes
Created: 07/04/2006
Modified: 07/04/2006
Company: HiTRUST
----------
Key: psdvdisk
ImagePath: \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys
C:\WINDOWS\system32\Drivers\psdvdisk.sys
60416 bytes
Created: 08/03/2006
Modified: 08/03/2006
Company: HiTRUST
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: srescan
ImagePath: system32\ZoneLabs\srescan.sys
C:\WINDOWS\system32\ZoneLabs\srescan.sys
51176 bytes
Created: 10/09/2008
Modified: 27/02/2008
Company: Zone Labs, LLC
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{37E16036-57B1-4DB1-B7DA-D0E751BA0E0A}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: UnlockerDriver5
ImagePath: \??\C:\Program Files\Unlocker\UnlockerDriver5.sys
C:\Program Files\Unlocker\UnlockerDriver5.sys
4096 bytes
Created: 02/05/2008
Modified: 02/05/2008
Company:
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: vsdatant
ImagePath: System32\vsdatant.sys
C:\WINDOWS\System32\vsdatant.sys
394952 bytes
Created: 10/09/2008
Modified: 09/07/2008
Company: Zone Labs, LLC
----------
Key: vsmon
ImagePath: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service - this file is globally excluded
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: xusb21
ImagePath: system32\DRIVERS\xusb21.sys
C:\WINDOWS\system32\DRIVERS\xusb21.sys
55808 bytes
Created: 28/08/2007
Modified: 28/08/2007
Company: Microsoft Corporation
----------
Key: yukonwxp
ImagePath: system32\DRIVERS\yk51x86.sys
C:\WINDOWS\system32\DRIVERS\yk51x86.sys
244864 bytes
Created: 29/06/2006
Modified: 29/06/2006
Company: Marvell
----------
Key: ZD1211BU(ZyDAS)
ImagePath: system32\DRIVERS\zd1211Bu.sys
C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
402432 bytes
Created: 28/10/2005
Modified: 28/10/2005
Company: ZyDAS Technology Corporation
----------
Key: ZD1211U(ZyDAS)
ImagePath: system32\DRIVERS\zd1211u.sys
C:\WINDOWS\system32\DRIVERS\zd1211u.sys
280064 bytes
Created: 04/10/2005
Modified: 04/10/2005
Company: ZyDAS Technology Corporation
----------
Key: ZDPSp50
ImagePath: System32\Drivers\ZDPSp50.sys
C:\WINDOWS\System32\Drivers\ZDPSp50.sys
17664 bytes
Created: 25/10/2004
Modified: 25/10/2004
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------

************************************************************
03:43:10: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 18/08/2008
Modified: 28/02/2003
Company:
VxD Key = JAVASUP
----------
----------

************************************************************
03:43:11: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : AtiExtEvent
DLLName: Ati2evxx.dll
C:\WINDOWS\system32\Ati2evxx.dll
139264 bytes
Created: 04/07/2008
Modified: 04/07/2008
Company: ATI Technologies Inc.
----------

************************************************************
03:43:11: Scanning ----- CONTEXTMENUHANDLERS -----
Key: EDSshellExt
CLSID: {29FF7AB0-BE34-4992-A30B-53A9D86EE239}
Path: C:\WINDOWS\system32\eDSshellExt.dll
C:\WINDOWS\system32\eDSshellExt.dll
73728 bytes
Created: 08/03/2006
Modified: 08/03/2006
Company: HiTRUST
----------
Key: ZLAVShExt
CLSID: {D9872D13-7651-4471-9EEE-F0A00218BEBB}
Path: C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
50664 bytes
Created: 10/09/2008
Modified: 09/07/2008
Company: Zone Labs, LLC
----------

************************************************************
03:43:12: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
110592 bytes
Created: 14/12/2004
Modified: 14/12/2004
Company: Adobe Systems, Inc.
----------

************************************************************
03:43:12: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
63136 bytes
Created: 14/12/2004
Modified: 14/12/2004
Company: Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
1562448 bytes
Created: 10/09/2008
Modified: 07/07/2008
Company: Safer Networking Limited
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
184423 bytes
Created: 10/11/2005
Modified: 10/11/2005
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar1.dll
c:\program files\google\googletoolbar1.dll
-R- 2436160 bytes
Created: 20/08/2008
Modified: 20/08/2008
Company: Google Inc.
----------

************************************************************
03:43:13: Scanning ----- SHELLSERVICEOBJECTS -----
Key: msgsmart
CLSID: {203CBB11-B270-5708-F2FA-05C7388D3774}
Path: C:\Program Files\umtjtgf\msgsmart.dll
C:\Program Files\umtjtgf\msgsmart.dll
159744 bytes
Created: 06/10/2008
Modified: 06/10/2008
Company:
----------

************************************************************
03:43:14: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
03:43:14: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
03:43:14: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

************************************************************
03:43:14: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
03:43:14: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
45056 bytes
Created: 18/08/2008
Modified: 01/06/2006
Company: Acer Inc.
Acer Empowering Technology.lnk - links to C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
--------------------
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
745472 bytes
Created: 16/11/2005
Modified: 16/11/2005
Company: X-Micro Technology Corp.
Acer WLAN 11g USB Dongle.lnk - links to C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
--------------------
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
29696 bytes
Created: 14/12/2004
Modified: 14/12/2004
Company: Adobe Systems Incorporated
Adobe Reader Speed Launch.lnk - links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
--------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 11/08/2006
Modified: 11/08/2006
Company:
--------------------
C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
217088 bytes
Created: 18/08/2008
Modified: 03/06/2005
Company: Motive Communications, Inc.
LE COMPAGNON CLUB.lnk - links to C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
03:43:15: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan

************************************************************
03:43:15: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
03:43:16: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\senez\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\senez\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created: 18/08/2008
Modified: 07/09/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\senez\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created: 18/08/2008
Modified: 07/09/2008
Company:
----------
Additional checks completed

************************************************************
03:43:23: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
--------------------
C:\WINDOWS\eHome\ehRecvr.exe
--------------------
C:\WINDOWS\eHome\ehSched.exe
--------------------
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\ehome\mcrdsvc.exe
--------------------
C:\WINDOWS\system32\dllhost.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe
--------------------
C:\WINDOWS\ehome\ehtray.exe
--------------------
C:\WINDOWS\RTHDCPL.EXE
--------------------
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
--------------------
C:\WINDOWS\eHome\ehmsas.exe
--------------------
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
--------------------
C:\WINDOWS\system32\SysMonitor.exe
--------------------
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
--------------------
C:\Program Files\BroadJump\Client Foundation\CFD.exe
--------------------
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
--------------------
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
--------------------
C:\WINDOWS\system32\odqfchmd.exe
--------------------
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
--------------------
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
--------------------
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
--------------------
C:\Program Files\DAEMON Tools\daemon.exe
--------------------
K:\EASetup.exe
--------------------
C:\WINDOWS\system32\msiexec.exe
--------------------
C:\WINDOWS\system32\msiexec.exe
--------------------
C:\WINDOWS\system32\MsiExec.exe
--------------------
C:\WINDOWS\system32\MsiExec.exe
--------------------
C:\WINDOWS\system32\MsiExec.exe
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 2548288
[This is a Trojan Remover component]
--------------------

************************************************************
03:43:28: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
03:43:28: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
03:43:28: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
www.google.fr/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 03:43:28 09 oct. 2008
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Registered to: Elle est la preuve vivante que les dinosaures
ont vécu sur la Terre]
Scan started at: 03:31:21 09 oct. 2008
Using Database v7147
Operating System: Windows XP SP3 [Windows XP Media Center Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\senez\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\senez\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************

