Se connecter / S'enregistrer
Votre question

Comment enlever des trojans

Tags :
  • Spybot
  • Sécurité
Dernière réponse : dans Sécurité et virus
30 Mars 2011 21:14:52

Bonjour,
après un scan SPYbot il semblerait mon ordinateur soit infecté par 2 trojans ( Win 32 et Windows repair ) j'aimerai savoir si quelqu'un peut m'aider pour les supprimer. Merci d'avance

Autres pages sur : enlever trojans

a c 548 8 Sécurité
1 Avril 2011 10:46:00

Bonjour,

Vu la légendaire utilité de Spybot, j'ai des doutes, on va regarder ... :D 

Tu aurait son rapport de détection s'il te plait ?
1 Avril 2011 23:15:15

--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()


RevealerKeylogger: [SBI $B53A5B7E] Dossier Programme (Répertoire, nothing done)
C:\Documents and Settings\All Users\Application Data\rkfree\

RevealerKeylogger: [SBI $08FCED7F] Dossier Programme (Répertoire, nothing done)
C:\Documents and Settings\All Users\Application Data\rkfree\data\

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $B2E55F62] Réglages (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr


--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-07-25 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-11-04 Includes\Adware.sbi (*)
2008-12-22 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-12-22 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2008-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-12-22 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2008-12-16 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-16 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-12-10 Includes\Spyware.sbi (*)
2008-12-10 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-12-23 Includes\Trojans.sbi (*)
2008-12-22 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB898461)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
size: 35736
MD5: E97140424C378ACBD47DF493A6AB7235

Located: HK_LM:Run, ArcSoft Connection Service
command: C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
file: C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
size: 31232
MD5: 464C9D3EB01BB20968493C68B1511159

Located: HK_LM:Run, ATICCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
file: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8

Located: HK_LM:Run, AudioDeck
command: C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
file: C:\Program Files\VIAudioi\SBADeck\ADeck.exe
size: 450560
MD5: 743060D3181DD81FF66B5A28F868B4D0

Located: HK_LM:Run, BlackBerryAutoUpdate
command: C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
file: C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 421888
MD5: 69581380E69C8DCE30EDE2A463C912EE

Located: HK_LM:Run, RoxWatchTray
command: "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
file: C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 90E0F7FDCAC66FB50C1CE1A1C7396642

Located: HK_LM:Run, SysVContoller32
command: C:\WINDOWS\system32\svcl32\svcl32.exe
file: C:\WINDOWS\system32\svcl32\svcl32.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919016
MD5: 6B632BE30A0930421560A9A9C677ABD4

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: HK_CU:Run, Assistant DartyBox
where: S-1-5-21-776561741-1417001333-1801674531-500...
command: C:\Program Files\DartyBox_v3\Sagem\AssistantDB\AssistantDB_Sagem.exe -m
file: C:\Program Files\DartyBox_v3\Sagem\AssistantDB\AssistantDB_Sagem.exe
size: 4665856
MD5: C479B85AC408D941694A7F9C81DF3FAF

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-776561741-1417001333-1801674531-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: HK_CU:Run, ISUSPM
where: S-1-5-21-776561741-1417001333-1801674531-500...
command: "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
file: C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
size: 205480
MD5: 23518AA08D8B22CD27AA54FC21D0AC87

Located: HK_CU:Run, L'Assistant DartyBox
where: S-1-5-21-776561741-1417001333-1801674531-500...
command: C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
file: C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-776561741-1417001333-1801674531-500...
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-776561741-1417001333-1801674531-500...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: HK_CU:Run, Ucupivagoxoyi
where: S-1-5-21-776561741-1417001333-1801674531-500...
command: rundll32.exe "C:\WINDOWS\msineti.dll",Startup
file: "C:\WINDOWS\msineti.dll"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: Démarrage (tous utilisateurs), ATI CATALYST System Tray.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
file: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8

Located: Démarrage (tous utilisateurs), McAfee Security Scan Plus.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
file: C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
size: 255536
MD5: 89F7C30A91E5581BDF14C62AB46A2B2D

Located: Démarrage (tous utilisateurs), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 31B19BDCE1FBBB0138466BE87149741A

Located: Démarrage (tous utilisateurs), PHOTOfunSTUDIO -viewer-.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
file: C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
size: 40960
MD5: DD2C3432FF984FA584249AC6FCBCF9D2

