|
|
|
|
Bonsoir à tous ,
comme le dit le titre je suis infecté par le trojan : Trojan-Spy.Win32.GreenScreen !!!!!!!!
J'ai utiliser Ccleaner , Spybot , Trojan Remover mais rien à faire , pas possible de le supprimer.
J'ai donc fait un scan avec Hijackthis afin de soliciter votre aide.
Je vous met donc le log de Hijackthis ( ainsi que celui de Trojan Remover au cas où ça pourrai aider ).
En vous remerçiant d'avance , bonne soirée .
Louiso.
Log Trojan Remover :
***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
09/10/2008 02:27:11: Trojan Remover has been restarted
C:\WINDOWS\Temp\ZLT01a17.TMP has been renamed to C:\WINDOWS\Temp\ZLT01a17.TMP.vir
C:\WINDOWS\Temp\ZLT01dfb.TMP has been renamed to C:\WINDOWS\Temp\ZLT01dfb.TMP.vir
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\[SpybotDeletingA4293] - already deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\[SpybotDeletingC6792] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\[SpybotDeletingB9834] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce\[SpybotDeletingD2379] - already deleted
=======================================================
Unable to rename command /c del to command /c del .vir
(command /c del does not appear to exist)
Unable to rename del to del .vir
(del does not appear to exist)
09/10/2008 02:27:11: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Registered to: Vous en voulez un morceau ?
Non merci, j'ai déjà la diarhée]
Scan started at: 02:24:05 09 oct. 2008
Using Database v7147
Operating System: Windows XP SP3 [Windows XP Media Center Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\senez\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\senez\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
************************************************************
02:24:05: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
02:24:05: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
02:24:05: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
02:24:06: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: ehTray
Value Data: C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehtray.exe
67584 bytes
Created: 05/08/2005
Modified: 29/09/2005
Company: Microsoft Corporation
--------------------
Value Name: LaunchApp
Value Data: Alaunch
Alaunch [file not found to scan]
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7626752 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1519616 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company:
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company: NVIDIA Corporation
--------------------
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
16208384 bytes
Created: 01/06/2006
Modified: 01/06/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: SkyTel
Value Data: SkyTel.EXE
C:\WINDOWS\SkyTel.EXE
2879488 bytes
Created: 16/05/2006
Modified: 16/05/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
69632 bytes
Created: 03/05/2005
Modified: 03/05/2005
Company: Realtek Semiconductor Corp.
--------------------
Value Name: ntiMUI
Value Data: c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
c:\Program Files\NewTech Infosystems\NTI CD & DVD-Maker 7\ntiMUI.exe
45056 bytes
Created: 11/05/2005
Modified: 11/05/2005
Company:
--------------------
Value Name:
Value Data:
Blank entry: []
--------------------
Value Name: IMJPMIG8.1
Value Data: "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE
208952 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
Value Name: IMEKRMIG6.1
Value Data: C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
44032 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
Value Name: MSPY2002
Value Data: C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe
59392 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company:
--------------------
Value Name: PHIME2002ASync
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
Value Name: PHIME2002A
Value Data: C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE
455168 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SunJavaUpdateSched
Value Data: C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
36975 bytes
Created: 18/08/2008
Modified: 10/11/2005
Company: Sun Microsystems, Inc.
--------------------
Value Name: Acer Empowering Technology Monitor
Value Data: C:\WINDOWS\system32\SysMonitor.exe
C:\WINDOWS\system32\SysMonitor.exe
49152 bytes
Created: 18/08/2008
Modified: 18/04/2006
Company:
--------------------
Value Name: eDataSecurity Loader
Value Data: C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe 0
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
345088 bytes
Created: 17/03/2006
Modified: 17/03/2006
Company: HiTRUST
--------------------
Value Name: eRecoveryService
Value Data: C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
413696 bytes
Created: 18/08/2008
Modified: 01/06/2006
Company: Acer Inc.
--------------------
Value Name: WarReg_PopUp
Value Data: C:\Acer\WR_PopUp\WarReg_PopUp.exe /normal-run1
C:\Acer\WR_PopUp\WarReg_PopUp.exe
61440 bytes
Created: 18/08/2008
Modified: 23/09/2006
Company: Acer Inc.
--------------------
Value Name: Workflow
Value Data: E:\install\Workflow.exe
E:\install\Workflow.exe [file not found to scan]
--------------------
Value Name: BJCFD
Value Data: C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
376912 bytes
Created: 18/08/2008
Modified: 27/01/2003
Company:
--------------------
Value Name: Motive SmartBridge
Value Data: C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
438359 bytes
Created: 18/08/2008
Modified: 24/08/2005
Company: Motive Communications, Inc.