************************************************************
03:31:21: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
03:31:21: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
03:31:21: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
03:31:22: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: ehTray
Value Data: C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehtray.exe
67584 bytes
Created: 05/08/2005
Modified: 29/09/2005
Company: Microsoft Corporation
--------------------
Value Name: LaunchApp
Value Data: Alaunch
Alaunch [file not found to scan]
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7626752 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1519616 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company:
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company: NVIDIA Corporation
--------------------
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
16208384 bytes
Created: 01/06/2006
Modified: 01/06/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: SkyTel
Value Data: SkyTel.EXE
C:\WINDOWS\SkyTel.EXE
2879488 bytes
Created: 16/05/2006
Modified: 16/05/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
69632 bytes
Created: 03/05/2005
Modified: 03/05/2005
Company: Realtek Semiconductor Corp.
--------------------
Value Name: ntiMUI
Value Data: c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
45056 bytes
Created: 11/05/2005
Modified: 11/05/2005
Company:
--------------------
Value Name:
Value Data:
Blank entry: []
--------------------
Value Name: IMJPMIG8.1
Value Data: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
208952 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
Value Name: IMEKRMIG6.1
Value Data: C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
44032 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
Value Name: MSPY2002
Value Data: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
59392 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company:
--------------------
Value Name: PHIME2002ASync
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
Value Name: PHIME2002A
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SunJavaUpdateSched
Value Data: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
36975 bytes
Created: 18/08/2008
Modified: 10/11/2005
Company: Sun Microsystems, Inc.
--------------------
Value Name: Acer Empowering Technology Monitor
Value Data: C:\WINDOWS\system32\SysMonitor.exe
C:\WINDOWS\system32\SysMonitor.exe
49152 bytes
Created: 18/08/2008
Modified: 18/04/2006
Company:
--------------------
Value Name: eDataSecurity Loader
Value Data: C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
345088 bytes
Created: 17/03/2006
Modified: 17/03/2006
Company: HiTRUST
--------------------
Value Name: eRecoveryService
Value Data: C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
413696 bytes
Created: 18/08/2008
Modified: 01/06/2006
Company: Acer Inc.
--------------------
Value Name: WarReg_PopUp
Value Data: C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run1
C:\Acer\WR_PopUp\WarReg_PopUp.exe
61440 bytes
Created: 18/08/2008
Modified: 23/09/2006
Company: Acer Inc.
--------------------
Value Name: Workflow
Value Data: E:\install\Workflow.exe
E:\install\Workflow.exe [file not found to scan]
--------------------
Value Name: BJCFD
Value Data: C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
376912 bytes
Created: 18/08/2008
Modified: 27/01/2003
Company:
--------------------
Value Name: Motive SmartBridge
Value Data: C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
438359 bytes
Created: 18/08/2008
Modified: 24/08/2005
Company: Motive Communications, Inc.
--------------------
Value Name: DAEMON Tools
Value Data: "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
C:\Program Files\DAEMON Tools\daemon.exe
157592 bytes
Created: 12/11/2006
Modified: 12/11/2006
Company: DT Soft Ltd.
--------------------
Value Name: StartCCC
Value Data: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
61440 bytes
Created: 21/01/2008
Modified: 21/01/2008
Company: Advanced Micro Devices, Inc.
--------------------
Value Name: ZoneAlarm Client
Value Data: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
919016 bytes
Created: 10/09/2008
Modified: 09/07/2008
Company: Zone Labs, LLC
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 24/09/2008
Modified: 19/08/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Value Name: qCRkFMec1d
Value Data: C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe
C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe
73728 bytes
Created: 06/10/2008
Modified: 06/10/2008
Company:
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
68856 bytes
Created: 18/09/2008
Modified: 18/09/2008
Company: Google Inc.
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
Value Name: procweb
Value Data: C:\WINDOWS\system32\odqfchmd.exe
C:\WINDOWS\system32\odqfchmd.exe
98304 bytes
Created: 06/10/2008
Modified: 06/10/2008
Company:
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: SpybotDeletingB8448
Value Data: command /c del "C:\WINDOWS\system32\h@tkeysh@@k.dll"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD7502
Value Data: cmd /c del "C:\WINDOWS\system32\h@tkeysh@@k.dll"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB4506
Value Data: command /c del "C:\WINDOWS\a.bat"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD2261
Value Data: cmd /c del "C:\WINDOWS\a.bat"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB3554
Value Data: command /c del "C:\WINDOWS\base64.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD6343
Value Data: cmd /c del "C:\WINDOWS\base64.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB2433
Value Data: command /c del "C:\WINDOWS\bdn.com"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD1149
Value Data: cmd /c del "C:\WINDOWS\bdn.com"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB5707
Value Data: command /c del "C:\WINDOWS\FVProtect.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD2448
Value Data: cmd /c del "C:\WINDOWS\FVProtect.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB5228
Value Data: command /c del "C:\WINDOWS\iTunesMusic.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD6738
Value Data: cmd /c del "C:\WINDOWS\iTunesMusic.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB7573
Value Data: command /c del "C:\WINDOWS\mssecu.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD9443
Value Data: cmd /c del "C:\WINDOWS\mssecu.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB9834
Value Data: command /c del "C:\WINDOWS\winsystem.exe"
command /c del - has a *known* Malware filename: SUSPICIOUS.ENTRY
command /c del "C:\WINDOWS\winsystem.exe" - this registry value has been removed [file not found to scan]
command /c del - marked for renaming when the PC is restarted (if it exists)
--------------------
Value Name: SpybotDeletingD2379
Value Data: cmd /c del "C:\WINDOWS\winsystem.exe"
del - has a *known* Malware filename: SUSPICIOUS.ENTRY
cmd /c del "C:\WINDOWS\winsystem.exe" - this registry value has been removed [file not found to scan]
del - marked for renaming when the PC is restarted (if it exists)
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty

************************************************************
03:31:27: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

************************************************************
03:31:27: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
03:31:28: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\ssmypics.scr
C:\WINDOWS\system32\ssmypics.scr
47104 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------

************************************************************
03:31:28: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {407408d4-94ed-4d86-ab69-a7f649d112ee}
Path: %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf [file not found to scan]
----------

************************************************************
03:31:28: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: MHN
Path: %SystemRoot%\System32\mhn.dll
C:\WINDOWS\System32\mhn.dll
85504 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------

************************************************************
03:31:28: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AcerMemUsageCheckService
ImagePath: C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
28672 bytes
Created: 18/08/2008
Modified: 11/05/2006
Company: Acer Inc.
----------
Key: appdrv01
ImagePath: System32\Drivers\appdrv01.sys
C:\WINDOWS\System32\Drivers\appdrv01.sys
2915944 bytes
Created: 12/09/2008
Modified: 12/09/2008
Company: Protection Technology
----------
Key: appdrvrem01
ImagePath: %SystemRoot%\System32\appdrvrem01.exe svc
C:\WINDOWS\System32\appdrvrem01.exe
304528 bytes
Created: 12/09/2008
Modified: 12/09/2008
Company: Protection Technology
----------
Key: ATI Smart
ImagePath: C:\WINDOWS\system32\ati2sgag.exe
C:\WINDOWS\system32\ati2sgag.exe
593920 bytes
Created: 19/08/2008
Modified: 03/07/2008
Company:
----------
Key: ehRecvr
ImagePath: C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehRecvr.exe
237568 bytes
Created: 05/08/2005
Modified: 09/04/2006
Company: Microsoft Corporation
----------
Key: ehSched
ImagePath: C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehSched.exe
103424 bytes
Created: 05/08/2005
Modified: 05/08/2005
Company: Microsoft Corporation
----------
Key: F-Secure Standalone Minifilter
ImagePath: \??\C:\DOCUME~1\senez\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys
C:\DOCUME~1\senez\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys
65024 bytes
Created: 09/10/2008
Modified: 09/10/2008
Company:
----------
Key: FontCache3.0.0.0
ImagePath: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
36864 bytes
Created: 09/10/2007
Modified: 09/10/2007
Company: Microsoft Corporation
----------
Key: fsbl
ImagePath: \??\C:\DOCUME~1\senez\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys
C:\DOCUME~1\senez\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys [file not found to scan]
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
138168 bytes
Created: 20/08/2008
Modified: 20/08/2008
Company: Google
----------
Key: HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
144384 bytes
Created: 07/01/2005
Modified: 13/04/2008
Company: Windows (R) Server 2003 DDK provider
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
73728 bytes
Created: 22/10/2004
Modified: 22/10/2004
Company: Macrovision Corporation
----------
Key: idrmkl
ImagePath: \??\C:\DOCUME~1\senez\LOCALS~1\Temp\idrmkl.sys
C:\DOCUME~1\senez\LOCALS~1\Temp\idrmkl.sys [file not found to scan]
----------
Key: idsvc
ImagePath: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
864256 bytes
Created: 11/10/2007
Modified: 11/10/2007
Company: Microsoft Corporation
----------
Key: int15.sys
ImagePath: \??\C:\Acer\Empowering T
1
Merci

Quelques mots de remerciements seront grandement appréciés. Ajouter un commentaire

CCM 63858 internautes nous ont dit merci ce mois-ci

Messages postés
25704
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
1 966
re, 

Copie le texte ci-dessous : 

File:: 
C:\WINDOWS\wininit.ini 
C:\WINDOWS\system32\odqfchmd.exe 
C:\WINDOWS\System32\appdrvrem01.exe 
C:\DOCUME~1\senez\LOCALS~1\Temp\idrm­kl.sys 

Folder:: 
C:\Program Files\umtjtgf 
C:\Documents and Settings\All Users\Application Data\yhkdafct 

Registry:: 
[HKEY_CURRENT_USER\SOFTWARE\Microsof­t\Windows\CurrentVersion\Run] 
"procweb"=- 
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] 
"qCRkFMec1d"=- 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] 
"msgsmart"=- 
"{203CBB11-B270-5708-F2FA-05C7388D3774}"=- 

Driver:: 
appdrvrem01 
idrmkl 

Ouvre le Bloc-Notes puis colle le texte copié. 
(Démarrer\Tous les programmes\Accessoires\Bloc notes.) 
Sauvegarde ce fichier sous le nom de CFScript.txt. 