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 10/11/2010 13:49:36
Date (last access): 01/04/2011 22:54:26
Date (last write): 10/11/2010 13:49:36
Filesize: 62376
Attributes: archive
MD5: 0EE9E4D28CC1C671061CAD0334C9B59F
CRC32: 145C5067
Version: 10.0.0.396

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 25/07/2008 20:49:52
Date (last access): 01/04/2011 23:10:56
Date (last write): 15/09/2008 15:25:44
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14

{AA58ED58-01DD-4d91-8333-CF10577473F7} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein

{B0DDDF0D-0C47-D0EA-912F-8A87B8133357} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BH
Contenus similaires
1 Avril 2011 23:15:20

--- Search result list ---
Hint of the Day: Click the bar at the right of this to see more information! ()


RevealerKeylogger: [SBI $B53A5B7E] Dossier Programme (Répertoire, nothing done)
C:\Documents and Settings\All Users\Application Data\rkfree\

RevealerKeylogger: [SBI $08FCED7F] Dossier Programme (Répertoire, nothing done)
C:\Documents and Settings\All Users\Application Data\rkfree\data\

Microsoft.WindowsSecurityCenter.TaskManager: [SBI $B2E55F62] Réglages (Modification du registre, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\DisableTaskMgr


--- Spybot - Search & Destroy version: 1.6.0 (build: 20080707) ---

2008-07-07 blindman.exe (1.0.0.8)
2008-07-07 SDFiles.exe (1.6.0.4)
2008-07-07 SDMain.exe (1.0.0.6)
2008-07-07 SDShred.exe (1.0.2.3)
2008-07-07 SDUpdate.exe (1.6.0.8)
2008-07-07 SDWinSec.exe (1.0.0.12)
2008-07-07 SpybotSD.exe (1.6.0.30)
2008-09-16 TeaTimer.exe (1.6.3.25)
2008-07-25 unins000.exe (51.49.0.0)
2008-07-07 Update.exe (1.6.0.7)
2008-10-22 advcheck.dll (1.6.2.13)
2007-04-02 aports.dll (2.1.0.0)
2008-06-14 DelZip179.dll (1.79.11.1)
2008-09-15 SDHelper.dll (1.6.2.14)
2008-06-19 sqlite3.dll
2008-07-07 Tools.dll (2.1.5.7)
2008-11-04 Includes\Adware.sbi (*)
2008-12-22 Includes\AdwareC.sbi (*)
2008-06-03 Includes\Cookies.sbi (*)
2008-09-02 Includes\Dialer.sbi (*)
2008-09-09 Includes\DialerC.sbi (*)
2008-07-23 Includes\HeavyDuty.sbi (*)
2008-11-18 Includes\Hijackers.sbi (*)
2008-12-22 Includes\HijackersC.sbi (*)
2008-12-09 Includes\Keyloggers.sbi (*)
2008-12-22 Includes\KeyloggersC.sbi (*)
2004-11-29 Includes\LSP.sbi (*)
2008-11-18 Includes\Malware.sbi (*)
2008-12-22 Includes\MalwareC.sbi (*)
2008-12-16 Includes\PUPS.sbi (*)
2008-12-16 Includes\PUPSC.sbi (*)
2007-11-07 Includes\Revision.sbi (*)
2008-06-18 Includes\Security.sbi (*)
2008-12-16 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2008-12-10 Includes\Spyware.sbi (*)
2008-12-10 Includes\SpywareC.sbi (*)
2008-06-03 Includes\Tracks.uti
2008-12-23 Includes\Trojans.sbi (*)
2008-12-22 Includes\TrojansC.sbi (*)
2008-03-04 Plugins\Chai.dll
2008-03-05 Plugins\Fennel.dll
2008-02-26 Plugins\Mate.dll
2007-12-24 Plugins\TCPIPAddress.dll



--- System information ---
Windows XP (Build: 2600) Service Pack 2 (5.1.2600)
/ Windows XP / SP3: Windows Installer 3.1 (KB893803)
/ Windows XP / SP3: Mise à jour pour Windows XP (KB898461)
/ Windows XP / SP4: Hotfix for Windows XP (KB954550-v5)


--- Startup entries list ---
Located: HK_LM:Run,
command:
file:
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, Adobe ARM
command: "C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe"
file: C:\Program Files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe
size: 932288
MD5: BAD6BEA0DE1F69C82BDB74378CE0C20A

Located: HK_LM:Run, Adobe Reader Speed Launcher
command: "C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe"
file: C:\Program Files\Adobe\Reader 10.0\Reader\Reader_sl.exe
size: 35736
MD5: E97140424C378ACBD47DF493A6AB7235