--------------------
Value Name: DAEMON Tools
Value Data: "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1036
C:\Program Files\DAEMON Tools\daemon.exe
157592 bytes
Created: 12/11/2006
Modified: 12/11/2006
Company: DT Soft Ltd.
--------------------
Value Name: StartCCC
Value Data: "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
61440 bytes
Created: 21/01/2008
Modified: 21/01/2008
Company: Advanced Micro Devices, Inc.
--------------------
Value Name: ZoneAlarm Client
Value Data: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
919016 bytes
Created: 10/09/2008
Modified: 09/07/2008
Company: Zone Labs, LLC
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 24/09/2008
Modified: 19/08/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: SpybotDeletingA2665
Value Data: command /c del "C:\WINDOWS\system32\h@tkeysh@@k.dll"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC2605
Value Data: cmd /c del "C:\WINDOWS\system32\h@tkeysh@@k.dll"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA9746
Value Data: command /c del "C:\WINDOWS\a.bat"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC5365
Value Data: cmd /c del "C:\WINDOWS\a.bat"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA2575
Value Data: command /c del "C:\WINDOWS\base64.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC4305
Value Data: cmd /c del "C:\WINDOWS\base64.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA2127
Value Data: command /c del "C:\WINDOWS\bdn.com"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC8921
Value Data: cmd /c del "C:\WINDOWS\bdn.com"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA4162
Value Data: command /c del "C:\WINDOWS\FVProtect.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC753
Value Data: cmd /c del "C:\WINDOWS\FVProtect.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA2752
Value Data: command /c del "C:\WINDOWS\iTunesMusic.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC9732
Value Data: cmd /c del "C:\WINDOWS\iTunesMusic.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA2936
Value Data: command /c del "C:\WINDOWS\mssecu.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC6436
Value Data: cmd /c del "C:\WINDOWS\mssecu.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA31
Value Data: command /c del "C:\WINDOWS\userconfig9x.dll"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC5025
Value Data: cmd /c del "C:\WINDOWS\userconfig9x.dll"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA4293
Value Data: command /c del "C:\WINDOWS\winsystem.exe"
command /c del - has a *known* Malware filename: SUSPICIOUS.ENTRY
command /c del "C:\WINDOWS\winsystem.exe" - this registry value has been removed [file not found to scan]
command /c del - marked for renaming when the PC is restarted (if it exists)
--------------------
Value Name: SpybotDeletingC6792
Value Data: cmd /c del "C:\WINDOWS\winsystem.exe"
del - has a *known* Malware filename: SUSPICIOUS.ENTRY
cmd /c del "C:\WINDOWS\winsystem.exe" - this registry value has been removed [file not found to scan]
del - marked for renaming when the PC is restarted (if it exists)
--------------------
Value Name: SpybotDeletingA3861
Value Data: command /c del "C:\WINDOWS\zip1.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC7772
Value Data: cmd /c del "C:\WINDOWS\zip1.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA3377
Value Data: command /c del "C:\WINDOWS\zip2.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC9549
Value Data: cmd /c del "C:\WINDOWS\zip2.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA7626
Value Data: command /c del "C:\WINDOWS\zip3.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC815
Value Data: cmd /c del "C:\WINDOWS\zip3.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA8055
Value Data: command /c del "C:\WINDOWS\zipped.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC4469
Value Data: cmd /c del "C:\WINDOWS\zipped.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingA742
Value Data: command /c del "C:\WINDOWS\system32\medup020.dll"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingC5344
Value Data: cmd /c del "C:\WINDOWS\system32\medup020.dll"
del [file not found to scan]
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
Value Name: qCRkFMec1d
Value Data: C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe
C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe
73728 bytes
Created: 06/10/2008
Modified: 06/10/2008
Company:
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------
Value Name: swg
Value Data: C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
68856 bytes
Created: 18/09/2008
Modified: 18/09/2008
Company: Google Inc.
--------------------
Value Name: MsnMsgr
Value Data: "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
5724184 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
Value Name: procweb
Value Data: C:\WINDOWS\system32\odqfchmd.exe
C:\WINDOWS\system32\odqfchmd.exe
98304 bytes
Created: 06/10/2008
Modified: 06/10/2008
Company:
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: SpybotDeletingB8448
Value Data: command /c del "C:\WINDOWS\system32\h@tkeysh@@k.dll"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD7502
Value Data: cmd /c del "C:\WINDOWS\system32\h@tkeysh@@k.dll"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB4506
Value Data: command /c del "C:\WINDOWS\a.bat"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD2261
Value Data: cmd /c del "C:\WINDOWS\a.bat"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB3554
Value Data: command /c del "C:\WINDOWS\base64.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD6343
Value Data: cmd /c del "C:\WINDOWS\base64.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB2433
Value Data: command /c del "C:\WINDOWS\bdn.com"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD1149
Value Data: cmd /c del "C:\WINDOWS\bdn.com"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB5707
Value Data: command /c del "C:\WINDOWS\FVProtect.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD2448
Value Data: cmd /c del "C:\WINDOWS\FVProtect.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB5228
Value Data: command /c del "C:\WINDOWS\iTunesMusic.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD6738
Value Data: cmd /c del "C:\WINDOWS\iTunesMusic.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB7573
Value Data: command /c del "C:\WINDOWS\mssecu.exe"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD9443
Value Data: cmd /c del "C:\WINDOWS\mssecu.exe"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB598
Value Data: command /c del "C:\WINDOWS\userconfig9x.dll"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD3289
Value Data: cmd /c del "C:\WINDOWS\userconfig9x.dll"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB9834
Value Data: command /c del "C:\WINDOWS\winsystem.exe"
command /c del - has a *known* Malware filename: SUSPICIOUS.ENTRY
command /c del "C:\WINDOWS\winsystem.exe" - this registry value has been removed [file not found to scan]
command /c del - marked for renaming when the PC is restarted (if it exists)
--------------------
Value Name: SpybotDeletingD2379
Value Data: cmd /c del "C:\WINDOWS\winsystem.exe"
del - has a *known* Malware filename: SUSPICIOUS.ENTRY
cmd /c del "C:\WINDOWS\winsystem.exe" - this registry value has been removed [file not found to scan]
del - marked for renaming when the PC is restarted (if it exists)
--------------------
Value Name: SpybotDeletingB718
Value Data: command /c del "C:\WINDOWS\zip1.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD1777
Value Data: cmd /c del "C:\WINDOWS\zip1.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB6562
Value Data: command /c del "C:\WINDOWS\zip2.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD7183
Value Data: cmd /c del "C:\WINDOWS\zip2.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB4862
Value Data: command /c del "C:\WINDOWS\zip3.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD9677
Value Data: cmd /c del "C:\WINDOWS\zip3.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB8566
Value Data: command /c del "C:\WINDOWS\zipped.tmp"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD442
Value Data: cmd /c del "C:\WINDOWS\zipped.tmp"
del [file not found to scan]
--------------------
Value Name: SpybotDeletingB8700
Value Data: command /c del "C:\WINDOWS\system32\medup020.dll"
command /c del [file not found to scan]
--------------------
Value Name: SpybotDeletingD9347
Value Data: cmd /c del "C:\WINDOWS\system32\medup020.dll"
del [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
************************************************************
02:24:32: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
************************************************************
02:24:32: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
02:24:33: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\ssmypics.scr
C:\WINDOWS\system32\ssmypics.scr
47104 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
--------------------
************************************************************
02:24:33: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {407408d4-94ed-4d86-ab69-a7f649d112ee}
Path: %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf
setupapi,InstallHinfSection QuickLaunchShortcut 640 %systemroot%\inf\mcdftreg.inf [file not found to scan]
----------
************************************************************
02:24:33: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: MHN
Path: %SystemRoot%\System32\mhn.dll
C:\WINDOWS\System32\mhn.dll
85504 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
--------------------
************************************************************
02:24:33: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AcerMemUsageCheckService
ImagePath: C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
28672 bytes
Created: 18/08/2008
Modified: 11/05/2006
Company: Acer Inc.
----------
Key: appdrv01
ImagePath: System32\Drivers\appdrv01.sys
C:\WINDOWS\System32\Drivers\appdrv01.sys
2915944 bytes
Created: 12/09/2008
Modified: 12/09/2008
Company: Protection Technology
----------
Key: appdrvrem01
ImagePath: %SystemRoot%\System32\appdrvrem01.exe svc
C:\WINDOWS\System32\appdrvrem01.exe
304528 bytes
Created: 12/09/2008
Modified: 12/09/2008
Company: Protection Technology
----------
Key: ATI Smart
ImagePath: C:\WINDOWS\system32\ati2sgag.exe
C:\WINDOWS\system32\ati2sgag.exe
593920 bytes
Created: 19/08/2008
Modified: 03/07/2008
Company:
----------
Key: ehRecvr
ImagePath: C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehRecvr.exe
237568 bytes
Created: 05/08/2005
Modified: 09/04/2006
Company: Microsoft Corporation
----------
Key: ehSched
ImagePath: C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\eHome\ehSched.exe
103424 bytes
Created: 05/08/2005
Modified: 05/08/2005
Company: Microsoft Corporation
----------
Key: FontCache3.0.0.0
ImagePath: C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
36864 bytes
Created: 09/10/2007
Modified: 09/10/2007
Company: Microsoft Corporation
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
138168 bytes
Created: 20/08/2008
Modified: 20/08/2008
Company: Google
----------
Key: HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
144384 bytes
Created: 07/01/2005
Modified: 13/04/2008
Company: Windows (R) Server 2003 DDK provider
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
73728 bytes
Created: 22/10/2004
Modified: 22/10/2004
Company: Macrovision Corporation
----------
Key: idrmkl
ImagePath: \??\C:\DOCUME~1\senez\LOCALS~1\Temp\idrmkl.sys
C:\DOCUME~1\senez\LOCALS~1\Temp\idrmkl.sys [file not found to scan]
----------
Key: idsvc
ImagePath: "C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe"
C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
864256 bytes
Created: 11/10/2007
Modified: 11/10/2007
Company: Microsoft Corporation
----------
Key: int15.sys
ImagePath: \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
C:\Acer\Empowering Technology\eRecovery\int15.sys
69632 bytes
Created: 18/08/2008
Modified: 13/01/2005
Company:
----------
Key: IntcAzAudAddService
ImagePath: system32\drivers\RtkHDAud.sys
C:\WINDOWS\system32\drivers\RtkHDAud.sys
4284928 bytes
Created: 05/06/2006
Modified: 05/06/2006
Company: Realtek Semiconductor Corp.
----------
Key: KLIF
ImagePath: system32\DRIVERS\klif.sys
C:\WINDOWS\system32\DRIVERS\klif.sys
127768 bytes
Created: 10/09/2008
Modified: 19/07/2007
Company: Kaspersky Lab
----------
Key: LightScribeService
ImagePath: "c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe"
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
73728 bytes
Created: 17/02/2006
Modified: 17/02/2006
Company: Hewlett-Packard Company
----------
Key: mcdbus
ImagePath: system32\DRIVERS\mcdbus.sys
C:\WINDOWS\system32\DRIVERS\mcdbus.sys [file not found to scan]
----------
Key: McrdSvc
ImagePath: C:\WINDOWS\ehome\mcrdsvc.exe
C:\WINDOWS\ehome\mcrdsvc.exe
99328 bytes
Created: 05/08/2005
Modified: 05/08/2005
Company: Microsoft Corporation
----------
Key: MHNDRV
ImagePath: system32\DRIVERS\mhndrv.sys
C:\WINDOWS\system32\DRIVERS\mhndrv.sys
11008 bytes
Created: 10/08/2004
Modified: 10/08/2004
Company: Microsoft Corporation
----------
Key: MRENDIS5
ImagePath: \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS
18003 bytes
Created: 18/08/2008
Modified: 22/11/2004
Company: Motive, Inc.
----------
Key: NTIDrvr
ImagePath: system32\DRIVERS\NTIDrvr.sys
C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
6144 bytes
Created: 11/08/2006
Modified: 11/08/2006
Company: NewTech Infosystems, Inc.
----------
Key: nvatabus
ImagePath: system32\drivers\nvatabus.sys
C:\WINDOWS\system32\drivers\nvatabus.sys
105088 bytes
Created: 28/06/2006
Modified: 28/06/2006
Company: NVIDIA Corporation
----------
Key: nvraid
ImagePath: system32\drivers\nvraid.sys
C:\WINDOWS\system32\drivers\nvraid.sys
89344 bytes
Created: 28/06/2006
Modified: 28/06/2006
Company: NVIDIA Corporation
----------
Key: psdfilter
ImagePath: \??\C:\WINDOWS\system32\Drivers\psdfilter.sys
C:\WINDOWS\system32\Drivers\psdfilter.sys
12288 bytes
Created: 07/04/2006
Modified: 07/04/2006
Company: HiTRUST
----------
Key: psdvdisk
ImagePath: \??\C:\WINDOWS\system32\Drivers\psdvdisk.sys
C:\WINDOWS\system32\Drivers\psdvdisk.sys
60416 bytes
Created: 08/03/2006
Modified: 08/03/2006
Company: HiTRUST
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: srescan
ImagePath: system32\ZoneLabs\srescan.sys
C:\WINDOWS\system32\ZoneLabs\srescan.sys
51176 bytes
Created: 10/09/2008
Modified: 27/02/2008
Company: Zone Labs, LLC
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{37E16036-57B1-4DB1-B7DA-D0E751BA0E0A}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
Key: UnlockerDriver5
ImagePath: \??\C:\Program Files\Unlocker\UnlockerDriver5.sys
C:\Program Files\Unlocker\UnlockerDriver5.sys
4096 bytes
Created: 02/05/2008
Modified: 02/05/2008
Company:
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: vsdatant
ImagePath: System32\vsdatant.sys
C:\WINDOWS\System32\vsdatant.sys
394952 bytes
Created: 10/09/2008
Modified: 09/07/2008
Company: Zone Labs, LLC
----------
Key: vsmon
ImagePath: C:\WINDOWS\system32\ZoneLabs\vsmon.exe -service - this file is globally excluded
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: xusb21
ImagePath: system32\DRIVERS\xusb21.sys
C:\WINDOWS\system32\DRIVERS\xusb21.sys
55808 bytes
Created: 28/08/2007
Modified: 28/08/2007
Company: Microsoft Corporation
----------
Key: yukonwxp
ImagePath: system32\DRIVERS\yk51x86.sys
C:\WINDOWS\system32\DRIVERS\yk51x86.sys
244864 bytes
Created: 29/06/2006
Modified: 29/06/2006
Company: Marvell
----------
Key: ZD1211BU(ZyDAS)
ImagePath: system32\DRIVERS\zd1211Bu.sys
C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys
402432 bytes
Created: 28/10/2005
Modified: 28/10/2005
Company: ZyDAS Technology Corporation
----------
Key: ZD1211U(ZyDAS)
ImagePath: system32\DRIVERS\zd1211u.sys
C:\WINDOWS\system32\DRIVERS\zd1211u.sys
280064 bytes
Created: 04/10/2005
Modified: 04/10/2005
Company: ZyDAS Technology Corporation
----------
Key: ZDPSp50
ImagePath: System32\Drivers\ZDPSp50.sys
C:\WINDOWS\System32\Drivers\ZDPSp50.sys
17664 bytes
Created: 25/10/2004
Modified: 25/10/2004
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
************************************************************
02:24:38: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 18/08/2008
Modified: 28/02/2003
Company:
VxD Key = JAVASUP
----------
----------
************************************************************
02:24:38: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : AtiExtEvent
DLLName: Ati2evxx.dll
C:\WINDOWS\system32\Ati2evxx.dll
139264 bytes
Created: 04/07/2008
Modified: 04/07/2008
Company: ATI Technologies Inc.
----------
************************************************************
02:24:38: Scanning ----- CONTEXTMENUHANDLERS -----
Key: EDSshellExt
CLSID: {29FF7AB0-BE34-4992-A30B-53A9D86EE239}
Path: C:\WINDOWS\system32\eDSshellExt.dll
C:\WINDOWS\system32\eDSshellExt.dll
73728 bytes
Created: 08/03/2006
Modified: 08/03/2006
Company: HiTRUST
----------
Key: ZLAVShExt
CLSID: {D9872D13-7651-4471-9EEE-F0A00218BEBB}
Path: C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll
50664 bytes
Created: 10/09/2008
Modified: 09/07/2008
Company: Zone Labs, LLC
----------
************************************************************
02:24:38: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\Program Files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
110592 bytes
Created: 14/12/2004
Modified: 14/12/2004
Company: Adobe Systems, Inc.
----------
************************************************************
02:24:39: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
63136 bytes
Created: 14/12/2004
Modified: 14/12/2004
Company: Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
1562448 bytes
Created: 10/09/2008
Modified: 07/07/2008
Company: Safer Networking Limited
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
184423 bytes
Created: 10/11/2005
Modified: 10/11/2005
Company: Sun Microsystems, Inc.
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar1.dll
c:\program files\google\googletoolbar1.dll
-R- 2436160 bytes
Created: 20/08/2008
Modified: 20/08/2008
Company: Google Inc.
----------
************************************************************
02:24:39: Scanning ----- SHELLSERVICEOBJECTS -----
Key: msgsmart
CLSID: {203CBB11-B270-5708-F2FA-05C7388D3774}
Path: C:\Program Files\umtjtgf\msgsmart.dll
C:\Program Files\umtjtgf\msgsmart.dll
159744 bytes
Created: 06/10/2008
Modified: 06/10/2008
Company:
----------
************************************************************
02:24:39: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
02:24:39: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
02:24:39: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank
************************************************************
02:24:39: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
02:24:39: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
45056 bytes
Created: 18/08/2008
Modified: 01/06/2006
Company: Acer Inc.
Acer Empowering Technology.lnk - links to C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
--------------------
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
745472 bytes
Created: 16/11/2005
Modified: 16/11/2005
Company: X-Micro Technology Corp.
Acer WLAN 11g USB Dongle.lnk - links to C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
--------------------
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
29696 bytes
Created: 14/12/2004
Modified: 14/12/2004
Company: Adobe Systems Incorporated
Adobe Reader Speed Launch.lnk - links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
--------------------
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 11/08/2006
Modified: 11/08/2006
Company:
--------------------
C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
217088 bytes
Created: 18/08/2008
Modified: 03/06/2005
Company: Motive Communications, Inc.
LE COMPAGNON CLUB.lnk - links to C:\Program Files\Club-Internet\Le Compagnon Club\bin\matcli.exe
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
02:24:39: Scanning ----- SCHEDULED TASKS -----
No Scheduled Tasks found to scan
************************************************************
02:24:39: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
02:24:39: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\senez\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\senez\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created: 18/08/2008
Modified: 07/09/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\senez\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
2359350 bytes
Created: 18/08/2008
Modified: 07/09/2008
Company:
----------
Additional checks completed
************************************************************
02:24:46: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[15 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[67 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[28 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[59 loaded modules in total]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
[33 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[53 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[39 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe
[160 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[33 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[37 loaded modules in total]
--------------------
C:\WINDOWS\system32\ZoneLabs\vsmon.exe
[no modules loaded]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
[37 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE
[112 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[54 loaded modules in total]
--------------------
C:\Documents and Settings\All Users\Application Data\yhkdafct\kzavancx.exe
[52 loaded modules in total]
--------------------
C:\WINDOWS\ehome\ehtray.exe
[54 loaded modules in total]
--------------------
C:\WINDOWS\RTHDCPL.EXE
[46 loaded modules in total]
--------------------
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
[18 loaded modules in total]
--------------------
C:\WINDOWS\system32\SysMonitor.exe
[47 loaded modules in total]
--------------------
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
[45 loaded modules in total]
--------------------
C:\Acer\Empowering Technology\eRecovery\eRAgent.exe
[49 loaded modules in total]
--------------------
C:\Program Files\BroadJump\Client Foundation\CFD.exe
[54 loaded modules in total]
--------------------
C:\PROGRA~1\CLUB-I~1\LECOMP~1\SMARTB~1\MotiveSB.exe
[70 loaded modules in total]
--------------------
C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
[no modules loaded]
--------------------
C:\WINDOWS\system32\ctfmon.exe
[35 loaded modules in total]
--------------------
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
[63 loaded modules in total]
--------------------
C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe
[140 loaded modules in total]
--------------------
C:\WINDOWS\system32\odqfchmd.exe
[52 loaded modules in total]
--------------------
C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
[42 loaded modules in total]
--------------------
C:\Acer\Empowering Technology\Acer.Empowering.Framework.Launcher.exe
[86 loaded modules in total]
--------------------
C:\Program Files\Acer WLAN 11g USB Dongle\ZDWlan.exe
[45 loaded modules in total]
--------------------
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
[31 loaded modules in total]
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
[61 loaded modules in total]
--------------------
C:\WINDOWS\eHome\ehRecvr.exe
[44 loaded modules in total]
--------------------
C:\WINDOWS\eHome\ehSched.exe
[40 loaded modules in total]
--------------------
c:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
[18 loaded modules in total]
--------------------
C:\Program Files\Club-Internet\Le Compagnon Club\bin\mpbtn.exe
[37 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[37 loaded modules in total]
--------------------
C:\WINDOWS\ehome\mcrdsvc.exe
[30 loaded modules in total]
--------------------
C:\WINDOWS\system32\dllhost.exe
[42 loaded modules in total]
--------------------
C:\WINDOWS\eHome\ehmsas.exe
[22 loaded modules in total]
--------------------
C:\WINDOWS\System32\alg.exe
[34 loaded modules in total]
--------------------
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
[173 loaded modules in total]
--------------------
C:\WINDOWS\system32\wuauclt.exe
[43 loaded modules in total]
--------------------
C:\Program Files\Windows Live\Messenger\usnsvc.exe
[19 loaded modules in total]
--------------------
C:\Program Files\Trojan Remover\Rmvtrjan.exe
FileSize: 2548288
[This is a Trojan Remover component]
[67 loaded modules in total]
--------------------
************************************************************
02:25:26: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
02:25:26: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
02:25:26: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
02:25:26: Scanning ------ %TEMP% DIRECTORY ------
C:\DOCUME~1\senez\LOCALS~1\Temp\~DF5866.tmp appears to be in-use/locked
C:\DOCUME~1\senez\LOCALS~1\Temp\~DF6464.tmp appears to be in-use/locked
C:\DOCUME~1\senez\LOCALS~1\Temp\~DFB1B2.tmp appears to be in-use/locked
C:\DOCUME~1\senez\LOCALS~1\Temp\~DFCC71.tmp appears to be in-use/locked
************************************************************
02:25:27: Scanning ------ C:\WINDOWS\Temp DIRECTORY ------
C:\WINDOWS\Temp\ZLT01a17.TMP appears to be in-use/locked
C:\WINDOWS\Temp\ZLT01a17.TMP - file ownership assigned to: ACER-7989E0343A\senez
C:\WINDOWS\Temp\ZLT01a17.TMP - file backed up to C:\WINDOWS\Temp\ZLT01a17.TMP.vir
C:\WINDOWS\Temp\ZLT01a17.TMP - file has been neutralised
C:\WINDOWS\Temp\ZLT01a17.TMP - marked for renaming when the PC is restarted
--------------------
C:\WINDOWS\Temp\ZLT01dfb.TMP appears to be in-use/locked
C:\WINDOWS\Temp\ZLT01dfb.TMP - file ownership assigned to: ACER-7989E0343A\senez
C:\WINDOWS\Temp\ZLT01dfb.TMP - file backed up to C:\WINDOWS\Temp\ZLT01dfb.TMP.vir
C:\WINDOWS\Temp\ZLT01dfb.TMP - file has been neutralised
C:\WINDOWS\Temp\ZLT01dfb.TMP - marked for renaming when the PC is restarted
--------------------
************************************************************
02:25:41: Scanning ------ ROOT DIRECTORY ------
************************************************************
02:25:41: ------ Scan for other files to remove ------
C:\WINDOWS\system32\akttzn.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\akttzn.exe, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\system32\anticipator.dll has been deleted
C:\WINDOWS\system32\awtoolb.dll has been deleted
C:\WINDOWS\system32\bdn.com - process is either not running or could not be terminated
C:\WINDOWS\system32\bdn.com, associated with Bogus.Malware.File, has been deleted
C:\WINDOWS\system32\bsva-egihsg52.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\bsva-egihsg52.exe has been deleted
C:\WINDOWS\system32\dpcproxy.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\dpcproxy.exe has been deleted
C:\WINDOWS\system32\emesx.dll has been deleted
C:\WINDOWS\system32\hoproxy.dll has been deleted
C:\WINDOWS\system32\hxiwlgpm.dat has been deleted
C:\WINDOWS\system32\hxiwlgpm.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\hxiwlgpm.exe has been deleted
C:\WINDOWS\system32\medup012.dll has been deleted
C:\WINDOWS\system32\msgp.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\msgp.exe has been deleted
C:\WINDOWS\system32\msnbho.dll has been deleted
C:\WINDOWS\system32\mssecu.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\mssecu.exe has been deleted
C:\WINDOWS\system32\msvchost.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\msvchost.exe has been deleted
C:\WINDOWS\system32\mtr2.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\mtr2.exe has been deleted
C:\WINDOWS\system32\mwin32.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\mwin32.exe has been deleted
C:\WINDOWS\system32\netode.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\netode.exe has been deleted
C:\WINDOWS\system32\newsd32.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\newsd32.exe has been deleted
C:\WINDOWS\system32\ps1.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\ps1.exe has been deleted
C:\WINDOWS\system32\psof1.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\psof1.exe has been deleted
C:\WINDOWS\system32\psoft1.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\psoft1.exe has been deleted
C:\WINDOWS\system32\regc64.dll has been deleted
C:\WINDOWS\system32\regm64.dll has been deleted
C:\WINDOWS\system32\Rundl1.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\Rundl1.exe has been deleted
C:\WINDOWS\system32\smp\msrc.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\smp\msrc.exe has been deleted
C:\WINDOWS\system32\sncntr.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\sncntr.exe has been deleted
C:\WINDOWS\system32\ssurf022.dll has been deleted
C:\WINDOWS\system32\ssvchost.com - process is either not running or could not be terminated
C:\WINDOWS\system32\ssvchost.com has been deleted
C:\WINDOWS\system32\ssvchost.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\ssvchost.exe has been deleted
C:\WINDOWS\system32\sysreq.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\sysreq.exe has been deleted
C:\WINDOWS\system32\taack.dat has been deleted
C:\WINDOWS\system32\taack.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\taack.exe has been deleted
C:\WINDOWS\system32\temp#01.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\temp#01.exe has been deleted
C:\WINDOWS\system32\thun32.dll has been deleted
C:\WINDOWS\system32\thun.dll has been deleted
C:\WINDOWS\system32\VBIEWER.OCX has been deleted
C:\WINDOWS\system32\vbsys2.dll has been deleted
C:\WINDOWS\system32\vcatchpi.dll has been deleted
C:\WINDOWS\system32\winlogonpc.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\winlogonpc.exe has been deleted
C:\WINDOWS\system32\winsystem.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\winsystem.exe has been deleted
C:\WINDOWS\system32\WINWGPX.EXE - process is either not running or could not be terminated
C:\WINDOWS\system32\WINWGPX.EXE has been deleted
----------
42 malware-related files deleted (or marked for deletion)
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://go.microsoft.com/fwlink/?LinkId=69157
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://go.microsoft.com/fwlink/?LinkId=54896
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/ie
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
www.google.fr/
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.google.com
************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 02:25:43 09 oct. 2008
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
09/10/2008 02:25:47: restart commenced
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Registered to: François Pignon]
Scan started at: 11:49:30 07 oct. 2008
Using Database v7147
Operating System: Windows XP SP3 [Windows XP Media Center Edition Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\senez\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\senez\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
************************************************************
11:49:30: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
11:49:30: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
11:49:30: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
11:49:31: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 10/08/2004
Modified: 14/04/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: ehTray
Value Data: C:\WINDOWS\ehome\ehtray.exe
C:\WINDOWS\ehome\ehtray.exe
67584 bytes
Created: 05/08/2005
Modified: 29/09/2005
Company: Microsoft Corporation
--------------------
Value Name: LaunchApp
Value Data: Alaunch
Alaunch [file not found to scan]
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
7626752 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: nwiz.exe /install
C:\WINDOWS\system32\nwiz.exe
1519616 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company:
--------------------
Value Name: NvMediaCenter
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
C:\WINDOWS\system32\NvMcTray.dll
86016 bytes
Created: 12/07/2006
Modified: 12/07/2006
Company: NVIDIA Corporation
--------------------
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
16208384 bytes
Created: 01/06/2006
Modified: 01/06/2006
Company: Realtek Semiconductor Corp.
--------------------
Value Name: SkyTel
Value Data: SkyTel.EXE
C:\WINDOWS\SkyTel.EXE
2879488 bytes
Created: 16/05/2006
Modified: 16/05/2006
Company: Realtek Semiconductor Corp.
--------------------
Value
Désolé il y à eu un petit probleme semble t'il
|
Celui hijackthis
|
Salut Louiso,
|
Bonjour g!rly ,
|
re,
Copie le texte ci-dessous :
File::
C:\WINDOWS\wininit.ini
C:\WINDOWS\system32\odqfchmd.exe
C:\WINDOWS\System32\appdrvrem01.exe
C:\DOCUME~1\senez\LOCALS~1\Temp\idrmkl.sys
Folder::
C:\Program Files\umtjtgf
C:\Documents and Settings\All Users\Application Data\yhkdafct
Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"procweb"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"qCRkFMec1d"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"msgsmart"=-
"{203CBB11-B270-5708-F2FA-05C7388D3774}"=-
Driver::
appdrvrem01
idrmkl
Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt.
Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :
http://sd-1.archive-host.com/membres/up/1366464061/CFScript.gif
Cela va relancer Combofix,
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
S'il n'y a pas de rédémarrage, poste quand même les rapports.
@+
--
What the heck ?
|
Bonsoir Toptibal ,
|
Louiso,
|
Bonjour g!rly ,
|
Salut louiso,
|
Salut g!rly ,
|
Application win 32 Compatibilité 32 bits fichier .com Enlever le virus win 32 Generic host process for win32 services a rencontré un problème et doit fermer Hot win 32 Lecteur virtuel gratuit win 7 N'est pas une application win32 valide Rundll 32 exe n'est pas une application win32 valide Telecharger rapidement et gratuitement vista 32 Trojan Trojan remover gratuit Trojan win32 Trojan.generic Trojan.win32.invader Tuto rendre invisible trojan Win32 agent.fbx Win32.trojan.agent. Win32.trojan.spy hide ip