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous : 

http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif 

Cela va relancer Combofix, 

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide. 

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal! 

Ne touche à rien tant que le scan n'est pas terminé. 

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis. 

S'il n'y a pas de rédémarrage, poste quand même les rapports. 

@+ 
-- 
What the heck ?
1
Merci

Quelques mots de remerciements seront grandement appréciés. Ajouter un commentaire

CCM 63858 internautes nous ont dit merci ce mois-ci

Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
400
Louiso,

on continu :

a l´aide de hijack this coche et fix les lignes suivantes :

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab

comment fixer :

Tutoriel d´utilisation (video) : (Merci a Balltrap34 pour cette réalisation)

-> http://perso.orange.fr/rginformatique/section%20virus/demohijack.htm

puis

important :

ta version de acrobat reader n´est pas a jour, tu veux la derniere verion en date alors desinstale ta version par le panneau de configuration / ajoue et suppression de programme

et instale la derniere :

https://get.adobe.com/reader/otherversions/

ou oublie completement acrobat reader et instales foxit plus léger a la place:

https://www.clubic.com/telecharger-fiche13808-foxit-reader.html

et

regarde ce tutorial pour mettre ta console java a jour :

https://www.malekal.com/maintenir-java-adobe-reader-et-le-player-flash-a-jour/

ps : ne te trompes pas; sur la même page il y a aussi le tutoriel de flash...

puis

comme tu as eu la bonne idée de ne pas installer d´antivirus :

Telecharge et instales l'antivirus Antivir Personal Edition Classic :

->https://www.malekal.com/avira-free-security-antivirus-gratuit/

https://www.avira.com/en/prime

Reglages :

en image :

http://speedweb1.free.fr/frames2.php?page=tuto5

mes explications :

une fois antivir ouvert click surconfiguration et coche la case "expert mode" puis sur l´onglet scanner dans la fenetre du dessous tu va voir : rootkit search click sur le petit + pour deployer et coche la case a coté de ton disk dur
ceux qui ne voie pas root kit search : clcik sur le parapluie dans ta barre des tache > dans la fenetre d´antivir click sur local protection click en suite sur scanner
dans la fenetre de droite : tu a rootkit search vers le bas > tu developpe en appuyant sur le petit +
et coche tes disques...
puis click sur configuration en haut a droite; dans la nouvelle fenetre a gauche >scanner > coche "scan all files" et en dessous >scanner priority = High
coche : allow stopping the scanner, comme cela tu peux faire une pause pendant le scan si tu le desir.
puis sur la droite coche les case suivantes :
scan boot sectors of selected drives
scan master boot sectors
scan memory
search foe rootkit before scan
decoche :
ignore off line files
toujours a gauche > scan > deploie > heuristique > macrovirus heuristic = coché et en dessous > win32 heuristic la case coché et high detection level

Je te dis tous ca car j´aimerais que tu performes un scan entier de ta machine a l´aide d´antivir avec les reglages stipulés ci dessus et que tu post le rapport généré ici stp

ps : fais le scan en mode sans echec :

Comment redémarrer en mode sans echec?

Tu redemarre le pc et tapote la touche F8 des le début de l allumage sans t´arrêter.
Une fenêtre sur fond noir va s’ouvrir, tu te déplaces avec les flèches du clavier sur démarrer en mode sans échec puis tape entrée.
Une fois sur le bureau si il n y a pas toutes les couleurs et autres c´est normal!
Ps : si F8 ne marche pas utilise la touche F5.

Post le rapport d´antivir ainsi qu´un nouveau rapport hijack this stp

@+
1
Merci

Quelques mots de remerciements seront grandement appréciés. Ajouter un commentaire

CCM 63858 internautes nous ont dit merci ce mois-ci

Messages postés
194
Date d'inscription
samedi 3 mars 2007
Statut
Membre
Dernière intervention
12 décembre 2018
9
Bonsoir g!rly ,
désolé pour le temps de réponse , appelé d'astreinte , je viens de rentrer !!!
Je fais ce que tu me demande et je pose les Logs.
Merci de ton aide
1
Merci

Quelques mots de remerciements seront grandement appréciés. Ajouter un commentaire

CCM 63858 internautes nous ont dit merci ce mois-ci

Messages postés
194
Date d'inscription
samedi 3 mars 2007
Statut
Membre
Dernière intervention
12 décembre 2018
9
Celui hijackthis


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 03:45:50, on 09/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\odqfchmd.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Program Files\DAEMON Tools\daemon.exe
K:\EASetup.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\msiexec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\WINDOWS\system32\MsiExec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\odqfchmd.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Internet Explorer avec Club-Internet
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run1
O4 - HKLM\..\Run: [Workflow] E:\install\Workflow.exe
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [procweb] C:\WINDOWS\system32\odqfchmd.exe
O4 - HKCU\..\RunOnce: [SpybotDeletingB8448] command /c del "C:\WINDOWS\system32\h@tkeysh@@k.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingD7502] cmd /c del "C:\WINDOWS\system32\h@tkeysh@@k.dll"
O4 - HKCU\..\RunOnce: [SpybotDeletingB4506] command /c del "C:\WINDOWS\a.bat"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2261] cmd /c del "C:\WINDOWS\a.bat"
O4 - HKCU\..\RunOnce: [SpybotDeletingB3554] command /c del "C:\WINDOWS\base64.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6343] cmd /c del "C:\WINDOWS\base64.tmp"
O4 - HKCU\..\RunOnce: [SpybotDeletingB2433] command /c del "C:\WINDOWS\bdn.com"
O4 - HKCU\..\RunOnce: [SpybotDeletingD1149] cmd /c del "C:\WINDOWS\bdn.com"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5707] command /c del "C:\WINDOWS\FVProtect.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD2448] cmd /c del "C:\WINDOWS\FVProtect.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB5228] command /c del "C:\WINDOWS\iTunesMusic.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD6738] cmd /c del "C:\WINDOWS\iTunesMusic.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingB7573] command /c del "C:\WINDOWS\mssecu.exe"
O4 - HKCU\..\RunOnce: [SpybotDeletingD9443] cmd /c del "C:\WINDOWS\mssecu.exe"
O4 - HKLM\..\Policies\Explorer\Run: [qCRkFMec1d] C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS2\Services\Tcpip\..\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS3\Services\Tcpip\..\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140
O21 - SSODL: msgsmart - {203CBB11-B270-5708-F2FA-05C7388D3774} - C:\Program Files\umtjtgf\msgsmart.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
400
Salut Louiso,

Desinstalle spybot car il est touché par l´infection, tu pourras le reinstaller après désinfection...

Puis

Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

Avant d'utiliser ComboFix :

-> Déconnecte toi d'internet et referme les fenêtres de tous les programmes en cours.

-> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix, la protection en temps réel de ton Antivirus et de tes Antispywares, qui peuvent géner fortement la procédure de recherche et de nettoyage de l'outil.

Une fois fait, sur ton bureau double-clic sur Combofix.exe.

- Répond oui au message d'avertissement, pour que le programme commence à procéder à l'analyse du pc.

/!\ Pendant la durée de cette étape, ne te sert pas du pc et n'ouvre aucun programmes.

- En fin de scan il est possible que ComboFix ait besoin de redemarrer le pc pour finaliser la désinfection\recherche, laisses-le faire.

- Un rapport s'ouvrira ensuite dans le bloc notes, ce fichier rapport Combofix.txt, est automatiquement sauvegardé et rangé à C:\Combofix.txt)

-> Réactive la protection en temps réel de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

-> Reviens sur le forum, et copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

-> Tutoriel https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

+

Un nouveau rapport hijack this stp

@+
Messages postés
194
Date d'inscription
samedi 3 mars 2007
Statut
Membre
Dernière intervention
12 décembre 2018
9
Bonjour g!rly ,
tout d'abord merci de ta réponse car là j'ai vraiment besoin d'aide !!!!!
J'ai suivi tes indications et je te met donc les deux log comme convenu.

Log combofix :

ComboFix 08-10-08.02 - senez 2008-10-09 12:35:49.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2644 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\senez\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\smp

.
((((((((((((((((((((((((((((( Fichiers créés du 2008-09-09 au 2008-10-09 ))))))))))))))))))))))))))))))))))))
.

2008-10-09 03:53 . 2008-10-09 03:53 <REP> d-------- C:\Documents and Settings\senez\Application Data\Leadertech
2008-10-09 02:58 . 2008-10-09 02:58 <REP> d-------- C:\Program Files\Trend Micro
2008-10-09 02:30 . 2008-10-09 02:30 <REP> d-------- C:\fsaua.data
2008-10-09 02:13 . 2008-10-09 02:13 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-08 20:19 . 2008-10-08 20:19 <REP> d-------- C:\Program Files\KONAMI
2008-10-08 19:11 . 2008-10-08 19:11 663 --a------ C:\WINDOWS\wininit.ini
2008-10-06 11:30 . 2008-10-06 11:30 <REP> d-------- C:\Program Files\umtjtgf
2008-10-06 11:30 . 2008-10-06 11:30 <REP> d-------- C:\Documents and Settings\All Users\Application Data\yhkdafct
2008-10-06 11:30 . 2008-10-06 11:30 98,304 --a------ C:\WINDOWS\system32\odqfchmd.exe
2008-10-06 02:05 . 2008-10-06 02:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
2008-10-02 20:58 . 2008-10-02 20:58 <REP> d-------- C:\Program Files\Atari
2008-10-01 04:32 . 2008-10-01 04:32 <REP> d-------- C:\Documents and Settings\senez\Application Data\Zylom
2008-10-01 04:31 . 2008-10-01 04:31 <REP> d-------- C:\Program Files\Zylom Games
2008-10-01 04:31 . 2008-10-01 04:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-09-24 19:08 . 2008-09-24 19:10 <REP> d-------- C:\Program Files\Trojan Remover
2008-09-24 19:08 . 2008-09-24 19:08 <REP> d-------- C:\Documents and Settings\senez\Application Data\Simply Super Software
2008-09-24 19:08 . 2008-09-24 19:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-09-24 19:08 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-09-24 19:08 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-09-24 19:08 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-09-24 19:08 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-09-24 19:08 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-09-18 01:22 . 2008-09-18 01:24 <REP> d-------- C:\Program Files\Unlocker
2008-09-18 01:11 . 1996-11-06 12:04 302,592 --a------ C:\WINDOWS\unin040c.exe
2008-09-18 01:10 . 2008-09-18 01:10 <REP> d-------- C:\Documents and Settings\senez\WINDOWS
2008-09-18 01:10 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-09-16 20:32 . 2008-09-16 20:32 <REP> d-------- C:\Program Files\EA Games
2008-09-15 20:14 . 2008-09-15 20:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-09-13 13:41 . 2008-09-13 13:41 <REP> d-------- C:\Documents and Settings\senez\Application Data\Motive
2008-09-12 03:30 . 2008-09-12 03:30 2,915,944 --a------ C:\WINDOWS\system32\drivers\appdrv01.sys
2008-09-12 03:30 . 2008-09-12 03:30 304,528 --a------ C:\WINDOWS\system32\appdrvrem01.exe
2008-09-12 01:31 . 2008-09-12 01:31 <REP> d-------- C:\Documents and Settings\senez\Application Data\XRay Engine
2008-09-12 01:25 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-09-12 01:25 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-09-12 01:25 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-09-12 01:25 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-09-12 01:25 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-09-12 01:25 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-09-12 01:25 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-09-12 01:24 . 2008-09-12 01:24 <REP> d-------- C:\WINDOWS\Logs
2008-09-11 19:05 . 2008-09-11 19:05 <REP> d-------- C:\Documents and Settings\senez\Application Data\InstallShield
2008-09-10 02:11 . 2008-09-10 02:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-10 01:59 . 2008-09-10 02:10 <REP> d-------- C:\Documents and Settings\senez\Application Data\AVGTOOLBAR
2008-09-10 01:25 . 2008-10-09 12:37 3,891,232 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-10 01:25 . 2008-10-09 12:20 46,880 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-10 01:22 . 2008-09-10 01:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-10 01:22 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-09-10 01:22 . 2008-07-09 09:05 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-09-10 01:22 . 2008-07-09 09:05 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-09-10 01:22 . 2008-07-09 09:05 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-09-10 01:22 . 2008-07-09 09:05 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-09-10 01:22 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-09-10 01:22 . 2008-09-10 01:24 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-09-10 01:21 . 2008-09-10 01:21 <REP> d-------- C:\Program Files\Zone Labs
2008-09-10 00:35 . 2008-10-09 12:20 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-10 00:35 . 2008-10-09 12:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 10:19 --------- d-----w C:\Documents and Settings\senez\Application Data\uTorrent
2008-10-09 00:38 2,281,472 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-10-09 00:38 1,533,440 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-10-09 00:21 3,403,264 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-10-08 14:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 18:14 --------- d-----w C:\Documents and Settings\senez\Application Data\PlayFirst
2008-09-15 13:21 1,415,680 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-09-13 11:39 --------- d-----w C:\Documents and Settings\senez\Application Data\dvdcss
2008-09-13 07:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-09-10 00:15 2,034,176 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-09-10 00:15 1,356,800 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-09-09 23:45 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-09-09 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-09 22:13 --------- d-----w C:\Program Files\Project64 1.6
2008-09-03 18:45 --------- d-----w C:\Documents and Settings\senez\Application Data\Alawar
2008-09-03 18:40 --------- d-----w C:\Documents and Settings\senez\Application Data\Mind Control Software
2008-09-03 17:47 --------- d-----w C:\Program Files\Fichiers communs\Sandlot Shared
2008-09-03 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-01 00:47 --------- d-----w C:\Program Files\DivX
2008-08-29 21:46 --------- d-----w C:\Documents and Settings\senez\Application Data\funkitron
2008-08-29 20:34 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-29 10:53 --------- d-----w C:\Program Files\Reference Assemblies
2008-08-29 10:53 --------- d-----w C:\Program Files\MSBuild
2008-08-29 10:49 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-28 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Codemasters
2008-08-28 20:13 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-08-28 20:13 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-08-28 20:13 --------- d-----w C:\Program Files\OpenAL
2008-08-28 01:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-27 12:02 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-27 12:02 --------- d-----w C:\Program Files\Windows Live
2008-08-27 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-27 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-08-27 00:28 --------- d-----w C:\Documents and Settings\senez\Application Data\MSNInstaller
2008-08-21 22:09 --------- d-----w C:\Documents and Settings\senez\Application Data\ATI
2008-08-21 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-08-21 21:04 --------- d-----w C:\Program Files\Lavalys
2008-08-21 06:47 --------- d-----w C:\Documents and Settings\senez\Application Data\CyberLink
2008-08-21 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-20 13:09 --------- d-----w C:\Program Files\uTorrent
2008-08-20 12:46 --------- d-----w C:\Program Files\Google
2008-08-20 12:18 --------- d--h--r C:\Documents and Settings\senez\Application Data\SecuROM
2008-08-19 13:51 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-19 13:51 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-08-19 13:36 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-19 12:25 --------- d-----w C:\Program Files\CCleaner
2008-08-19 12:19 --------- d-----w C:\Program Files\Yahoo!
2008-08-19 12:11 --------- d-----w C:\Program Files\ATI Technologies
2008-08-19 05:01 --------- d-----w C:\Program Files\Windows Plus
2008-08-19 05:01 --------- d-----w C:\Program Files\Services en ligne
2008-08-19 05:01 --------- d-----w C:\Program Files\Oca History Tool
2008-08-19 05:00 --------- d-----w C:\Program Files\NewTech Infosystems
2008-08-19 05:00 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-19 05:00 --------- d-----w C:\Program Files\GemMasterFrench
2008-08-19 05:00 --------- d-----w C:\Program Files\FrenchOtto
2008-08-19 05:00 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2008-08-19 05:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-19 05:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-08-19 05:00 --------- d-----w C:\Program Files\DIFX
2008-08-19 04:59 --------- d-----w C:\Program Files\CyberLink
2008-08-19 04:59 --------- d-----w C:\Program Files\commercial
2008-08-19 04:59 --------- d-----w C:\Program Files\Acer WLAN 11g USB Dongle
2008-08-18 22:30 --------- d-----w C:\Program Files\DAEMON Tools
2008-08-18 22:24 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-18 22:20 --------- d-----w C:\Documents and Settings\senez\Application Data\vlc
2008-08-18 22:19 --------- d-----w C:\Program Files\VideoLAN
2008-08-18 20:50 --------- d-----w C:\Program Files\Motive
2008-08-18 20:50 --------- d-----w C:\Program Files\Fichiers communs\Motive
2008-08-18 20:50 --------- d-----w C:\Program Files\Common Files
2008-08-18 20:50 --------- d-----w C:\Program Files\Club-Internet
2008-08-18 20:47 155,995 ----a-w C:\WINDOWS\java\Packages\ECI44XRR.ZIP
2008-08-18 20:46 --------- d-----w C:\Program Files\BroadJump
2008-08-18 20:22 --------- d-----w C:\Program Files\Java
2008-08-18 20:22 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-18 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"procweb"="C:\WINDOWS\system32\odqfchmd.exe" [2008-10-06 98304]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 7626752]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 86016]
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 49152]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 61440]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 438359]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-19 914512]
"nwiz"="nwiz.exe" [2006-07-12 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"qCRkFMec1d"="C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe" [2008-10-06 73728]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-08-18 45056]
Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
LE COMPAGNON CLUB.lnk - C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2008-08-18 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msgsmart"= {203CBB11-B270-5708-F2FA-05C7388D3774} - C:\Program Files\umtjtgf\msgsmart.dll [2008-10-06 159744]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Jeux\\Flatout Ultimate Carnage\\Fouc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Jeux\\PES 2008\\PES2008.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Jeux\\Race Driver Grid\\GRID.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Jeux\\Stalker\\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\\bin\\xrEngine.exe"=
"D:\\Jeux\\Stalker\\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\\bin\\dedicated\\xrEngine.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41529:TCP"= 41529:TCP:µtorrent TCP
"41529:UDP"= 41529:UDP:µtorrent UDP