Located: HK_LM:Run, ArcSoft Connection Service
command: C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
file: C:\Program Files\Fichiers communs\ArcSoft\Connection Service\Bin\ACDaemon.exe
size: 31232
MD5: 464C9D3EB01BB20968493C68B1511159

Located: HK_LM:Run, ATICCC
command: "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime
file: C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8

Located: HK_LM:Run, AudioDeck
command: C:\Program Files\VIAudioi\SBADeck\ADeck.exe 1
file: C:\Program Files\VIAudioi\SBADeck\ADeck.exe
size: 450560
MD5: 743060D3181DD81FF66B5A28F868B4D0

Located: HK_LM:Run, BlackBerryAutoUpdate
command: C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe /background
file: C:\Program Files\Fichiers communs\Research In Motion\Auto Update\RIMAutoUpdate.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, QuickTime Task
command: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
file: C:\Program Files\QuickTime\QTTask.exe
size: 421888
MD5: 69581380E69C8DCE30EDE2A463C912EE

Located: HK_LM:Run, RoxWatchTray
command: "C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
file: C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, SunJavaUpdateSched
command: "C:\Program Files\Java\jre6\bin\jusched.exe"
file: C:\Program Files\Java\jre6\bin\jusched.exe
size: 149280
MD5: 90E0F7FDCAC66FB50C1CE1A1C7396642

Located: HK_LM:Run, SysVContoller32
command: C:\WINDOWS\system32\svcl32\svcl32.exe
file: C:\WINDOWS\system32\svcl32\svcl32.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_LM:Run, ZoneAlarm Client
command: "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
file: C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
size: 919016
MD5: 6B632BE30A0930421560A9A9C677ABD4

Located: HK_CU:Run, CTFMON.EXE
where: .DEFAULT...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-19...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-20...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: HK_CU:Run, Assistant DartyBox
where: S-1-5-21-776561741-1417001333-1801674531-500...
command: C:\Program Files\DartyBox_v3\Sagem\AssistantDB\AssistantDB_Sagem.exe -m
file: C:\Program Files\DartyBox_v3\Sagem\AssistantDB\AssistantDB_Sagem.exe
size: 4665856
MD5: C479B85AC408D941694A7F9C81DF3FAF

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-21-776561741-1417001333-1801674531-500...
command: C:\WINDOWS\system32\ctfmon.exe
file: C:\WINDOWS\system32\ctfmon.exe
size: 15360
MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: HK_CU:Run, ISUSPM
where: S-1-5-21-776561741-1417001333-1801674531-500...
command: "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
file: C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe
size: 205480
MD5: 23518AA08D8B22CD27AA54FC21D0AC87

Located: HK_CU:Run, L'Assistant DartyBox
where: S-1-5-21-776561741-1417001333-1801674531-500...
command: C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
file: C:\Program Files\Assistant Dartybox\Upgrade_Manager.exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, MsnMsgr
where: S-1-5-21-776561741-1417001333-1801674531-500...
command: "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
file: C:\Program Files\MSN Messenger\MsnMsgr.Exe
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, SpybotSD TeaTimer
where: S-1-5-21-776561741-1417001333-1801674531-500...
command: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
file: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
size: 1833296
MD5: 63B3FF83B87AFCEBA89CED54695DA0F6

Located: HK_CU:Run, Ucupivagoxoyi
where: S-1-5-21-776561741-1417001333-1801674531-500...
command: rundll32.exe "C:\WINDOWS\msineti.dll",Startup
file: "C:\WINDOWS\msineti.dll"
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: HK_CU:Run, CTFMON.EXE
where: S-1-5-18...
command: C:\WINDOWS\system32\CTFMON.EXE
file: C:\WINDOWS\system32\CTFMON.EXE
size: 15360
MD5: 64E41E8FEE655B03E3F19DED21BA5118

Located: Démarrage (tous utilisateurs), ATI CATALYST System Tray.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
file: C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
size: 45056
MD5: 64C4C17BF6A40FF1CD21205E6FD415B8

Located: Démarrage (tous utilisateurs), McAfee Security Scan Plus.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
file: C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe
size: 255536
MD5: 89F7C30A91E5581BDF14C62AB46A2B2D

Located: Démarrage (tous utilisateurs), Microsoft Office.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Microsoft Office\Office\OSA9.EXE
file: C:\Program Files\Microsoft Office\Office\OSA9.EXE
size: 65588
MD5: 31B19BDCE1FBBB0138466BE87149741A

Located: Démarrage (tous utilisateurs), PHOTOfunSTUDIO -viewer-.lnk
where: C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage...
command: C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
file: C:\Program Files\Panasonic\PHOTOfunSTUDIO -viewer-\PhAutoRun.exe
size: 40960
MD5: DD2C3432FF984FA584249AC6FCBCF9D2

Located: WinLogon, AtiExtEvent
command: Ati2evxx.dll
file: Ati2evxx.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, crypt32chain
command: crypt32.dll
file: crypt32.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cryptnet
command: cryptnet.dll
file: cryptnet.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, cscdll
command: cscdll.dll
file: cscdll.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, ScCertProp
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, Schedule
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, sclgntfy
command: sclgntfy.dll
file: sclgntfy.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, SensLogn
command: WlNotify.dll
file: WlNotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, termsrv
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!

Located: WinLogon, wlballoon
command: wlnotify.dll
file: wlnotify.dll
size: 0
MD5: D41D8CD98F00B204E9800998ECF8427E
Warning: if the file is actually larger than 0 bytes,
the checksum could not be properly calculated!



--- Browser helper object list ---
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} (AcroIEHelperStub)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name: AcroIEHelperStub
CLSID name: Adobe PDF Link Helper
Path: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\
Long name: AcroIEHelperShim.dll
Short name: ACROIE~2.DLL
Date (created): 10/11/2010 13:49:36
Date (last access): 01/04/2011 22:54:26
Date (last write): 10/11/2010 13:49:36
Filesize: 62376
Attributes: archive
MD5: 0EE9E4D28CC1C671061CAD0334C9B59F
CRC32: 145C5067
Version: 10.0.0.396

{53707962-6F74-2D53-2644-206D7942484F} (Spybot-S&D IE Protection)
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name: Spybot-S&D IE Protection
description: Spybot-S&D IE Browser plugin
classification: Legitimate
known filename: SDhelper.dll
info link: http://spybot.eon.net.au/
info source: Patrick M. Kolla
Path: C:\PROGRA~1\SPYBOT~1\
Long name: SDHelper.dll
Short name:
Date (created): 25/07/2008 20:49:52
Date (last access): 01/04/2011 23:10:56
Date (last write): 15/09/2008 15:25:44
Filesize: 1562960
Attributes: readonly hidden sysfile archive
MD5: 35F73F1936BDE91F1B6995510A61E7A8
CRC32: BE6A5D15
Version: 1.6.2.14

{AA58ED58-01DD-4d91-8333-CF10577473F7} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BHO name:
CLSID name:
description: Google toolbar
classification: Open for discussion
known filename: googletoolbar.dll<br>googletoolbar*.dll<br>(* = number)<br>googletoolbar_en_*.**-big.dll<br>Googletoolbar_en_*.*.**-deleon.dll
info link: http://toolbar.google.com/
info source: TonyKlein

{B0DDDF0D-0C47-D0EA-912F-8A87B8133357} ()
location: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
BH
a c 548 8 Sécurité
2 Avril 2011 09:56:31

Re,

Mouais, bof toujours aussi inutile ce spybot quoi ...

T'as télécharger ce soft ?
Revealer Keylogger Free Edition

Pour voir :

Télécharge OTL (de Old Timer) sur ton bureau.
  • Ferme toutes tes fenêtres, puis double clique sur OTL.exe pour le lancer.
    (Utilisateur de Vista/Windows 7 faites un clic droit -> "Exécuter en tant qu'administrateur")
  • Coche en haut la case devant "Tous les utilisateurs"
  • Sous Personnalisation, copie-colle l'ensemble du texte ci-dessous, laisse les autres options par défaut.
    netsvcs
    msconfig
    drivers32
    %SYSTEMDRIVE%\*.exe
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\system32\drivers\*.sys /lockedfiles
    CREATERESTOREPOINT

  • Clique sur le bouton Analyse en haut à gauche puis patiente quelques instants.
  • A la fin du scan, deux rapports s'ouvriront OTL.Txt et Extras.Txt. Copie/colle ici l'ensemble des rapports.
    PS : Les rapports sont aussi enregistrés sur le bureau

    Pour les rapports, merci d'utiliser ce service de rapport en ligne : dépose le fichier via "parcourir" et poste simplement le lien obtenu.
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS