Cheval de troie et autres!!!
Résolu/Fermé
st ya qc
Messages postés
87
Date d'inscription
vendredi 10 octobre 2008
Statut
Membre
Dernière intervention
13 novembre 2008
-
24 oct. 2008 à 00:22
st ya qc Messages postés 87 Date d'inscription vendredi 10 octobre 2008 Statut Membre Dernière intervention 13 novembre 2008 - 13 nov. 2008 à 01:04
st ya qc Messages postés 87 Date d'inscription vendredi 10 octobre 2008 Statut Membre Dernière intervention 13 novembre 2008 - 13 nov. 2008 à 01:04
A voir également:
- Cheval de troie et autres!!!
- Cheval de troie virus download - Télécharger - Antivirus & Antimalwares
- Html/scrinject.b cheval de troie ✓ - Forum Virus / Sécurité
- Message cheval de troie ✓ - Forum Virus / Sécurité
- Supprimer cheval de troie windows defender - Forum Virus / Sécurité
- Mail menace cheval de troie ✓ - Forum Vos droits sur internet
60 réponses
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
28 oct. 2008 à 02:45
28 oct. 2008 à 02:45
Pourquoi je ne voudrais plus t aider ??!! lol
je pensais que tu faisais l analyse en ligne :s
Si tu dois prendre la version 8 bin prends là
je pensais que tu faisais l analyse en ligne :s
Si tu dois prendre la version 8 bin prends là
st ya qc
Messages postés
87
Date d'inscription
vendredi 10 octobre 2008
Statut
Membre
Dernière intervention
13 novembre 2008
28 oct. 2008 à 03:48
28 oct. 2008 à 03:48
lol ok voici mon rapport antivir si sa peux d aider!!
st ya qc
Messages postés
87
Date d'inscription
vendredi 10 octobre 2008
Statut
Membre
Dernière intervention
13 novembre 2008
28 oct. 2008 à 03:48
28 oct. 2008 à 03:48
Avira AntiVir Personal
Report file date: 27 octobre 2008 21:46
Scanning for 995222 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ORDINATE-E10E10
Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 2008-10-16 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 14:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 01:28:47
ANTIVIR1.VDF : 7.1.0.1 2048 Bytes 2008-10-27 01:29:00
ANTIVIR2.VDF : 7.1.0.2 2048 Bytes 2008-10-27 01:29:00
ANTIVIR3.VDF : 7.1.0.4 38912 Bytes 2008-10-27 01:29:04
Engineversion : 8.2.0.9
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-14 16:05:56
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 2008-10-28 01:29:28
AESCN.DLL : 8.1.1.3 123252 Bytes 2008-10-14 16:05:56
AERDL.DLL : 8.1.1.2 438644 Bytes 2008-09-12 12:06:02
AEPACK.DLL : 8.1.2.4 369014 Bytes 2008-10-14 16:05:56
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 2008-10-28 01:29:25
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 2008-10-28 01:29:23
AEHELP.DLL : 8.1.1.2 115062 Bytes 2008-10-14 16:05:56
AEGEN.DLL : 8.1.0.42 319861 Bytes 2008-10-28 01:29:11
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 16:05:56
AECORE.DLL : 8.1.2.8 172406 Bytes 2008-10-28 01:29:07
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-10-28 01:29:05
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 19:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 27 octobre 2008 21:46
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'dvdtray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '51' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{3FAFF195-A1AC-4F02-804F-DD8451AFDE75}\RP66\A0014408.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
End of the scan: 27 octobre 2008 22:36
Used time: 50:38 Minute(s)
The scan has been done completely.
6688 Scanning directories
276671 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
276667 Files not concerned
7921 Archives were scanned
3 Warnings
1 Notes
Report file date: 27 octobre 2008 21:46
Scanning for 995222 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 3) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: ORDINATE-E10E10
Version information:
BUILD.DAT : 8.2.0.334 16933 Bytes 2008-10-16 14:55:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 2008-06-26 14:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 2008-05-26 13:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 2008-06-12 18:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 2008-05-26 13:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 2008-10-27 01:28:47
ANTIVIR1.VDF : 7.1.0.1 2048 Bytes 2008-10-27 01:29:00
ANTIVIR2.VDF : 7.1.0.2 2048 Bytes 2008-10-27 01:29:00
ANTIVIR3.VDF : 7.1.0.4 38912 Bytes 2008-10-27 01:29:04
Engineversion : 8.2.0.9
AEVDF.DLL : 8.1.0.6 102772 Bytes 2008-10-14 16:05:56
AESCRIPT.DLL : 8.1.1.9 319867 Bytes 2008-10-28 01:29:28
AESCN.DLL : 8.1.1.3 123252 Bytes 2008-10-14 16:05:56
AERDL.DLL : 8.1.1.2 438644 Bytes 2008-09-12 12:06:02
AEPACK.DLL : 8.1.2.4 369014 Bytes 2008-10-14 16:05:56
AEOFFICE.DLL : 8.1.0.29 196988 Bytes 2008-10-28 01:29:25
AEHEUR.DLL : 8.1.0.63 1479032 Bytes 2008-10-28 01:29:23
AEHELP.DLL : 8.1.1.2 115062 Bytes 2008-10-14 16:05:56
AEGEN.DLL : 8.1.0.42 319861 Bytes 2008-10-28 01:29:11
AEEMU.DLL : 8.1.0.9 393588 Bytes 2008-10-14 16:05:56
AECORE.DLL : 8.1.2.8 172406 Bytes 2008-10-28 01:29:07
AEBB.DLL : 8.1.0.3 53618 Bytes 2008-10-14 16:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 2008-07-09 14:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 2008-05-16 15:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 2008-10-28 01:29:05
AVREG.DLL : 8.0.0.1 33537 Bytes 2008-05-09 17:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 2008-02-12 14:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 2008-06-12 18:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 2008-01-22 23:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 2008-06-12 18:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 2008-01-25 18:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 2008-06-12 19:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 2008-06-27 19:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: 27 octobre 2008 21:46
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'hpqimzone.exe' - '1' Module(s) have been scanned
Scan process 'ONENOTEM.EXE' - '1' Module(s) have been scanned
Scan process 'GoogleUpdater.exe' - '1' Module(s) have been scanned
Scan process 'daemon.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'msnmsgr.exe' - '1' Module(s) have been scanned
Scan process 'dvdtray.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'SMax4PNP.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'SMAgent.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'GoogleUpdaterService.exe' - '1' Module(s) have been scanned
Scan process 'CDAC11BA.EXE' - '1' Module(s) have been scanned
Scan process 'a2service.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
36 processes with 36 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '51' files ).
Starting the file scan:
Begin scan in 'C:\'
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\System Volume Information\_restore{3FAFF195-A1AC-4F02-804F-DD8451AFDE75}\RP66\A0014408.dll
[DETECTION] Is the TR/Killav.28714 Trojan
[NOTE] The file was deleted!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
End of the scan: 27 octobre 2008 22:36
Used time: 50:38 Minute(s)
The scan has been done completely.
6688 Scanning directories
276671 Files were scanned
1 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
1 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
3 Files cannot be scanned
276667 Files not concerned
7921 Archives were scanned
3 Warnings
1 Notes
st ya qc
Messages postés
87
Date d'inscription
vendredi 10 octobre 2008
Statut
Membre
Dernière intervention
13 novembre 2008
28 oct. 2008 à 04:09
28 oct. 2008 à 04:09
et bien je ne peux toujours pas faire ca j ai pourtant telecharger explorer 8 mais il me dise la meme chose!!!
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
28 oct. 2008 à 11:09
28 oct. 2008 à 11:09
Salut !!
refais une analyse complete avec malwarebytes en mode sans échec stp
refais une analyse complete avec malwarebytes en mode sans échec stp
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
28 oct. 2008 à 11:09
28 oct. 2008 à 11:09
fais une mise à jour avant !
st ya qc
Messages postés
87
Date d'inscription
vendredi 10 octobre 2008
Statut
Membre
Dernière intervention
13 novembre 2008
4 nov. 2008 à 01:46
4 nov. 2008 à 01:46
salut geoffrey5! dsl pour le delais voici mon rapport de MBAM!
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1356
Windows 5.1.2600 Service Pack 3
2008-11-02 12:43:25
mbam-log-2008-11-02 (12-43-25).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 115491
Temps écoulé: 1 hour(s), 45 minute(s), 9 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1356
Windows 5.1.2600 Service Pack 3
2008-11-02 12:43:25
mbam-log-2008-11-02 (12-43-25).txt
Type de recherche: Examen complet (C:\|)
Eléments examinés: 115491
Temps écoulé: 1 hour(s), 45 minute(s), 9 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
4 nov. 2008 à 03:45
4 nov. 2008 à 03:45
Salut !!
télécharge TrojanRemover à cette adresse, tu auras un tutoriel à ta disposition :
https://www.androidworld.fr/
et poste le rapport stp
télécharge TrojanRemover à cette adresse, tu auras un tutoriel à ta disposition :
https://www.androidworld.fr/
et poste le rapport stp
st ya qc
Messages postés
87
Date d'inscription
vendredi 10 octobre 2008
Statut
Membre
Dernière intervention
13 novembre 2008
6 nov. 2008 à 21:25
6 nov. 2008 à 21:25
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.3.2550. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 15:23:54 06 nov. 2008
Using Database v7191
Operating System: Windows XP SP3 [Windows XP Professional Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Client\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Client\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
Avira AntiVir
************************************************************
************************************************************
15:23:54: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
15:23:54: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
15:23:54: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
15:23:56: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SoundMAXPnP
Value Data: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
790528 bytes
Created: 2007-10-29
Modified: 2003-05-29
Company: Analog Devices, Inc.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 2008-08-18
Modified: 2008-06-10
Company: Sun Microsystems, Inc.
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 2007-11-03
Modified: 2001-07-09
Company: Ahead Software Gmbh
--------------------
Value Name: DVDTray
Value Data: C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
65536 bytes
Created: 2007-11-03
Modified: 2004-09-03
Company: Hewlett-Packard Company
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
266497 bytes
Created: 2008-10-27
Modified: 2008-06-12
Company: Avira GmbH
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
968072 bytes
Created: 2008-11-06
Modified: 2008-10-25
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 2007-10-18
Modified: 2007-10-18
Company: Microsoft Corporation
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
--------------------
Value Name: NBJ
Value Data: "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
1961984 bytes
Created: 2007-11-03
Modified: 2005-07-14
Company: Ahead Software AG
--------------------
Value Name: MSMSGS
Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background
C:\Program Files\Messenger\msmsgs.exe [file not found to scan]
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
490952 bytes
Created: 2008-07-24
Modified: 2008-07-24
Company: DT Soft Ltd
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
************************************************************
15:23:58: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
************************************************************
15:23:58: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
15:23:58: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
15:23:58: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 2006-11-03
Modified: 2006-11-03
Company:
----------
************************************************************
15:23:59: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: 6to4
Path: %SystemRoot%\System32\6to4svc.dll
C:\WINDOWS\System32\6to4svc.dll
100352 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: hpqcxs08
Path: C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
225280 bytes
Created: 2007-01-19
Modified: 2007-01-19
Company: Hewlett-Packard Co.
--------------------
Key: hpqddsvc
Path: C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
131072 bytes
Created: 2007-01-19
Modified: 2007-01-19
Company: Hewlett-Packard Co.
--------------------
Key: Net Driver HPZ12
Path: C:\WINDOWS\system32\HPZinw12.dll
C:\WINDOWS\system32\HPZinw12.dll
43520 bytes
Created: 2006-11-08
Modified: 2006-11-08
Company: Hewlett-Packard
--------------------
Key: NWCWorkstation
Path: %SystemRoot%\System32\nwwks.dll
C:\WINDOWS\System32\nwwks.dll
65536 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
--------------------
Key: Pml Driver HPZ12
Path: C:\WINDOWS\system32\HPZipm12.dll
C:\WINDOWS\system32\HPZipm12.dll
53248 bytes
Created: 2006-11-08
Modified: 2006-11-08
Company: Hewlett-Packard
--------------------
************************************************************
15:24:00: Scanning ----- SERVICES REGISTRY KEYS -----
Key: a2free
ImagePath: "C:\Program Files\a-squared Free\a2service.exe"
C:\Program Files\a-squared Free\a2service.exe
418936 bytes
Created: 2008-10-26
Modified: 2008-10-26
Company: Emsi Software GmbH
----------
Key: ADM8511
ImagePath: system32\DRIVERS\NET8511.SYS
C:\WINDOWS\system32\DRIVERS\NET8511.SYS
24424 bytes
Created: 2006-08-22
Modified: 2000-12-12
Company: ADMtek
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
100224 bytes
Created: 2007-10-29
Modified: 2007-10-29
Company: Andrea Electronics Corporation
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
68865 bytes
Created: 2008-10-27
Modified: 2008-10-15
Company: Avira GmbH
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
151297 bytes
Created: 2008-10-27
Modified: 2008-10-15
Company: Avira GmbH
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
32768 bytes
Created: 2004-07-15
Modified: 2004-07-15
Company: Microsoft Corporation
----------
Key: avgio
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
11840 bytes
Created: 2008-10-27
Modified: 2007-02-27
Company: Avira GmbH
----------
Key: avgntflt
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
52032 bytes
Created: 2008-10-27
Modified: 2008-05-20
Company: Avira GmbH
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\WINDOWS\system32\DRIVERS\avipbb.sys
75072 bytes
Created: 2008-10-27
Modified: 2008-06-27
Company: Avira GmbH
----------
Key: C-DillaCdaC11BA
ImagePath: C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
54784 bytes
Created: 2008-01-07
Modified: 2008-01-07
Company: Macrovision
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\Client\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: CdaC15BA
ImagePath: \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS
C:\WINDOWS\system32\drivers\CdaC15BA.SYS
12464 bytes
Created: 2008-01-07
Modified: 2008-01-07
Company: Macrovision Europe Ltd
----------
Key: EL2000
ImagePath: system32\DRIVERS\EL2K_XP.sys
C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys
147328 bytes
Created: 2003-07-17
Modified: 2007-10-29
Company: 3Com Corporation
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
168432 bytes
Created: 2008-01-24
Modified: 2008-11-01
Company: Google
----------
Key: HPZid412
ImagePath: system32\DRIVERS\HPZid412.sys
C:\WINDOWS\system32\DRIVERS\HPZid412.sys
-R- 49920 bytes
Created: 2007-12-29
Modified: 2006-12-06
Company: HP
----------
Key: HPZipr12
ImagePath: system32\DRIVERS\HPZipr12.sys
C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
-R- 16496 bytes
Created: 2007-12-29
Modified: 2006-12-06
Company: HP
----------
Key: HPZius12
ImagePath: system32\DRIVERS\HPZius12.sys
C:\WINDOWS\system32\DRIVERS\HPZius12.sys
-R- 21568 bytes
Created: 2007-12-29
Modified: 2006-12-06
Company: HP
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: LightScribeService
ImagePath: "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
53248 bytes
Created: 2005-06-20
Modified: 2005-06-20
Company: Hewlett-Packard Company
----------
Key: MidiSyn
ImagePath: system32\drivers\MidiSyn.sys
C:\WINDOWS\system32\drivers\MidiSyn.sys
235100 bytes
Created: 2007-10-29
Modified: 2007-10-29
Company: Analog Devices Inc
----------
Key: NwlnkIpx
ImagePath: system32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
88320 bytes
Created: 2004-08-03
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: system32\DRIVERS\nwlnknb.sys
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 2001-08-28
Modified: 2001-08-28
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: system32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 2001-08-28
Modified: 2001-08-28
Company: Microsoft Corporation
----------
Key: NWRDR
ImagePath: system32\DRIVERS\nwrdr.sys
C:\WINDOWS\system32\DRIVERS\nwrdr.sys
163584 bytes
Created: 2004-08-03
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 2007-08-24
Modified: 2007-08-24
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 2006-10-26
Modified: 2006-10-26
Company: Microsoft Corporation
----------
Key: pcouffin
ImagePath: System32\Drivers\pcouffin.sys
C:\WINDOWS\System32\Drivers\pcouffin.sys
47360 bytes
Created: 2008-04-19
Modified: 2008-04-19
Company: VSO Software
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
578304 bytes
Created: 2007-10-29
Modified: 2003-06-02
Company: Analog Devices, Inc.
----------
Key: SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created: 2007-10-29
Modified: 2002-09-20
Company: Analog Devices, Inc.
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: ssmdrv
ImagePath: system32\DRIVERS\ssmdrv.sys
C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
28352 bytes
Created: 2008-10-27
Modified: 2007-03-01
Company: Avira GmbH
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{0B4CED16-F13D-4913-99D7-F60E56E37D14}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: Tcpip6
ImagePath: system32\DRIVERS\tcpip6.sys
C:\WINDOWS\system32\DRIVERS\tcpip6.sys
225856 bytes
Created: 2004-08-03
Modified: 2008-06-20
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 2007-10-18
Modified: 2007-10-18
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 2007-10-25
Modified: 2007-10-25
Company: Microsoft Corporation
----------
Key: WmBEnum
ImagePath: system32\drivers\WmBEnum.sys
C:\WINDOWS\system32\drivers\WmBEnum.sys
19352 bytes
Created: 2007-09-13
Modified: 2007-09-13
Company: Logitech Inc.
----------
Key: WmFilter
ImagePath: system32\drivers\WmFilter.sys
C:\WINDOWS\system32\drivers\WmFilter.sys
29976 bytes
Created: 2007-09-13
Modified: 2007-09-13
Company: Logitech Inc.
----------
Key: WmVirHid
ImagePath: system32\drivers\WmVirHid.sys
C:\WINDOWS\system32\drivers\WmVirHid.sys
14744 bytes
Created: 2007-09-13
Modified: 2007-09-13
Company: Logitech Inc.
----------
Key: WmXlCore
ImagePath: system32\drivers\WmXlCore.sys
C:\WINDOWS\system32\drivers\WmXlCore.sys
51608 bytes
Created: 2007-09-13
Modified: 2007-09-13
Company: Logitech Inc.
----------
************************************************************
15:24:07: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
************************************************************
15:24:07: Scanning ----- WINLOGON\NOTIFY DLLS -----
************************************************************
15:24:07: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
65793 bytes
Created: 2008-10-27
Modified: 2008-06-12
Company: Avira GmbH
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: WinRAR
CLSID: [empty]
----------
************************************************************
15:24:08: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {9E96C1F5-0EFA-4348-9460-15D6802C70AA}
File: [CLSID does not appear to reference a file]
************************************************************
15:24:08: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 2008-08-18
Modified: 2008-06-10
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 2007-09-20
Modified: 2007-09-20
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar1.dll
c:\program files\google\googletoolbar1.dll
-R- 2582136 bytes
Created: 2008-08-18
Modified: 2008-08-18
Company: Google Inc.
----------
Key: {AE84A6AA-A333-4B92-B276-C11E2212E4FE}
BHO: C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
599472 bytes
Created: 2006-12-15
Modified: 2006-12-15
Company: Hewlett-Packard Co.
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
657904 bytes
Created: 2008-11-01
Modified: 2008-11-01
Company: Google Inc.
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\Windows Live Toolbar\msntb.dll
C:\Program Files\Windows Live Toolbar\msntb.dll
546320 bytes
Created: 2007-10-19
Modified: 2007-10-19
Company: Microsoft Corporation
----------
************************************************************
15:24:08: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 2006-10-18
Modified: 2006-10-18
Company: Microsoft Corporation
----------
************************************************************
15:24:09: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
15:24:09: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
15:24:09: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
15:24:09: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
15:24:09: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 2003-08-07
Modified: 2003-08-07
Company:
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
73728 bytes
Created: 2006-02-10
Modified: 2006-02-10
Company: Hewlett-Packard Development Company, L.P.
Démarrage rapide de HP Photosmart Premier.lnk - links to C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
15:24:10: Scanning ----- SCHEDULED TASKS -----
Taskname: Vérifier les mises à jour de Windows Live Toolbar.job
File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
99856 bytes
Created: 2007-10-19
Modified: 2007-10-19
Company: Microsoft Corporation
Parameters: [blank]
Next Run Time: 2008-11-06 15:37:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
----------
************************************************************
15:24:10: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
15:24:10: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Client\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Client\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
54294 bytes
Created: 2008-01-04
Modified: 2008-11-05
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Client\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
54294 bytes
Created: 2008-01-04
Modified: 2008-11-05
Company:
----------
Additional checks completed
************************************************************
15:24:11: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe - file already scanned
--------------------
C:\Program Files\a-squared Free\a2service.exe - file already scanned
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe - file already scanned
--------------------
C:\WINDOWS\system32\drivers\CDAC11BA.EXE - file already scanned
--------------------
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe - file already scanned
--------------------
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe - file already scanned
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\DAEMON Tools Lite\daemon.exe - file already scanned
--------------------
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe - file already scanned
--------------------
C:\WINDOWS\system32\wuauclt.exe
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe - file already scanned
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
--------------------
C:\Documents and Settings\Client\Application Data\Simply Super Software\Trojan Remover\mtp27.exe
FileSize: 2618232
[This is a Trojan Remover component]
--------------------
--------------------
************************************************************
15:24:13: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
15:24:13: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
15:24:13: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 15:24:13 06 nov. 2008
Total Scan time: 00:00:18
************************************************************
Trojan Remover Ver 6.7.3.2550. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 15:23:54 06 nov. 2008
Using Database v7191
Operating System: Windows XP SP3 [Windows XP Professional Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Client\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Client\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
Avira AntiVir
************************************************************
************************************************************
15:23:54: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
15:23:54: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
15:23:54: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
15:23:56: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SoundMAXPnP
Value Data: C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
790528 bytes
Created: 2007-10-29
Modified: 2003-05-29
Company: Analog Devices, Inc.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 2008-08-18
Modified: 2008-06-10
Company: Sun Microsystems, Inc.
--------------------
Value Name: NeroFilterCheck
Value Data: C:\WINDOWS\system32\NeroCheck.exe
C:\WINDOWS\system32\NeroCheck.exe
155648 bytes
Created: 2007-11-03
Modified: 2001-07-09
Company: Ahead Software Gmbh
--------------------
Value Name: DVDTray
Value Data: C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
65536 bytes
Created: 2007-11-03
Modified: 2004-09-03
Company: Hewlett-Packard Company
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
266497 bytes
Created: 2008-10-27
Modified: 2008-06-12
Company: Avira GmbH
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
968072 bytes
Created: 2008-11-06
Modified: 2008-10-25
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 2007-10-18
Modified: 2007-10-18
Company: Microsoft Corporation
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
--------------------
Value Name: NBJ
Value Data: "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
C:\Program Files\Ahead\Nero BackItUp\NBJ.exe
1961984 bytes
Created: 2007-11-03
Modified: 2005-07-14
Company: Ahead Software AG
--------------------
Value Name: MSMSGS
Value Data: "C:\Program Files\Messenger\msmsgs.exe" /background
C:\Program Files\Messenger\msmsgs.exe [file not found to scan]
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
490952 bytes
Created: 2008-07-24
Modified: 2008-07-24
Company: DT Soft Ltd
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
************************************************************
15:23:58: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
************************************************************
15:23:58: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
15:23:58: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
15:23:58: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 2006-11-03
Modified: 2006-11-03
Company:
----------
************************************************************
15:23:59: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: 6to4
Path: %SystemRoot%\System32\6to4svc.dll
C:\WINDOWS\System32\6to4svc.dll
100352 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: hpqcxs08
Path: C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
225280 bytes
Created: 2007-01-19
Modified: 2007-01-19
Company: Hewlett-Packard Co.
--------------------
Key: hpqddsvc
Path: C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
131072 bytes
Created: 2007-01-19
Modified: 2007-01-19
Company: Hewlett-Packard Co.
--------------------
Key: Net Driver HPZ12
Path: C:\WINDOWS\system32\HPZinw12.dll
C:\WINDOWS\system32\HPZinw12.dll
43520 bytes
Created: 2006-11-08
Modified: 2006-11-08
Company: Hewlett-Packard
--------------------
Key: NWCWorkstation
Path: %SystemRoot%\System32\nwwks.dll
C:\WINDOWS\System32\nwwks.dll
65536 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
--------------------
Key: Pml Driver HPZ12
Path: C:\WINDOWS\system32\HPZipm12.dll
C:\WINDOWS\system32\HPZipm12.dll
53248 bytes
Created: 2006-11-08
Modified: 2006-11-08
Company: Hewlett-Packard
--------------------
************************************************************
15:24:00: Scanning ----- SERVICES REGISTRY KEYS -----
Key: a2free
ImagePath: "C:\Program Files\a-squared Free\a2service.exe"
C:\Program Files\a-squared Free\a2service.exe
418936 bytes
Created: 2008-10-26
Modified: 2008-10-26
Company: Emsi Software GmbH
----------
Key: ADM8511
ImagePath: system32\DRIVERS\NET8511.SYS
C:\WINDOWS\system32\DRIVERS\NET8511.SYS
24424 bytes
Created: 2006-08-22
Modified: 2000-12-12
Company: ADMtek
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
100224 bytes
Created: 2007-10-29
Modified: 2007-10-29
Company: Andrea Electronics Corporation
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
68865 bytes
Created: 2008-10-27
Modified: 2008-10-15
Company: Avira GmbH
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
151297 bytes
Created: 2008-10-27
Modified: 2008-10-15
Company: Avira GmbH
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
32768 bytes
Created: 2004-07-15
Modified: 2004-07-15
Company: Microsoft Corporation
----------
Key: avgio
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
11840 bytes
Created: 2008-10-27
Modified: 2007-02-27
Company: Avira GmbH
----------
Key: avgntflt
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
52032 bytes
Created: 2008-10-27
Modified: 2008-05-20
Company: Avira GmbH
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\WINDOWS\system32\DRIVERS\avipbb.sys
75072 bytes
Created: 2008-10-27
Modified: 2008-06-27
Company: Avira GmbH
----------
Key: C-DillaCdaC11BA
ImagePath: C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
54784 bytes
Created: 2008-01-07
Modified: 2008-01-07
Company: Macrovision
----------
Key: catchme
ImagePath: \??\C:\DOCUME~1\Client\LOCALS~1\Temp\catchme.sys - this file is globally excluded
----------
Key: CdaC15BA
ImagePath: \??\C:\WINDOWS\system32\drivers\CdaC15BA.SYS
C:\WINDOWS\system32\drivers\CdaC15BA.SYS
12464 bytes
Created: 2008-01-07
Modified: 2008-01-07
Company: Macrovision Europe Ltd
----------
Key: EL2000
ImagePath: system32\DRIVERS\EL2K_XP.sys
C:\WINDOWS\system32\DRIVERS\EL2K_XP.sys
147328 bytes
Created: 2003-07-17
Modified: 2007-10-29
Company: 3Com Corporation
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
168432 bytes
Created: 2008-01-24
Modified: 2008-11-01
Company: Google
----------
Key: HPZid412
ImagePath: system32\DRIVERS\HPZid412.sys
C:\WINDOWS\system32\DRIVERS\HPZid412.sys
-R- 49920 bytes
Created: 2007-12-29
Modified: 2006-12-06
Company: HP
----------
Key: HPZipr12
ImagePath: system32\DRIVERS\HPZipr12.sys
C:\WINDOWS\system32\DRIVERS\HPZipr12.sys
-R- 16496 bytes
Created: 2007-12-29
Modified: 2006-12-06
Company: HP
----------
Key: HPZius12
ImagePath: system32\DRIVERS\HPZius12.sys
C:\WINDOWS\system32\DRIVERS\HPZius12.sys
-R- 21568 bytes
Created: 2007-12-29
Modified: 2006-12-06
Company: HP
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150528 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: LightScribeService
ImagePath: "C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
53248 bytes
Created: 2005-06-20
Modified: 2005-06-20
Company: Hewlett-Packard Company
----------
Key: MidiSyn
ImagePath: system32\drivers\MidiSyn.sys
C:\WINDOWS\system32\drivers\MidiSyn.sys
235100 bytes
Created: 2007-10-29
Modified: 2007-10-29
Company: Analog Devices Inc
----------
Key: NwlnkIpx
ImagePath: system32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
88320 bytes
Created: 2004-08-03
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: system32\DRIVERS\nwlnknb.sys
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 2001-08-28
Modified: 2001-08-28
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: system32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 2001-08-28
Modified: 2001-08-28
Company: Microsoft Corporation
----------
Key: NWRDR
ImagePath: system32\DRIVERS\nwrdr.sys
C:\WINDOWS\system32\DRIVERS\nwrdr.sys
163584 bytes
Created: 2004-08-03
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 2007-08-24
Modified: 2007-08-24
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 2006-10-26
Modified: 2006-10-26
Company: Microsoft Corporation
----------
Key: pcouffin
ImagePath: System32\Drivers\pcouffin.sys
C:\WINDOWS\System32\Drivers\pcouffin.sys
47360 bytes
Created: 2008-04-19
Modified: 2008-04-19
Company: VSO Software
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
578304 bytes
Created: 2007-10-29
Modified: 2003-06-02
Company: Analog Devices, Inc.
----------
Key: SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created: 2007-10-29
Modified: 2002-09-20
Company: Analog Devices, Inc.
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: ssmdrv
ImagePath: system32\DRIVERS\ssmdrv.sys
C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
28352 bytes
Created: 2008-10-27
Modified: 2007-03-01
Company: Avira GmbH
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{0B4CED16-F13D-4913-99D7-F60E56E37D14}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: Tcpip6
ImagePath: system32\DRIVERS\tcpip6.sys
C:\WINDOWS\system32\DRIVERS\tcpip6.sys
225856 bytes
Created: 2004-08-03
Modified: 2008-06-20
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 2007-10-18
Modified: 2007-10-18
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 2007-10-25
Modified: 2007-10-25
Company: Microsoft Corporation
----------
Key: WmBEnum
ImagePath: system32\drivers\WmBEnum.sys
C:\WINDOWS\system32\drivers\WmBEnum.sys
19352 bytes
Created: 2007-09-13
Modified: 2007-09-13
Company: Logitech Inc.
----------
Key: WmFilter
ImagePath: system32\drivers\WmFilter.sys
C:\WINDOWS\system32\drivers\WmFilter.sys
29976 bytes
Created: 2007-09-13
Modified: 2007-09-13
Company: Logitech Inc.
----------
Key: WmVirHid
ImagePath: system32\drivers\WmVirHid.sys
C:\WINDOWS\system32\drivers\WmVirHid.sys
14744 bytes
Created: 2007-09-13
Modified: 2007-09-13
Company: Logitech Inc.
----------
Key: WmXlCore
ImagePath: system32\drivers\WmXlCore.sys
C:\WINDOWS\system32\drivers\WmXlCore.sys
51608 bytes
Created: 2007-09-13
Modified: 2007-09-13
Company: Logitech Inc.
----------
************************************************************
15:24:07: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
************************************************************
15:24:07: Scanning ----- WINLOGON\NOTIFY DLLS -----
************************************************************
15:24:07: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
65793 bytes
Created: 2008-10-27
Modified: 2008-06-12
Company: Avira GmbH
----------
Key: ShellExtension
CLSID: [empty]
----------
Key: WinRAR
CLSID: [empty]
----------
************************************************************
15:24:08: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {9E96C1F5-0EFA-4348-9460-15D6802C70AA}
File: [CLSID does not appear to reference a file]
************************************************************
15:24:08: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 2008-08-18
Modified: 2008-06-10
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 2007-09-20
Modified: 2007-09-20
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar1.dll
c:\program files\google\googletoolbar1.dll
-R- 2582136 bytes
Created: 2008-08-18
Modified: 2008-08-18
Company: Google Inc.
----------
Key: {AE84A6AA-A333-4B92-B276-C11E2212E4FE}
BHO: C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
C:\Program Files\HP\Smart Web Printing\SmartWebPrinting.dll
599472 bytes
Created: 2006-12-15
Modified: 2006-12-15
Company: Hewlett-Packard Co.
----------
Key: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
BHO: C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
657904 bytes
Created: 2008-11-01
Modified: 2008-11-01
Company: Google Inc.
----------
Key: {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
BHO: C:\Program Files\Windows Live Toolbar\msntb.dll
C:\Program Files\Windows Live Toolbar\msntb.dll
546320 bytes
Created: 2007-10-19
Modified: 2007-10-19
Company: Microsoft Corporation
----------
************************************************************
15:24:08: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 2004-08-19
Modified: 2008-04-13
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 2006-10-18
Modified: 2006-10-18
Company: Microsoft Corporation
----------
************************************************************
15:24:09: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
15:24:09: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
15:24:09: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
15:24:09: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
15:24:09: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 2003-08-07
Modified: 2003-08-07
Company:
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
73728 bytes
Created: 2006-02-10
Modified: 2006-02-10
Company: Hewlett-Packard Development Company, L.P.
Démarrage rapide de HP Photosmart Premier.lnk - links to C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
15:24:10: Scanning ----- SCHEDULED TASKS -----
Taskname: Vérifier les mises à jour de Windows Live Toolbar.job
File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
99856 bytes
Created: 2007-10-19
Modified: 2007-10-19
Company: Microsoft Corporation
Parameters: [blank]
Next Run Time: 2008-11-06 15:37:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
----------
************************************************************
15:24:10: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
15:24:10: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Client\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Client\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
54294 bytes
Created: 2008-01-04
Modified: 2008-11-05
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Client\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
54294 bytes
Created: 2008-01-04
Modified: 2008-11-05
Company:
----------
Additional checks completed
************************************************************
15:24:11: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe - file already scanned
--------------------
C:\Program Files\a-squared Free\a2service.exe - file already scanned
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe - file already scanned
--------------------
C:\WINDOWS\system32\drivers\CDAC11BA.EXE - file already scanned
--------------------
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe - file already scanned
--------------------
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe - file already scanned
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\DAEMON Tools Lite\daemon.exe - file already scanned
--------------------
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
--------------------
C:\Program Files\HP\Digital Imaging\bin\hpqimzone.exe
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe - file already scanned
--------------------
C:\WINDOWS\system32\wuauclt.exe
--------------------
C:\Program Files\Windows Live\Messenger\msnmsgr.exe - file already scanned
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
--------------------
C:\Documents and Settings\Client\Application Data\Simply Super Software\Trojan Remover\mtp27.exe
FileSize: 2618232
[This is a Trojan Remover component]
--------------------
--------------------
************************************************************
15:24:13: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
15:24:13: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
15:24:13: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 15:24:13 06 nov. 2008
Total Scan time: 00:00:18
************************************************************
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
6 nov. 2008 à 21:54
6 nov. 2008 à 21:54
Salut !!
maintenant fais ceci stp :
▶ Telecharge UsbFix sur ton bureau
▶ Lance l installation avec les parametres par default
▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
▶ Double clic sur le raccourci UsbFix sur ton bureau
▶ Le pc va redémarer
▶ Apres redémarrage post le rapport UsbFix.txt
* Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
* Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" ,
"Nouvelle tâche" , tapes explorer.exe et valides
maintenant fais ceci stp :
▶ Telecharge UsbFix sur ton bureau
▶ Lance l installation avec les parametres par default
▶ Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
▶ Double clic sur le raccourci UsbFix sur ton bureau
▶ Le pc va redémarer
▶ Apres redémarrage post le rapport UsbFix.txt
* Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
* Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" ,
"Nouvelle tâche" , tapes explorer.exe et valides
st ya qc
Messages postés
87
Date d'inscription
vendredi 10 octobre 2008
Statut
Membre
Dernière intervention
13 novembre 2008
6 nov. 2008 à 22:03
6 nov. 2008 à 22:03
BRANCHER mes sources de donnees externe a mon pc??
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
6 nov. 2008 à 22:16
6 nov. 2008 à 22:16
(clé USB, disque dur externe, etc...)
st ya qc
Messages postés
87
Date d'inscription
vendredi 10 octobre 2008
Statut
Membre
Dernière intervention
13 novembre 2008
6 nov. 2008 à 22:53
6 nov. 2008 à 22:53
j ai pas de cle USB et bon voila en fait je comprend vraiment pas desole!!!
et pour disque dur externe ?? je connais seulement mon disque c lol!!
et pour disque dur externe ?? je connais seulement mon disque c lol!!
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
6 nov. 2008 à 23:06
6 nov. 2008 à 23:06
ok alors lance le sans rien brancher lol
st ya qc
Messages postés
87
Date d'inscription
vendredi 10 octobre 2008
Statut
Membre
Dernière intervention
13 novembre 2008
7 nov. 2008 à 00:21
7 nov. 2008 à 00:21
ok il me dise que ...
le répertoire destination n'existe pas. Voulez vous le creer
je fais oui?
le répertoire destination n'existe pas. Voulez vous le creer
je fais oui?
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
7 nov. 2008 à 00:30
7 nov. 2008 à 00:30
oui
st ya qc
Messages postés
87
Date d'inscription
vendredi 10 octobre 2008
Statut
Membre
Dernière intervention
13 novembre 2008
7 nov. 2008 à 01:23
7 nov. 2008 à 01:23
-------------- UsbFix V2.395 ---------------
* User : Client - ORDINATE-E10E10
* Outils mis a jours le 06/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 19:19:33 le 2008-11-06
* Windows Xp - Internet Explorer 8.0.6001.18241
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\DOCUME~1\Client\LOCALS~1\Temp\1.tmp\b2e.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
DVDTray REG_SZ C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
TrojanScanner REG_SZ C:\Program Files\Trojan Remover\Trjscan.exe /boot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\avp6_post_uninstall
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
NBJ REG_SZ "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81e183ce-94bf-11dd-8e41-000c6e407e8f}\Shell\AutoRun\command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - [2008-02-09 14:12] C:\WINDOWS\system32\tmp.txt
--------------- [ Listing des fichiers présents ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[2003-08-07 20:28][--a--c---] C:\AUTOEXEC.BAT
[2004-08-03 17:38][-rahs----] C:\NTDETECT.COM
[2008-08-17 15:40][---hsc---] C:\boot.ini
--------------- ! Fin du rapport ! ----------------
* User : Client - ORDINATE-E10E10
* Outils mis a jours le 06/11/2008 par Chiquitine29 et Chimay8
* Recherche effectuée à 19:19:33 le 2008-11-06
* Windows Xp - Internet Explorer 8.0.6001.18241
--------------- [ Processus actifs ] ----------------
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avwsc.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\WgaTray.exe
C:\DOCUME~1\Client\LOCALS~1\Temp\1.tmp\b2e.exe
--------------- [ Informations lecteurs ] ----------------
C: - Lecteur fixe
--------------- [ Registre / Startup ] ----------------
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
SoundMAXPnP REG_SZ C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
SunJavaUpdateSched REG_SZ "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
NeroFilterCheck REG_SZ C:\WINDOWS\system32\NeroCheck.exe
DVDTray REG_SZ C:\Program Files\Ahead\ODD Toolkit\DVDTray.exe
avgnt REG_SZ "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
TrojanScanner REG_SZ C:\Program Files\Trojan Remover\Trjscan.exe /boot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\avp6_post_uninstall
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MsnMsgr REG_SZ "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
NBJ REG_SZ "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
MSMSGS REG_SZ "C:\Program Files\Messenger\msmsgs.exe" /background
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
--------------- [ Registre / Mountpoint2 ] ----------------
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{81e183ce-94bf-11dd-8e41-000c6e407e8f}\Shell\AutoRun\command
--------------- [ Nettoyage des disques ] ----------------
Supprimé ! - [2008-02-09 14:12] C:\WINDOWS\system32\tmp.txt
--------------- [ Listing des fichiers présents ] ----------------
-> /!\ Le resultat doit etre interprété par un spécialiste /!\
[2003-08-07 20:28][--a--c---] C:\AUTOEXEC.BAT
[2004-08-03 17:38][-rahs----] C:\NTDETECT.COM
[2008-08-17 15:40][---hsc---] C:\boot.ini
--------------- ! Fin du rapport ! ----------------
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
7 nov. 2008 à 10:10
7 nov. 2008 à 10:10
Salut !!
maintenant fais ceci stp :
▶ Télécharge RAV Antivirus (d'Evosla)
▶ Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
▶ Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
▶ Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
▶ Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
▶ Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
▶ Retire tes disques amovibles et redémarrez votre ordinateur.
▶ Poste le rapport, si infection!
maintenant fais ceci stp :
▶ Télécharge RAV Antivirus (d'Evosla)
▶ Si tu as une clé USB, disque dur externe, etc, branche-les sans les ouvrir avant de lancer ce FIX
▶ Fais un clic droit sur le fichier .ZIP > Extraire sur > le Bureau
▶ Doucle-clique sur >> RAV.exe << afin de lancer l'outil.
▶ Une fois RAV ANTIVIRUS lancé, laisse-le réagir , il scanne automatiquement tout les lecteurs (disques fixes et amovibles)
▶ Si infection > un log s'établira, sinon le soft affichera (très rapide) ==>Votre Ordinateur est sain .
▶ Retire tes disques amovibles et redémarrez votre ordinateur.
▶ Poste le rapport, si infection!
st ya qc
Messages postés
87
Date d'inscription
vendredi 10 octobre 2008
Statut
Membre
Dernière intervention
13 novembre 2008
8 nov. 2008 à 23:57
8 nov. 2008 à 23:57
salut geoffrey5!
il na pas decouvert d infection (ligne bleu de gauche a droite) !!
et comment aller a disque amovible pour retirer?? merci!!
il na pas decouvert d infection (ligne bleu de gauche a droite) !!
et comment aller a disque amovible pour retirer?? merci!!
geoffrey5
Messages postés
13732
Date d'inscription
dimanche 20 mai 2007
Statut
Contributeur sécurité
Dernière intervention
21 mai 2010
10
9 nov. 2008 à 13:40
9 nov. 2008 à 13:40
Salut !!
▶ Télécharge Combofix de sUBs
▶ et enregistre le sur le Bureau.
▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
ensuite envois le rapport et refais un nouveau rapport hijackthis stp
▶ Télécharge Combofix de sUBs
▶ et enregistre le sur le Bureau.
▶ désactive tes protections et ferme toutes tes applications(antivirus, parefeu, garde en temps réel de l'antispyware)
Voici le tutoriel officiel de Bleeping Computer pour savoir l utiliser :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
ensuite envois le rapport et refais un nouveau rapport hijackthis stp