R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-09-12 2915944]
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
S2 appdrvrem01;Application Driver Auto Removal Service (01);C:\WINDOWS\System32\appdrvrem01.exe svc [ ]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\senez\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [ ]
S3 fsbl;F-Secure BlackLight Engine Driver;C:\DOCUME~1\senez\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys [ ]
S3 idrmkl;idrmkl;C:\DOCUME~1\senez\LOCALS~1\Temp\idrmkl.sys [ ]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]

*Newly Created Service* - PROCEXP90
.
- - - - ORPHELINS SUPPRIMES - - - -

HKLM-Run-Workflow - E:\install\Workflow.exe


.
------- Examen supplémentaire -------
.
R0 -: HKCU-Main,Start Page = www.google.fr/
R0 -: HKCU-Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
R1 -: HKCU-SearchURL,(Default) = hxxp://www.google.com/search?q=%s
O17 -: HKLM\CCS\Interface\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 12:37:45
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
Heure de fin: 2008-10-09 12:38:37
ComboFix-quarantined-files.txt 2008-10-09 10:38:34

Avant-CF: 13 420 810 240 octets libres
Après-CF: 14,127,308,800 octets libres

266 --- E O F --- 2008-09-11 01:01:53



Log Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:42:19, on 09/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\WINDOWS\system32\odqfchmd.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run1
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [procweb] C:\WINDOWS\system32\odqfchmd.exe
O4 - HKLM\..\Policies\Explorer\Run: [qCRkFMec1d] C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS2\Services\Tcpip\..\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS3\Services\Tcpip\..\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140
O21 - SSODL: msgsmart - {203CBB11-B270-5708-F2FA-05C7388D3774} - C:\Program Files\umtjtgf\msgsmart.dll
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Application Driver Auto Removal Service (01) (appdrvrem01) - Protection Technology - C:\WINDOWS\System32\appdrvrem01.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
400
Salut

je n´arrive pas a poster la suite des operations sur ici.

je vais te communiquer la suite par message privé.

je l´envoie maintenant.

post la suite ici si tu le peux...

@+
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
400
Luiso,

Toptitbal a repêché mon post des oubliettes, tu peux donc continuer :)

Merci toptibal !

ps : quelle rapidité !
Messages postés
194
Date d'inscription
samedi 3 mars 2007
Statut
Membre
Dernière intervention
12 décembre 2018
9
Bonsoir Toptibal ,
merci de ton aide . j'ai suivi tes conseil et j'ai donc les deux logs que je te met ensuite.
Seul petit probleme ,avec Combofix , je n'ai pas eu le message qui apparaît ( Type 1 to continue, or 2 to abort) , le scan c'est lancé directement.
Je fais un petit clin d'oeil par la meme occasion à g!rly qui s'est donné la peine de m'aider.


Log Combofix

ComboFix 08-10-08.05 - senez 2008-10-09 19:58:47.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2577 [GMT 2:00]
Lancé depuis: C:\Documents and Settings\senez\Bureau\ComboFix.exe
Commutateurs utilisés :: C:\Documents and Settings\senez\Bureau\CFScript.txt..txt
* Un nouveau point de restauration a été créé

[COLOR=RED][B]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/B][/COLOR]

FILE ::
C:\DOCUME~1\senez\LOCALS~1\Temp\idrm­kl.sys
C:\WINDOWS\System32\appdrvrem01.exe
C:\WINDOWS\system32\odqfchmd.exe
C:\WINDOWS\wininit.ini
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\yhkdafct
C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe
C:\Program Files\umtjtgf
C:\Program Files\umtjtgf\msgsmart.dll
C:\WINDOWS\System32\appdrvrem01.exe
C:\WINDOWS\system32\odqfchmd.exe
C:\WINDOWS\wininit.ini

.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_APPDRVREM01
-------\Legacy_IDRMKL
-------\Service_appdrvrem01
-------\Service_idrmkl


((((((((((((((((((((((((((((( Fichiers créés du 2008-09-09 au 2008-10-09 ))))))))))))))))))))))))))))))))))))
.

2008-10-09 03:53 . 2008-10-09 03:53 <REP> d-------- C:\Documents and Settings\senez\Application Data\Leadertech
2008-10-09 02:58 . 2008-10-09 02:58 <REP> d-------- C:\Program Files\Trend Micro
2008-10-09 02:30 . 2008-10-09 02:30 <REP> d-------- C:\fsaua.data
2008-10-09 02:13 . 2008-10-09 02:13 <REP> d-------- C:\Program Files\Enigma Software Group
2008-10-08 20:19 . 2008-10-08 20:19 <REP> d-------- C:\Program Files\KONAMI
2008-10-06 02:05 . 2008-10-06 02:05 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment
2008-10-02 20:58 . 2008-10-02 20:58 <REP> d-------- C:\Program Files\Atari
2008-10-01 04:32 . 2008-10-01 04:32 <REP> d-------- C:\Documents and Settings\senez\Application Data\Zylom
2008-10-01 04:31 . 2008-10-01 04:31 <REP> d-------- C:\Program Files\Zylom Games
2008-10-01 04:31 . 2008-10-01 04:31 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Zylom
2008-09-24 19:08 . 2008-09-24 19:10 <REP> d-------- C:\Program Files\Trojan Remover
2008-09-24 19:08 . 2008-09-24 19:08 <REP> d-------- C:\Documents and Settings\senez\Application Data\Simply Super Software
2008-09-24 19:08 . 2008-09-24 19:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Simply Super Software
2008-09-24 19:08 . 2006-05-25 15:52 162,304 --a------ C:\WINDOWS\system32\ztvunrar36.dll
2008-09-24 19:08 . 2003-02-02 20:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-09-24 19:08 . 2005-08-26 01:50 77,312 --a------ C:\WINDOWS\system32\ztvunace26.dll
2008-09-24 19:08 . 2002-03-06 01:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-09-24 19:08 . 2006-06-19 13:01 69,632 --a------ C:\WINDOWS\system32\ztvcabinet.dll
2008-09-18 01:22 . 2008-09-18 01:24 <REP> d-------- C:\Program Files\Unlocker
2008-09-18 01:11 . 1996-11-06 12:04 302,592 --a------ C:\WINDOWS\unin040c.exe
2008-09-18 01:10 . 2008-09-18 01:10 <REP> d-------- C:\Documents and Settings\senez\WINDOWS
2008-09-18 01:10 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-09-16 20:32 . 2008-09-16 20:32 <REP> d-------- C:\Program Files\EA Games
2008-09-15 20:14 . 2008-09-15 20:14 <REP> d-------- C:\Documents and Settings\All Users\Application Data\PlayFirst
2008-09-13 13:41 . 2008-09-13 13:41 <REP> d-------- C:\Documents and Settings\senez\Application Data\Motive
2008-09-12 03:30 . 2008-09-12 03:30 2,915,944 --a------ C:\WINDOWS\system32\drivers\appdrv01.sys
2008-09-12 01:31 . 2008-09-12 01:31 <REP> d-------- C:\Documents and Settings\senez\Application Data\XRay Engine
2008-09-12 01:25 . 2008-05-30 14:11 3,850,760 --a------ C:\WINDOWS\system32\D3DX9_38.dll
2008-09-12 01:25 . 2008-05-30 14:11 1,491,992 --a------ C:\WINDOWS\system32\D3DCompiler_38.dll
2008-09-12 01:25 . 2008-05-30 14:19 507,400 --a------ C:\WINDOWS\system32\XAudio2_1.dll
2008-09-12 01:25 . 2008-05-30 14:11 467,984 --a------ C:\WINDOWS\system32\d3dx10_38.dll
2008-09-12 01:25 . 2008-05-30 14:18 238,088 --a------ C:\WINDOWS\system32\xactengine3_1.dll
2008-09-12 01:25 . 2008-05-30 14:17 65,032 --a------ C:\WINDOWS\system32\XAPOFX1_0.dll
2008-09-12 01:25 . 2008-05-30 14:17 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_4.dll
2008-09-12 01:24 . 2008-09-12 01:24 <REP> d-------- C:\WINDOWS\Logs
2008-09-11 19:05 . 2008-09-11 19:05 <REP> d-------- C:\Documents and Settings\senez\Application Data\InstallShield
2008-09-10 02:11 . 2008-09-10 02:11 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-09-10 01:59 . 2008-09-10 02:10 <REP> d-------- C:\Documents and Settings\senez\Application Data\AVGTOOLBAR
2008-09-10 01:25 . 2008-10-09 20:04 4,055,072 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-09-10 01:25 . 2008-10-09 20:00 49,568 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-09-10 01:22 . 2008-09-10 01:22 <REP> d-------- C:\Documents and Settings\All Users\Application Data\MailFrontier
2008-09-10 01:22 . 2008-07-09 09:05 75,248 --a------ C:\WINDOWS\zllsputility.exe
2008-09-10 01:22 . 2008-07-09 09:05 54,672 --a------ C:\WINDOWS\system32\vsutil_loc040c.dll
2008-09-10 01:22 . 2008-07-09 09:05 42,384 --a------ C:\WINDOWS\zllsputility_loc040c.dll
2008-09-10 01:22 . 2008-07-09 09:05 21,904 --a------ C:\WINDOWS\system32\imsinstall_loc040c.dll
2008-09-10 01:22 . 2008-07-09 09:05 17,808 --a------ C:\WINDOWS\system32\imslsp_install_loc040c.dll
2008-09-10 01:22 . 2004-04-27 04:40 11,264 --a------ C:\WINDOWS\system32\SpOrder.dll
2008-09-10 01:22 . 2008-09-10 01:24 4,212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-09-10 01:21 . 2008-09-10 01:21 <REP> d-------- C:\Program Files\Zone Labs
2008-09-10 00:35 . 2008-10-09 12:20 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-09-10 00:35 . 2008-10-09 12:19 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-10-09 17:57 --------- d-----w C:\Documents and Settings\senez\Application Data\uTorrent
2008-10-09 00:38 2,281,472 ----a-w C:\WINDOWS\Internet Logs\xDB5.tmp
2008-10-09 00:38 1,533,440 ----a-w C:\WINDOWS\Internet Logs\xDB6.tmp
2008-10-09 00:21 3,403,264 ----a-w C:\WINDOWS\Internet Logs\xDB4.tmp
2008-10-08 14:46 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-15 18:14 --------- d-----w C:\Documents and Settings\senez\Application Data\PlayFirst
2008-09-15 13:21 1,415,680 ----a-w C:\WINDOWS\Internet Logs\xDB3.tmp
2008-09-13 11:39 --------- d-----w C:\Documents and Settings\senez\Application Data\dvdcss
2008-09-13 07:13 --------- d-----w C:\Documents and Settings\All Users\Application Data\Motive
2008-09-10 00:15 2,034,176 ----a-w C:\WINDOWS\Internet Logs\xDB1.tmp
2008-09-10 00:15 1,356,800 ----a-w C:\WINDOWS\Internet Logs\xDB2.tmp
2008-09-09 23:45 --------- d-----w C:\Program Files\Fichiers communs\Symantec Shared
2008-09-09 23:45 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-09 22:13 --------- d-----w C:\Program Files\Project64 1.6
2008-09-03 18:45 --------- d-----w C:\Documents and Settings\senez\Application Data\Alawar
2008-09-03 18:40 --------- d-----w C:\Documents and Settings\senez\Application Data\Mind Control Software
2008-09-03 17:47 --------- d-----w C:\Program Files\Fichiers communs\Sandlot Shared
2008-09-03 17:47 --------- d-----w C:\Documents and Settings\All Users\Application Data\Sandlot Games
2008-09-01 00:47 --------- d-----w C:\Program Files\DivX
2008-08-29 21:46 --------- d-----w C:\Documents and Settings\senez\Application Data\funkitron
2008-08-29 20:34 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-08-29 10:53 --------- d-----w C:\Program Files\Reference Assemblies
2008-08-29 10:53 --------- d-----w C:\Program Files\MSBuild
2008-08-29 10:49 --------- d-----w C:\Program Files\MSXML 6.0
2008-08-28 20:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Codemasters
2008-08-28 20:13 444,952 ----a-w C:\WINDOWS\system32\wrap_oal.dll
2008-08-28 20:13 109,080 ----a-w C:\WINDOWS\system32\OpenAL32.dll
2008-08-28 20:13 --------- d-----w C:\Program Files\OpenAL
2008-08-28 01:00 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-27 12:02 --------- dcsh--w C:\Program Files\Fichiers communs\WindowsLiveInstaller
2008-08-27 12:02 --------- d-----w C:\Program Files\Windows Live
2008-08-27 12:00 --------- d-----w C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-08-27 11:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Trymedia
2008-08-27 00:28 --------- d-----w C:\Documents and Settings\senez\Application Data\MSNInstaller
2008-08-21 22:09 --------- d-----w C:\Documents and Settings\senez\Application Data\ATI
2008-08-21 22:09 --------- d-----w C:\Documents and Settings\All Users\Application Data\ATI
2008-08-21 21:04 --------- d-----w C:\Program Files\Lavalys
2008-08-21 06:47 --------- d-----w C:\Documents and Settings\senez\Application Data\CyberLink
2008-08-21 06:46 --------- d-----w C:\Documents and Settings\All Users\Application Data\CyberLink
2008-08-20 13:09 --------- d-----w C:\Program Files\uTorrent
2008-08-20 12:46 --------- d-----w C:\Program Files\Google
2008-08-20 12:18 --------- d--h--r C:\Documents and Settings\senez\Application Data\SecuROM
2008-08-19 13:51 0 ---ha-w C:\WINDOWS\system32\drivers\MsftWdf_Kernel_01005_Coinstaller_Critical.Wdf
2008-08-19 13:51 0 ---ha-w C:\WINDOWS\system32\drivers\Msft_Kernel_xusb21_01005.Wdf
2008-08-19 13:36 107,888 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-08-19 12:25 --------- d-----w C:\Program Files\CCleaner
2008-08-19 12:19 --------- d-----w C:\Program Files\Yahoo!
2008-08-19 12:11 --------- d-----w C:\Program Files\ATI Technologies
2008-08-19 05:01 --------- d-----w C:\Program Files\Windows Plus
2008-08-19 05:01 --------- d-----w C:\Program Files\Services en ligne
2008-08-19 05:01 --------- d-----w C:\Program Files\Oca History Tool
2008-08-19 05:00 --------- d-----w C:\Program Files\NewTech Infosystems
2008-08-19 05:00 --------- d-----w C:\Program Files\microsoft frontpage
2008-08-19 05:00 --------- d-----w C:\Program Files\GemMasterFrench
2008-08-19 05:00 --------- d-----w C:\Program Files\FrenchOtto
2008-08-19 05:00 --------- d-----w C:\Program Files\Fichiers communs\LightScribe
2008-08-19 05:00 --------- d-----w C:\Program Files\Fichiers communs\InstallShield
2008-08-19 05:00 --------- d-----w C:\Program Files\Fichiers communs\Adobe
2008-08-19 05:00 --------- d-----w C:\Program Files\DIFX
2008-08-19 04:59 --------- d-----w C:\Program Files\CyberLink
2008-08-19 04:59 --------- d-----w C:\Program Files\commercial
2008-08-19 04:59 --------- d-----w C:\Program Files\Acer WLAN 11g USB Dongle
2008-08-18 22:30 --------- d-----w C:\Program Files\DAEMON Tools
2008-08-18 22:24 639,224 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-08-18 22:20 --------- d-----w C:\Documents and Settings\senez\Application Data\vlc
2008-08-18 22:19 --------- d-----w C:\Program Files\VideoLAN
2008-08-18 20:50 --------- d-----w C:\Program Files\Motive
2008-08-18 20:50 --------- d-----w C:\Program Files\Fichiers communs\Motive
2008-08-18 20:50 --------- d-----w C:\Program Files\Common Files
2008-08-18 20:50 --------- d-----w C:\Program Files\Club-Internet
2008-08-18 20:47 155,995 ----a-w C:\WINDOWS\java\Packages\ECI44XRR.ZIP
2008-08-18 20:46 --------- d-----w C:\Program Files\BroadJump
2008-08-18 20:22 --------- d-----w C:\Program Files\Java
2008-08-18 20:22 --------- d-----w C:\Program Files\Fichiers communs\Java
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-18 20:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-18 20:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-18 20:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-18 20:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-18 20:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-18 20:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-18 20:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-18 20:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-18 20:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-18 20:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-09 07:05 1,086,952 ----a-w C:\WINDOWS\system32\zpeng24.dll
.

((((((((((((((((((((((((((((( snapshot@2008-10-09_12.38.13.82 )))))))))))))))))))))))))))))))))))))))))
.
+ 2005-10-20 18:02:28 163,328 ----a-w C:\WINDOWS\erdnt\subs\ERDNT.EXE
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-09-18 68856]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-12 7626752]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-12 86016]
"ntiMUI"="c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe" [2005-05-11 45056]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-10 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-10 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-10 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 36975]
"Acer Empowering Technology Monitor"="C:\WINDOWS\system32\SysMonitor.exe" [2006-04-18 49152]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-03-17 345088]
"eRecoveryService"="C:\Acer\Empowering Technology\eRecovery\eRAgent.exe" [2006-06-01 413696]
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-09-23 61440]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 376912]
"Motive SmartBridge"="C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe" [2005-08-24 438359]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-07-09 919016]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-08-19 914512]
"nwiz"="nwiz.exe" [2006-07-12 C:\WINDOWS\system32\nwiz.exe]
"RTHDCPL"="RTHDCPL.EXE" [2006-06-01 C:\WINDOWS\RTHDCPL.exe]
"SkyTel"="SkyTel.EXE" [2006-05-16 C:\WINDOWS\SkyTel.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acer Empowering Technology.lnk - C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe [2008-08-18 45056]
Acer WLAN 11g USB Dongle.lnk - C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe [2005-11-16 745472]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
LE COMPAGNON CLUB.lnk - C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe [2008-08-18 217088]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Jeux\\Flatout Ultimate Carnage\\Fouc.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=
"D:\\Jeux\\PES 2008\\PES2008.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"D:\\Jeux\\Race Driver Grid\\GRID.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"D:\\Jeux\\Stalker\\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\\bin\\xrEngine.exe"=
"D:\\Jeux\\Stalker\\Ñ.Ò.À.Ë.Ê.Å.Ð. - ×èñòîå Íåáî\\bin\\dedicated\\xrEngine.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"41529:TCP"= 41529:TCP:µtorrent TCP
"41529:UDP"= 41529:UDP:µtorrent UDP

R1 appdrv01;Application Driver (01);C:\WINDOWS\system32\Drivers\appdrv01.sys [2008-09-12 2915944]
R3 int15.sys;int15.sys;C:\Acer\Empowering Technology\eRecovery\int15.sys [2005-01-13 69632]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;C:\DOCUME~1\senez\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [ ]
S3 fsbl;F-Secure BlackLight Engine Driver;C:\DOCUME~1\senez\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys [ ]
S3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS);C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2005-10-28 402432]
.
- - - - ORPHELINS SUPPRIMES - - - -

HKCU-Run-procweb - C:\WINDOWS\system32\odqfchmd.exe



**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-10-09 20:02:23
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************
.
------------------------ Autres processus actifs ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\ehome\ehrecvr.exe
C:\WINDOWS\ehome\ehSched.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehmsas.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Heure de fin: 2008-10-09 20:05:44 - La machine a redémarré [senez]
ComboFix-quarantined-files.txt 2008-10-09 18:05:40
ComboFix2.txt 2008-10-09 10:38:38

Avant-CF: 13,345,497,088 octets libres
Après-CF: 13,305,409,536 octets libres

284 --- E O F --- 2008-09-11 01:01:53













Log Hijackthis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:07:55, on 09/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run1
O4 - HKLM\..\Run: [BJCFD] C:\Program Files\BroadJump\Client Foundation\CFD.exe
O4 - HKLM\..\Run: [Motive SmartBridge] C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin Object) - http://download.divx.com/player/DivXBrowserPlugin.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS2\Services\Tcpip\..\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS3\Services\Tcpip\..\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Messages postés
25704
Date d'inscription
samedi 8 juillet 2006
Statut
Contributeur sécurité
Dernière intervention
4 mars 2010
1 966
Bonsoir

C'est g!rly qui va continuer avec toi, je n'ai fait que repêcher le log perdu ;-)
Messages postés
194
Date d'inscription
samedi 3 mars 2007
Statut
Membre
Dernière intervention
12 décembre 2018
9
OK pas de souci , merci pour la repêche ;)
Bonne soirée.
Messages postés
194
Date d'inscription
samedi 3 mars 2007
Statut
Membre
Dernière intervention
12 décembre 2018
9
Bonjour g!rly ,
comme demandé je te met les deux logs .


Log Antivir




Avira AntiVir Personal
Report file date: vendredi 10 octobre 2008 02:22

Scanning for 1673969 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Save mode
Username: senez
Computer name: ACER-7989E0343A

Version information:
BUILD.DAT : 8.1.0.331 16934 Bytes 12/08/2008 11:46:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 08:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 07:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 12:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 07:58:52
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 10:33:34
ANTIVIR1.VDF : 7.0.5.1 8182784 Bytes 24/06/2008 13:54:15
ANTIVIR2.VDF : 7.0.7.12 4066816 Bytes 08/10/2008 00:08:42
ANTIVIR3.VDF : 7.0.7.20 78848 Bytes 09/10/2008 00:08:43
Engineversion : 8.1.1.35
AEVDF.DLL : 8.1.0.5 102772 Bytes 25/02/2008 09:58:21
AESCRIPT.DLL : 8.1.0.76 319867 Bytes 10/10/2008 00:08:47
AESCN.DLL : 8.1.0.23 119156 Bytes 10/07/2008 12:44:49
AERDL.DLL : 8.1.1.2 438644 Bytes 10/10/2008 00:08:47
AEPACK.DLL : 8.1.2.3 364918 Bytes 10/10/2008 00:08:46
AEOFFICE.DLL : 8.1.0.25 196986 Bytes 10/10/2008 00:08:46
AEHEUR.DLL : 8.1.0.59 1438071 Bytes 10/10/2008 00:08:45
AEHELP.DLL : 8.1.0.15 115063 Bytes 10/07/2008 12:44:48
AEGEN.DLL : 8.1.0.36 315764 Bytes 10/10/2008 00:08:44
AEEMU.DLL : 8.1.0.7 430452 Bytes 31/07/2008 08:33:21
AECORE.DLL : 8.1.1.11 172406 Bytes 10/10/2008 00:08:44
AEBB.DLL : 8.1.0.1 53617 Bytes 10/07/2008 12:44:48
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 08:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 09:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 10/10/2008 00:08:43
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 11:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 08:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 12:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 17:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 12:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 12:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 13:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 13:34:37

Configuration settings for the scan:
Jobname..........................: Local Drives
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldrives.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:, D:, F:, G:, H:, I:, E:, J:, K:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: on
Scan all files...................: All files
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: high

Start of the scan: vendredi 10 octobre 2008 02:22

Starting search for hidden objects.
The driver could not be initialized.

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD2
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD3
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.
Master boot sector HD4
[INFO] No virus was found!
[WARNING] System error [21]: Le périphérique n'est pas prêt.

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'D:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] In the drive 'F:\' no data medium is inserted!
Boot sector 'G:\'
[INFO] In the drive 'G:\' no data medium is inserted!
Boot sector 'H:\'
[INFO] In the drive 'H:\' no data medium is inserted!
Boot sector 'I:\'
[INFO] In the drive 'I:\' no data medium is inserted!

Starting to scan the registry.
The registry was scanned ( '78' files ).


Starting the file scan:

Begin scan in 'C:\' <ACER>
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\Documents and Settings\senez\Mes documents\Downloads\MINI-JEUX. lahrech\Home Sweet Home.rar
[0] Archive type: RAR
--> Home Sweet Home\HomeSweetHome_EN.exe
[DETECTION] Contains HEUR/Win32.Virus.Damaged suspicious code
[NOTE] The file was moved to '495ba491.qua'!
C:\QooBox\Quarantine\C\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe.vir
[DETECTION] Is the TR/Obfuscated.GX.2151 Trojan
[NOTE] The file was moved to '494fa8f5.qua'!
C:\QooBox\Quarantine\C\Program Files\umtjtgf\msgsmart.dll.vir
[DETECTION] Is the TR/Obfuscated.GX.2341 Trojan
[NOTE] The file was moved to '4955a8f2.qua'!
C:\QooBox\Quarantine\C\WINDOWS\system32\odqfchmd.exe.vir
[DETECTION] Is the TR/Obfuscated.GX.2321 Trojan
[NOTE] The file was moved to '495fa8e7.qua'!
C:\system volume information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP97\A0019886.exe
[DETECTION] Is the TR/Obfuscated.GX.2151 Trojan
[NOTE] The file was moved to '491eaab8.qua'!
C:\system volume information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP97\A0019887.dll
[DETECTION] Is the TR/Obfuscated.GX.2341 Trojan
[NOTE] The file was moved to '489a8a71.qua'!
C:\system volume information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP97\A0019889.exe
[DETECTION] Is the TR/Obfuscated.GX.2321 Trojan
[NOTE] The file was moved to '491eaaba.qua'!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <MUSIC-JEUX>
D:\Jeux\PES 2008\settings.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '4962ade4.qua'!
D:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP44\A0007451.exe
[DETECTION] Is the TR/Delf.109056 Trojan
[NOTE] The file was moved to '491eb4f4.qua'!
D:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP55\A0007781.exe
[DETECTION] Is the TR/Delf.109056 Trojan
[NOTE] The file was moved to '491eb4f8.qua'!
D:\System Volume Information\_restore{B89CEA26-ECB5-40D8-BB54-F267A162670D}\RP101\A0020175.exe
[DETECTION] Contains HEUR/Malware suspicious code
[NOTE] The detection was classified as suspicious.
[NOTE] The file was moved to '491eb4fd.qua'!
Begin scan in 'F:\'
Search path F:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'G:\'
Search path G:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'H:\'
Search path H:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'I:\'
Search path I:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'E:\'
Search path E:\ could not be opened!
System error [21]: Le périphérique n'est pas prêt.
Begin scan in 'J:\' <Mon disque>
Begin scan in 'K:\' <FIFA09>
K:\Crack\rld-fi9k.exe
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[WARNING] An error has occurred and the file was not deleted. ErrorID: 26003
[WARNING] The file could not be deleted!
[NOTE] Attempting to perform action using the ARK lib.
[NOTE] The driver could not be initialized.
[WARNING] The file could not be marked for deleting after reboot. Error description: Accès refusé.



End of the scan: vendredi 10 octobre 2008 10:42
Used time: 8:20:05 Hour(s)

The scan has been done completely.

14264 Scanning directories
495121 Files were scanned
9 viruses and/or unwanted programs were found
3 Files were classified as suspicious:
0 files were deleted
0 files were repaired
11 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
495107 Files not concerned
8107 Archives were scanned
7 Warnings
12 Notes




Log Hijackthis



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18:56, on 10/10/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\system32\SysMonitor.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.fr/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\WINDOWS\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [LaunchApp] Alaunch
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [ntiMUI] c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\WINDOWS\system32\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
O4 - HKLM\..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run1
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Acer Empowering Technology.lnk = ?
O4 - Global Startup: Acer WLAN 11g USB Dongle.lnk = C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
O4 - Global Startup: LE COMPAGNON CLUB.lnk = C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O17 - HKLM\System\CCS\Services\Tcpip\..\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS1\Services\Tcpip\..\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS2\Services\Tcpip\..\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140
O17 - HKLM\System\CS3\Services\Tcpip\..\{3303F410-97CF-480F-BA5D-6E2587BCAD7E}: NameServer = 86.64.145.140,84.103.237.140
O23 - Service: Memory Check Service (AcerMemUsageCheckService) - Acer Inc. - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Messages postés
18206
Date d'inscription
vendredi 17 août 2007
Statut
Contributeur
Dernière intervention
30 novembre 2014
400
Salut louiso,

C´est pas si mal pour quelqu´un qui n´avait pas d´anti virus... :)

Bien joué pour les mises a jour :)

passe ceci par curiosité : (c´est pas long)

Télécharge Clean:

-> http://www.malekal.com/download/clean.zip

-> Dézippe tout le contenu dans un dossier que tu auras cré au préalable (sur ton bureau par exemple). Double clic sur clean ou clean.cmd choisie l'option 1.

Un rapport va s'ouvrir, copie et colle le contenu sur le forum.

-> pour ceux ou celles qui auraient un doute sur comment deziper un fichier :

http://www.tutopat.com/viewtopic.php?t=933&sid=34215b238376bfb22ef9e8eca9995914

ps : si on te demande d´envoyer un fichier sur le site de malekal ne le fait pas, contente toi de suivre les indications de la fenetre noir (cmd)

@+
Messages postés
194
Date d'inscription
samedi 3 mars 2007
Statut
Membre
Dernière intervention
12 décembre 2018
9
Salut g!rly ,
Merci du compliment ... :-)
En fait , je croyai que Zone alarm ( conseillé par un ami ) faisai aussi office d'antivirus , c'est pourquoi je n'en avai pas !!!
Sinon j'avai déjà utilisé Hijackthis , Combofix ... suite à d'autres infections.
Le pire est que je venai juste de réinstaller le pc cet été avec les cd sauvegarde.
Enfin voilà , je te met le Log de Clean.
Encore merci de ton aide :-)




11/10/2008 a 13:46:28,95

*** Recherche des fichiers dans C:

*** Recherche des fichiers dans C:\WINDOWS\

*** Recherche des fichiers dans C:\WINDOWS\system32

*** Recherche des fichiers dans C:\Program Files
*** Fin du rapport !
jte conseille de telecharger malwarebyte de faire mise a jour et d effectuer un scan complet ! tu verra il est tres efficace et trouve des trucs que les autres trouvent pas , il est simple d emploi et a l avantage de marcher meme dans des cas extremes ou l antivirus ne repond plus!
> aachrys
Salut tout le monde
COmme luoiso jai été infecte par le trojan-spy win32.banker.aiw, ce que jai fait au debut a été de scanner le pc avec hijackthis; jai le rapport que je copie colle apres, pis jai scanne de nouveau mais cette fois avec malware et il ne ma rien detecte, incomprehensible!!! (encore une fois je copie colle les scans)

RAPPORT DE HIJACK

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:15:45, on 15/11/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Acer\Empowering Technology\eDataSecurity\eDSLoader.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Apoint2K\Apoint.exe
C:\Acer\Empowering Technology\eAudio\eAudio.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\acrotray.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\Samsung\PanelMgr\SSMMgr.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Veoh Networks\Veoh\VeohClient.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\Windows\ehome\ehmsas.exe
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Program Files\Apoint2K\Apntex.exe
C:\Acer\Empowering Technology\ACER.EMPOWERING.FRAMEWORK.SUPERVISOR.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\explorer.exe
C:\Users\johnjohn\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://fr.rd.yahoo.com/customize/ycomp/defaults/sp/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://gamespace.daemon-tools.cc/fra/home

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://fr.rd.yahoo.com/customize/ycomp/defaults/su/*https://fr.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [ALaunch] C:\Acer\ALaunch\AlaunchClient.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [PLFSetL] C:\Windows\PLFSetL.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint2K\Apoint.exe
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [SetPanel] C:\Acer\APanel\APanel.cmd
O4 - HKLM\..\Run: [eAudio] "C:\Acer\Empowering Technology\eAudio\eAudio.exe"
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe /autorun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [Veoh] "C:\Program Files\Veoh Networks\Veoh\VeohClient.exe" /VeohHide
O4 - HKCU\..\Run: [dwm] "C:\Users\johnjohn\AppData\Roaming\Google\dwm.exe"
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: OneNote 2007 - Capture d'écran et lancement.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O4 - Global Startup: E_SPSU01.lnk = C:\Windows\System32\spool\drivers\w32x86\3\E_SPSU01.EXE
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: eNetHook.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: ALaunch Service (ALaunchService) - Unknown owner - C:\Acer\ALaunch\ALaunchSvc.exe
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe (file missing)
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe