probleme antispykit

Barrette de RAM Messages: 23 Tutoriaux : 0

voila le rapport de combofix:

ComboFix 08-03-25.1 - Jojo 2008-03-26 21:04:55.1 - NTFSx86
Microsoft® Windows Vista™ Édition Familiale Basique 6.0.6000.0.1252.1.1036.18.1285 [GMT 1:00]
Endroit: C:\Users\Jojo\Desktop\ComboFix.exe
* Création d'un nouveau point de restauration
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-26 to 2008-03-26 ))))))))))))))))))))))))))))))))))))
.

Pas de nouveau fichier créé dans cet espace de temps

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-26 15:09 --------- d---a-w C:\ProgramData\TEMP
2008-03-26 14:24 691 ----a-w C:\Users\Jojo\AppData\Roaming\GetValue.vbs
2008-03-26 14:24 35 ----a-w C:\Users\Jojo\AppData\Roaming\SetValue.bat
2008-03-26 12:43 --------- d-----w C:\Program Files\Game Cam V2
2008-03-25 21:08 --------- d-----w C:\Program Files\Navilog1
2008-03-25 18:11 --------- d-----w C:\ProgramData\Avira
2008-03-25 18:11 --------- d-----w C:\Program Files\Avira
2008-03-25 17:05 --------- d-----w C:\Program Files\Trend Micro
2008-03-24 19:47 --------- d-----w C:\ProgramData\Ubisoft
2008-03-23 19:54 --------- d-----w C:\Program Files\YesMessenger
2008-03-22 14:49 86,528 ----a-w C:\Windows\System32\VACFix.exe
2008-03-21 20:53 --------- d-----w C:\Program Files\Google
2008-03-20 16:16 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-03-20 15:55 --------- d-----w C:\Program Files\Western Digital
2008-03-19 14:13 --------- d-----w C:\Program Files\Alwil Software
2008-03-19 13:31 51 ----a-w C:\xmp.bat
2008-03-15 16:16 82,432 ----a-w C:\Windows\System32\IEDFix.exe
2008-03-14 02:08 --------- d-----w C:\Program Files\Windows Mail
2008-03-04 10:05 --------- d-----w C:\Program Files\GUILD WARS
2008-02-24 19:36 --------- d-----w C:\Users\Jojo\AppData\Roaming\eMule
2008-02-24 19:36 --------- d-----w C:\ProgramData\eMule
2008-02-24 19:36 --------- d-----w C:\Program Files\eMule
2008-02-15 02:11 194,560 ----a-w C:\Windows\System32\WebClnt.dll
2008-02-15 02:11 110,080 ----a-w C:\Windows\system32\drivers\mrxdav.sys
2008-02-15 02:06 45,112 ----a-w C:\Windows\system32\drivers\pciidex.sys
2008-02-15 02:06 3,504,696 ----a-w C:\Windows\System32\ntkrnlpa.exe
2008-02-15 02:06 3,470,392 ----a-w C:\Windows\System32\ntoskrnl.exe
2008-02-15 02:06 21,560 ----a-w C:\Windows\system32\drivers\atapi.sys
2008-02-15 02:06 154,624 ----a-w C:\Windows\system32\drivers\nwifi.sys
2008-02-15 02:06 15,928 ----a-w C:\Windows\system32\drivers\pciide.sys
2008-02-15 02:06 109,624 ----a-w C:\Windows\system32\drivers\ataport.sys
2008-02-15 02:05 803,328 ----a-w C:\Windows\system32\drivers\tcpip.sys
2008-02-15 02:05 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-02-15 02:05 449,536 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-02-15 02:05 4,247,552 ----a-w C:\Windows\System32\GameUXLegacyGDFs.dll
2008-02-15 02:05 24,064 ----a-w C:\Windows\System32\netcfg.exe
2008-02-15 02:05 22,016 ----a-w C:\Windows\System32\netiougc.exe
2008-02-15 02:05 216,632 ----a-w C:\Windows\system32\drivers\netio.sys
2008-02-15 02:05 2,144,256 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-02-15 02:05 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-02-15 02:05 167,424 ----a-w C:\Windows\System32\tcpipcfg.dll
2008-02-15 02:05 1,686,528 ----a-w C:\Windows\System32\gameux.dll
2008-02-15 02:02 824,832 ----a-w C:\Windows\System32\wininet.dll
2008-02-15 02:02 56,320 ----a-w C:\Windows\System32\iesetup.dll
2008-02-15 02:02 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2008-02-15 02:02 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2008-02-12 02:02 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-11 23:58 --------- d-----w C:\Program Files\DivX
2008-02-11 17:23 --------- d-----w C:\Program Files\Windows Live
2008-02-11 17:22 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-02-11 17:14 --------- d-----w C:\ProgramData\WLInstaller
2008-01-14 12:52 81,920 ----a-w C:\Windows\System32\frapsvid.dll
2008-01-10 13:36 11,776 ----a-w C:\Windows\System32\sbunattend.exe
2007-12-29 19:06 98,304 ----a-w C:\Windows\System32\CmdLineExt.dll
2007-09-13 02:04 174 --sha-w C:\Program Files\desktop.ini
2007-10-09 16:14 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History \History.IE5\index.dat
2007-10-09 16:14 32,768 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\Tempora ry Internet Files\Content.IE5\index.dat
2007-10-09 16:14 16,384 --sha-w C:\Windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cooki es\index.dat
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" []
"?????????"="??????????????e" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-03-20 17:00 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-09-13 02:25 1006264]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [2006-07-11 17:12 90112]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-20 07:13 4018176 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2006-10-23 04:00 815104]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [2006-11-18 05:57 151552]
"Acer Tour"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 20:48 57344]
"SetPanel"="" []
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [2006-11-15 07:02 614400]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2006-11-17 07:26 453120]
"eRecoveryService"="" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-25 19:14 249896]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [2006-11-19 03:47:08 528384]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"TCP Query User{D3775C06-60FA-47DE-A353-FE649CB8D368}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{4EE4C3CC-B1FA-4F77-B5F7-CD94810A5DEF}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"TCP Query User{0197D784-2E8A-4215-8106-7BBEFD83CC09}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{B3225158-30A0-40E2-9650-DD86FD8B608A}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{E87CE944-FDAD-4915-A435-8C9B9B9562E7}C:\\diablo ii\\game.exe"= UDP:C:\diablo ii\game.exe:Diablo II
"UDP Query User{69863305-4AC0-4BDF-BD33-6F72BE2C6AA6}C:\\diablo ii\\game.exe"= TCP:C:\diablo ii\game.exe:Diablo II
"TCP Query User{AA08E1D7-4A6E-4519-87C8-95526E9F175A}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= UDP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"UDP Query User{FA1F1FB4-D8DF-44D4-B2A6-4AC1BEB25DC7}C:\\program files\\thq\\dawn of war - dark crusade\\darkcrusade.exe"= TCP:C:\program files\thq\dawn of war - dark crusade\darkcrusade.exe:DarkCrusade
"TCP Query User{3708689F-687E-429F-92A9-74740A7E8ABF}C:\\program files\\internet explorer\\iexplore.exe"= UDP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"UDP Query User{771B4174-6324-48D2-AD9E-75FB2C0B578F}C:\\program files\\internet explorer\\iexplore.exe"= TCP:C:\program files\internet explorer\iexplore.exe:Internet Explorer
"TCP Query User{356D89F9-4004-47FC-81B1-398F76DF8FEC}C:\\program files\\mozilla firefox\\firefox.exe"= UDP:C:\program files\mozilla firefox\firefox.exe:Firefox
"UDP Query User{AF7F3AF7-C98D-4FD4-923F-FEEF07364342}C:\\program files\\mozilla firefox\\firefox.exe"= TCP:C:\program files\mozilla firefox\firefox.exe:Firefox
"{77591978-96A4-4323-B8C6-095FC9CE9655}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"TCP Query User{54E0A1AE-485E-4A78-825B-4DE60460D95D}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{7B9A899F-7AF0-4253-ACD0-C3964EEE5800}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{3AEAF75B-0B2E-4A0C-8F95-BC825CA07441}C:\\program files\\emule\\emule.exe"= UDP:C:\program files\emule\emule.exe:eMule
"UDP Query User{32AB9EF1-123E-41FF-96F7-9192FF8E27C3}C:\\program files\\emule\\emule.exe"= TCP:C:\program files\emule\emule.exe:eMule
"TCP Query User{E9D12079-3CDD-4345-85B8-CED956E04745}D:\\jeux\\soulstorm.exe"= UDP:D:\jeux\soulstorm.exe:Soulstorm
"UDP Query User{3AC915DC-EC93-4CD5-87B7-341626DB9B7A}D:\\jeux\\soulstorm.exe"= TCP:D:\jeux\soulstorm.exe:Soulstorm

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

R0 PSDFilter;PSDFilter;C:\Windows\system32\DRIVERS\psdfilter.sys [2006-11-10 14:10]
R0 PSDNServ;PSDNSERVER;C:\Windows\system32\drivers\PSDNServ.sys [2006-11-10 14:21]
R0 psdvdisk;psdvdisk;C:\Windows\system32\drivers\psdvdisk.sys [2006-11-08 15:11]
R2 {2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD};{2FF8D163-C3C2-46ce-BD8D-D85AC1BC56DD};C:\Program Files\Acer\Acer Arcade\000.fcl [2006-11-18 05:57]
R2 eNet Service;eNet Service;C:\Acer\Empowering Technology\eNet\eNet Service.exe [2006-11-20 20:43]
R2 eSettingsService;eSettings Service;C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe [2006-11-12 23:13]
R2 MobilityService;MobilityService;C:\Acer\Mobility Center\MobilityService.exe [2006-11-24 12:57]
R2 WMIService;ePower Service;C:\Acer\Empowering Technology\ePower\ePowerSvc.exe [2006-12-01 09:34]
R2 XAudio;XAudio;C:\Windows\system32\DRIVERS\xaudio.sys [2006-08-04 10:39]
R3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-25 03:46]
S3 athr;Atheros Extensible Wireless LAN device driver;C:\Windows\system32\DRIVERS\athr.sys [2006-11-10 07:38]
S3 SMSCIRDA;SMSC Infrared Device Driver;C:\Windows\system32\DRIVERS\SMSCirda.sys [2006-10-18 08:44]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a25d13c-5816-11 dc-a9e8-806e6f6e6963}]
\shell\AutoRun\command - E:\scct_launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c74a42a6-e6ef-11 dc-bc2f-0016d4ab8539}]
\shell\AutoRun\command - F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5d42e9a-f693-11 dc-acfd-0016d4ab8539}]
\shell\AutoRun\command - F:\wdsync.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-26 21:06:52
Windows 6.0.6000 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-26 21:07:39
ComboFix-quarantined-files.txt 2008-03-26 20:07:36
.
2008-03-22 20:08:13 --- E O F ---

Posté le: Mar 25 Mar 2008 22:32 Sujet : probleme antispykit

re-bonsoir,
parfait , tu postes les autres rapports ?
merci Clin d'oeil

Barrette de RAM Messages: 23 Tutoriaux : 0

oui désolé j'ai un peu galérer avec kaspeci en ligne
voila le rapport

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Thursday, March 27, 2008 4:38:46 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 25/03/2008
Kaspersky Anti-Virus database records: 663509
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 59702
Number of viruses found: 4
Number of infected objects: 10
Number of suspicious objects: 0
Duration of the scan process: 00:35:42

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080325180400\backup\Users\Jojo\AppData\Local\Temp\zfe1.exe Infected: not-virus:Hoax.Win32.Renos.bdu skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile00.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile01.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile02.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile03.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile04.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile05.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile06.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile07.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile08.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile09.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile10.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile11.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile12.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile13.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile14.sqm Object is locked skipped
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped
C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.ilg Object is locked skipped
C:\Program Files\Navilog1\reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2571aa5b98a372e4e8d1212b14f7d518_0ccb5e13-5ca3-4f69- 9db3-de2979d69099 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\62c3b74fa1c0e822818d5681e76edc85_0ccb5e13-5ca3-4f69- 9db3-de2979d69099 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d6c535860ab109c9c5aac9b5f1e49edb_06fa3f3e-fc7c-492e- bdc8-93c89fbd03bc Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f0abd6e394e4ed281883e32fb75db30f_0ccb5e13-5ca3-4f69- 9db3-de2979d69099 Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008032620080327\index .dat Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZJJ5YEG2\install_en[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\UsrClass.dat{f8618c16-5817-11dc-9c53-00197d42cc9e}.TM. blf Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\UsrClass.dat{f8618c16-5817-11dc-9c53-00197d42cc9e}.TMC ontainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\UsrClass.dat{f8618c16-5817-11dc-9c53-00197d42cc9e}.TMC ontainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows Defender\FileTracker\{795C0679-3225-4044-ADA5-4D54F447EEDD} Object is locked skipped
C:\Users\Jojo\AppData\Local\Acer Arcade\Log\Trace20080326.log Object is locked skipped
C:\Users\Jojo\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Jojo\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Jojo\Desktop\clean\clean\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\Users\Jojo\Desktop\clean.zip/clean/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\Users\Jojo\Desktop\clean.zip ZIP: infected - 1 skipped
C:\Users\Jojo\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Users\Jojo\Desktop\SmitfraudFix.exe/data.rar/SmitfraudFix/Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Users\Jojo\Desktop\SmitfraudFix.exe/data.rar Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Users\Jojo\Desktop\SmitfraudFix.exe RarSFX: infected - 2 skipped
C:\Users\Jojo\NTUSER.DAT Object is locked skipped
C:\Users\Jojo\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Jojo\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Jojo\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Users\Jojo\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtr ans-ms Object is locked skipped
C:\Users\Jojo\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtr ans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 O bject is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 O bject is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer0000000000000000000 1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer0000000000000000000 2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer0000000000000000000 3.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer0000000000000000000 4.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8A94AF24F162D580E3D9889344A3A317.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING1.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPING2.MAP Object is locked skipped
C:\Windows\System32\wbem\Repository\OBJECTS.DATA Object is locked skipped
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Antivirus.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Application.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\DFS Replication.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Key Management Service.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Networking%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnostics-Performance%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DiskDiagnosticDataCollector%4Operational.evtx Obje ct is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Help%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-International%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-LanguagePackSetup%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-MUI%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ParentalControls%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Program-Compatibility-Assistant%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReliabilityAnalysisComponent%4Operational.evtx Obj ect is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx Obj ect is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Resolver%4Operational.evtx Obj ect is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Leak-Diagnostic%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-RestartManager%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TaskScheduler%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-UAC-FileVirtualization%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Security.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\Setup.evtx Object is locked skipped
C:\Windows\System32\winevt\Logs\System.evtx Object is locked skipped
C:\Windows\Tasks\SCHEDLGU.TXT Object is locked skipped
C:\Windows\winsxs\x86_microsoft-windows-n..n_service_datastore_31bf3856ad364e35_6.0.6000.16386_none_ cef7ceb03914a67f\dnary.xsd Object is locked skipped

Scan process completed.

Barrette de RAM Messages: 23 Tutoriaux : 0

et voila dss:

Deckard's System Scanner v20071014.68
Run by Jojo on 2008-03-27 04:43:32
Computer is in Normal Mode.
--------------------------------------------------------------------------------

-- HijackThis (run as Jojo.exe) ------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 04:43:40, on 27/03/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16609)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
C:\Windows\RtHDVCpl.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Acer\Empowering Technology\ENET\ENMTRAY.EXE
C:\Acer\Empowering Technology\EPOWER\EPOWER_DMC.EXE
C:\Acer\Empowering Technology\eRecovery\ERAGENT.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
C:\Windows\system32\conime.exe
C:\Windows\Explorer.exe
C:\Program Files\Internet Explorer\ieuser.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Users\Jojo\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Jojo.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: ShowBarObj Class - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Windows\system32\ActiveToolBand.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Acer\Acer Arcade\PCMService.exe"
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [LManager] C:\PROGRA~1\LAUNCH~1\LManager.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [?????????] ??????????????e
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O13 - Gopher Prefix:
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/default/kavwebscan_unicode.cab
O16 - DPF: {87AF076E-D86D-4E87-ADDD-F05804E1F150} - https://www.virginmega.fr/DownloadManager/Release/Prod/DownMan.cab
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
O23 - Service: eLock Service (eLockService) - Acer Inc. - C:\Acer\Empowering Technology\eLock\Service\eLockServ.exe
O23 - Service: eNet Service - Acer Inc. - C:\Acer\Empowering Technology\eNet\eNet Service.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: eSettings Service (eSettingsService) - Unknown owner - C:\Acer\Empowering Technology\eSettings\Service\capuserv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MobilityService - Unknown owner - C:\Acer\Mobility Center\MobilityService.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Unknown owner - C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: ePower Service (WMIService) - acer - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 7052 bytes

-- Files created between 2008-02-27 and 2008-03-27 -----------------------------

2008-03-26 21:13:36 0 d-------- C:\Windows\system32\Kaspersky Lab
2008-03-26 21:03:34 68096 --a------ C:\Windows\system32\zip.exe
2008-03-26 21:03:34 98816 --a------ C:\Windows\system32\sed.exe
2008-03-26 21:03:34 80412 --a------ C:\Windows\system32\grep.exe
2008-03-26 21:03:34 73728 --a------ C:\Windows\system32\fdsv.exe <Not Verified; Smallfrogs Studio; >
2008-03-26 13:47:02 0 d-------- C:\Fraps
2008-03-26 13:34:18 0 d-------- C:\Program Files\Game Cam V2
2008-03-26 13:05:33 2938 --a------ C:\Windows\system32\tmp.reg
2008-03-26 13:05:20 25600 --a------ C:\Windows\system32\WS2Fix.exe
2008-03-26 13:05:20 289144 --a------ C:\Windows\system32\VCCLSID.exe <Not Verified; S!Ri; >
2008-03-26 13:05:20 86528 --a------ C:\Windows\system32\VACFix.exe <Not Verified; S!Ri.URZ; VACFix>
2008-03-26 13:05:20 288417 --a------ C:\Windows\system32\SrchSTS.exe <Not Verified; S!Ri; SrchSTS>
2008-03-26 13:05:20 53248 --a------ C:\Windows\system32\Process.exe <Not Verified; http://www.beyondlogic.org; Command Line Process Utility>
2008-03-26 13:05:20 82432 --a------ C:\Windows\system32\IEDFix.exe <Not Verified; S!Ri.URZ; IEDFix>
2008-03-26 13:05:20 51200 --a------ C:\Windows\system32\dumphive.exe
2008-03-25 21:38:44 0 d-------- C:\Program Files\Navilog1
2008-03-25 19:11:22 0 d-------- C:\Users\All Users\Avira
2008-03-25 19:11:22 0 d-------- C:\Program Files\Avira
2008-03-25 18:05:19 0 d-------- C:\Program Files\Trend Micro
2008-03-24 20:47:36 0 d-------- C:\Users\All Users\Ubisoft
2008-03-20 17:10:53 0 d-------- C:\Windows\Google Toolbar
2008-03-20 16:55:35 0 d-------- C:\Program Files\Western Digital
2008-03-19 15:13:43 0 d-------- C:\Program Files\Alwil Software
2008-03-19 14:31:13 51 --a------ C:\xmp.bat

-- Find3M Report ---------------------------------------------------------------

2008-03-26 15:24:55 35 --a------ C:\Users\Jojo\AppData\Roaming\SetValue.bat
2008-03-26 15:24:55 691 --a------ C:\Users\Jojo\AppData\Roaming\GetValue.vbs
2008-03-23 20:54:02 0 d-------- C:\Program Files\YesMessenger
2008-03-21 21:53:55 0 d-------- C:\Program Files\Google
2008-03-20 17:16:02 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-03-20 16:58:38 690832 --a------ C:\Windows\system32\perfh00C.dat
2008-03-20 16:58:38 117572 --a------ C:\Windows\system32\perfc00C.dat
2008-03-19 21:20:45 0 d-------- C:\Program Files\Common Files
2008-03-19 14:31:28 0 d-------- C:\Users\Jojo\AppData\Roaming\Google
2008-03-14 03:08:33 0 d-------- C:\Program Files\Windows Mail
2008-03-04 11:05:44 0 d-------- C:\Program Files\GUILD WARS
2008-02-24 20:36:21 0 d-------- C:\Users\Jojo\AppData\Roaming\eMule
2008-02-24 20:36:21 0 d-------- C:\Program Files\eMule
2008-02-12 03:02:27 0 d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-02-12 00:58:54 0 d-------- C:\Program Files\DivX
2008-02-11 18:23:05 0 d-------- C:\Program Files\Windows Live
2008-02-11 18:22:24 0 d--hs--c- C:\Program Files\Common Files\WindowsLiveInstaller
2008-01-14 13:52:00 81920 --a------ C:\Windows\system32\frapsvid.dll <Not Verified; Beepa P/L; FRAPS>
2007-12-30 20:55:50 1 --a------ C:\Windows\system32\SI.bin
2007-12-29 20:06:57 98304 --a------ C:\Windows\system32\CmdLineExt.dll <Not Verified; Sony DADC Austria AG.; >

-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [13/09/2007 02:25]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe" [11/07/2006 17:12]
"RtHDVCpl"="RtHDVCpl.exe" [20/11/2006 07:13 C:\Windows\RtHDVCpl.exe]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [23/10/2006 04:00]
"PCMService"="C:\Program Files\Acer\Acer Arcade\PCMService.exe" [18/11/2006 05:57]
"Acer Tour"="" []
"WarReg_PopUp"="C:\Acer\WR_PopUp\WarReg_PopUp.exe" [05/11/2006 20:48]
"SetPanel"="" []
"LManager"="C:\PROGRA~1\LAUNCH~1\LManager.exe" [15/11/2006 07:02]
"eDataSecurity Loader"="C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe" [17/11/2006 07:26]
"eRecoveryService"="" []
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [25/03/2008 19:14]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"????r"="" []
"?????????"="??????????????e" []
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [20/03/2008 17:00]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\MsnMsgr.exe" [18/10/2007 11:34]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [14/12/2004 04:44:06]
Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe [19/11/2006 03:47:08]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"=2 (0x2)
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=1 (0x1)
"HideStartupScripts"=0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppInfo]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\KeyIso]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\NTDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ProfSvc]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SWPRV]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TabletInputService]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TBS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TrustedInstaller]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\VDS]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgr.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\volmgrx.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04 F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{6BDD1FC1-810F-11D0-BEC7-08002 BE2092F}]
@="IEEE 1394 Bus host controllers"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D48179BE-EC20-11D1-B6B8-00C04 FA372A7}]
@="SBP2 IEEE 1394 Devices"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{D94EE5D8-D189-4994-83D2-F68D7 D41B0E6}]
@="SecurityDevices"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalService nsi lltdsvc SSDPSRV upnphost SCardSvr w32time EventSystem RemoteRegistry WinHttpAutoProxySvc lanmanworkstation TBS SLUINotify THREADORDER fdrespub netprofm fdphost wcncsvc QWAVE WebClient
LocalSystemNetworkRestricted hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc wlansvc EMDMgmt TabletInputService WPDBusEnum
LocalServiceNoNetwork PLA DPS BFE mpssvc

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8a25d13c-5816-11 dc-a9e8-806e6f6e6963}]
AutoRun\command- E:\scct_launcher.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c74a42a6-e6ef-11 dc-bc2f-0016d4ab8539}]
AutoRun\command- F:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f5d42e9a-f693-11 dc-acfd-0016d4ab8539}]
AutoRun\command- F:\wdsync.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}]
C:\Windows\system32\unregmp2.exe /ShowWMP

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{6BF52A52-394A-11d3-B153-00C04F79FAA6}]
%SystemRoot%\system32\unregmp2.exe /FirstLogon /Shortcuts /RegBrowsers /ResetMUI

-- End of Deckard's System Scanner: finished at 2008-03-27 04:44:17 ------------

Posté le: Mer 26 Mar 2008 11:47 Sujet : probleme antispykit

re-bonjour,
à ce sujet zfe1.exe
--------------------------------------

OAD.exe

changelog.fr

http://sosvirus.changelog.fr/OAD.exe

Double clique sur le OAD pour le lancer

rechercher

zfe1.exe

option 6 puis valide

OAD va maintenant rechercher le fichier.

- Fais un copier / coller de ce rapport dans ton prochain post.

---------------------
ensuite il manque le rapport de clean.cmd
Si tu ne l'a pas déjà téléchargé:
** Clean de malekal.
Télécharger clean.zip ici:
-->source ici

Où est le rapport clean ? :

--->aide visuelle, clic ici

*- Si je te demande de nettoyer:

Barrette de RAM Messages: 23 Tutoriaux : 0

Bon premier problème
j'ai télécharger clean j'ai tout extrait
ensuite clean.cmd j'ai tapé 1 ils me dise que la recherche commence et de patienté Dors

puis accès refusé une dixaine de fois
ensuite une fenetre me dit

"Run-time error '75':

Path/File access error"

on me propose ensuite d'envoyé le fichier via upload malekal

???

Posté le: Mer 26 Mar 2008 15:43 Sujet : probleme antispykit

re,

fais clean.cmd option 1
en mode sans échec.
Poste le rapport

Barrette de RAM Messages: 23 Tutoriaux : 0

voila le rapport de clean

27/03/2008 a 15:28:08,61

*** Recherche C:

*** Recherche C:\Windows\

*** Recherche C:\Windows\system32
C:\Windows\system32\wininit.exe FOUND
C:\Windows\system32\wininit.exe FOUND

*** Recherche C:\Program Files
*** End of the report !

Barrette de RAM Messages: 23 Tutoriaux : 0

Et la celui de OAD (j'ai dû la aussi me mettre en mode sans echec)

27/03/2008 ---- 15:40:52,95

----------------------------------
§§§§§§ [zfe1.exe] §§§§§§
----------------------------------
[X] Registre

-------------- [ ] rapide
-- Fichier --- [ ] disque systeme
------------- [X] complete

********************
[Registre]
********************

Aucune entrée détectée

*******************
[Fichier]
*******************

c:\Deckard\System Scanner\20080325180400\backup\Users\Jojo\AppData\Local\Temp\zfe1.exe

*********************
[Même date]
*********************

[19/03/2008 ] --- REP ---> C:\Program Files\Alwil Software
[19/03/2008 ] ---> C:\xmp.bat

Outil Aide Diagnostic By !aur3n7 Version 1.1
----------------------------------
§§§§§ Fin Rapport §§§§§
----------------------------------

Posté le: Mer 26 Mar 2008 23:44 Sujet : probleme antispykit

---> et tu fais clic droit / copier

- Ouvres killbox
- Sélectionne "delete on reboot"
- Clique sur le menu "File" -> "Past from clip board"
- Clique sur "All Files"
- Clique sur la croix rouge et blanche
- Répond "yes" et laisse redémarrer ton pc.
N'hésite pas à consulter en cas de souci.l'Aide killbox

NOTE: Si tu reçois le message "PendingFileRenameOperations Registry Data has been removed by external process!" et que l'ordinateur ne redémarre pas, redémarre le manuellement ---> Menu Démarrer / arreter / redémarrer l'ordinateur

Après redémarrage, relance Killbox puis clic sur le menu fichier -> Log -> Actions History Log
Poste le rapport ici

Barrette de RAM Messages: 23 Tutoriaux : 0

voila le rapport de killbox

Pocket Killbox version 2.0.0.881
Running on as Jojo(Limited Account)
was started @ jeudi, mars 27, 2008, 11:47 PM

# 1 [Delete on Reboot]
Path = c:\Deckard\System Scanner\20080325180400\backup\Users\Jojo\AppData\Local\Temp\zfe1.exe

PendingFileRenameOperations Registry Data has been Removed by External Process! @ 11:49:18 PM
Killbox Closed(Exit) @ 11:49:48 PM
__________________________________________________

Pocket Killbox version 2.0.0.881
Running on as Jojo(Limited Account)
was started @ jeudi, mars 27, 2008, 11:54 PM

Posté le: Jeu 27 Mar 2008 10:51 Sujet : probleme antispykit

------------------------------------------------------------------
- Patiente pendant l'installation des Mises à jour.
- Choisis par la suite l'analyse du Poste de travail.
- Sauvegarde puis colle le rapport généré en fin d'analyse.

NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
Winx

Barrette de RAM Messages: 23 Tutoriaux : 0

J'avais deja fait un rapport kaspercie sur internet explorer un peu plus haut

il faut en faire un deuxieme?

Posté le: Ven 28 Mar 2008 11:55 Sujet : probleme antispykit

re,
oui, je voudrais voir, si tu ne te réinfecte pas et que tu es propre dans ton PC.
A+

Barrette de RAM Messages: 23 Tutoriaux : 0

voila le rapport:

-------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER REPORT
Sunday, March 30, 2008 4:15:50 AM
Operating System: Microsoft Windows Vista Home Edition, (Build 6000)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 28/03/2008
Kaspersky Anti-Virus database records: 668934
-------------------------------------------------------------------------------

Scan Settings:
Scan using the following antivirus database: extended
Scan Archives: true
Scan Mail Bases: true

Scan Target - My Computer:
C:\
D:\
E:\

Scan Statistics:
Total number of scanned objects: 59845
Number of viruses found: 3
Number of infected objects: 6
Number of suspicious objects: 0
Duration of the scan process: 01:49:40

Infected Object Name / Virus Name / Last Action
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile00.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile01.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile02.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile03.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile04.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile05.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile06.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile07.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile08.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile09.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile10.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile11.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile12.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile13.sqm Object is locked skipped
C:\Deckard\System Scanner\20080325180400\backup\Windows\temp\fwtsqmfile14.sqm Object is locked skipped
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLML_MAIN\CLML.db Object is locked skipped
C:\Program Files\GUILD WARS\Gw.dat Object is locked skipped
C:\Program Files\InstallShield Installation Information\{13E613EF-BB55-11D9-9D77-000129760D75}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}\Setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{2637C347-9DAD-11D6-9EA2-00055D0CA761}\setup.ilg Object is locked skipped
C:\Program Files\InstallShield Installation Information\{FC4F90EC-B1DA-11D9-9D77-000129760D75}\setup.ilg Object is locked skipped
C:\Program Files\Navilog1\reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\2571aa5b98a372e4e8d1212b14f7d518_0ccb5e13-5ca3-4f69- 9db3-de2979d69099 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\62c3b74fa1c0e822818d5681e76edc85_0ccb5e13-5ca3-4f69- 9db3-de2979d69099 Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\d6c535860ab109c9c5aac9b5f1e49edb_06fa3f3e-fc7c-492e- bdc8-93c89fbd03bc Object is locked skipped
C:\ProgramData\Microsoft\Crypto\RSA\MachineKeys\f0abd6e394e4ed281883e32fb75db30f_0ccb5e13-5ca3-4f69- 9db3-de2979d69099 Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\History\Low\History.IE5\index.dat Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\History\Low\History.IE5\MSHist012008032920080330\index .dat Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\index.dat Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\ZJJ5YEG2\install_en[1].exe Infected: not-a-virus:Downloader.Win32.WinFixer.au skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\UsrClass.dat Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG1 Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\UsrClass.dat.LOG2 Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\UsrClass.dat{f8618c16-5817-11dc-9c53-00197d42cc9e}.TM. blf Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\UsrClass.dat{f8618c16-5817-11dc-9c53-00197d42cc9e}.TMC ontainer00000000000000000001.regtrans-ms Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows\UsrClass.dat{f8618c16-5817-11dc-9c53-00197d42cc9e}.TMC ontainer00000000000000000002.regtrans-ms Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Feeds Cache\index.dat Object is locked skipped
C:\Users\Jojo\AppData\Local\Microsoft\Windows Defender\FileTracker\{2BB3CDF0-79F9-4E6A-90B6-5AA4E12089F3} Object is locked skipped
C:\Users\Jojo\AppData\Local\Acer Arcade\Log\Trace20080328.log Object is locked skipped
C:\Users\Jojo\AppData\Local\Mozilla\Firefox\Profiles\8lghp9in.default\Cache\_CACHE_001_ Object is locked skipped
C:\Users\Jojo\AppData\Local\Mozilla\Firefox\Profiles\8lghp9in.default\Cache\_CACHE_002_ Object is locked skipped
C:\Users\Jojo\AppData\Local\Mozilla\Firefox\Profiles\8lghp9in.default\Cache\_CACHE_003_ Object is locked skipped
C:\Users\Jojo\AppData\Local\Mozilla\Firefox\Profiles\8lghp9in.default\Cache\_CACHE_MAP_ Object is locked skipped
C:\Users\Jojo\AppData\Roaming\Microsoft\Windows\Cookies\index.dat Object is locked skipped
C:\Users\Jojo\AppData\Roaming\Microsoft\Windows\Cookies\Low\index.dat Object is locked skipped
C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\8lghp9in.default\cert8.db Object is locked skipped
C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\8lghp9in.default\history.dat Object is locked skipped
C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\8lghp9in.default\key3.db Object is locked skipped
C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\8lghp9in.default\parent.lock Object is locked skipped
C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\8lghp9in.default\search.sqlite Object is locked skipped
C:\Users\Jojo\AppData\Roaming\Mozilla\Firefox\Profiles\8lghp9in.default\urlclassifier2.sqlite Object is locked skipped
C:\Users\Jojo\Desktop\clean\clean\pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\Users\Jojo\Desktop\clean.zip/clean/pskill.exe Infected: not-a-virus:RiskTool.Win32.PsKill.k skipped
C:\Users\Jojo\Desktop\clean.zip ZIP: infected - 1 skipped
C:\Users\Jojo\Desktop\SmitfraudFix\Reboot.exe Infected: not-a-virus:RiskTool.Win32.Reboot.f skipped
C:\Users\Jojo\NTUSER.DAT Object is locked skipped
C:\Users\Jojo\ntuser.dat.LOG1 Object is locked skipped
C:\Users\Jojo\ntuser.dat.LOG2 Object is locked skipped
C:\Users\Jojo\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TM.blf Object is locked skipped
C:\Users\Jojo\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000001.regtr ans-ms Object is locked skipped
C:\Users\Jojo\NTUSER.DAT{d8932e6d-6a6f-11db-b6ab-a038f15a5785}.TMContainer00000000000000000002.regtr ans-ms Object is locked skipped
C:\Windows\Debug\PASSWD.LOG Object is locked skipped
C:\Windows\Debug\sam.log Object is locked skipped
C:\Windows\Debug\WIA\wiatrace.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.log Object is locked skipped
C:\Windows\Logs\CBS\CBS.persist.log Object is locked skipped
C:\Windows\Logs\DPX\setupact.log Object is locked skipped
C:\Windows\Logs\DPX\setuperr.log Object is locked skipped
C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe.config Object is locked skipped
C:\Windows\Panther\UnattendGC\diagerr.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\diagwrn.xml Object is locked skipped
C:\Windows\Panther\UnattendGC\setupact.log Object is locked skipped
C:\Windows\Panther\UnattendGC\setuperr.log Object is locked skipped
C:\Windows\security\database\secedit.sdb Object is locked skipped
C:\Windows\SoftwareDistribution\EventCache\{441AB127-45CD-4597-8113-4AD4170DF91C}.bin Object is locked skipped
C:\Windows\SoftwareDistribution\ReportingEvents.log Object is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 O bject is locked skipped
C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 O bject is locked skipped
C:\Windows\System32\catroot2\edb.log Object is locked skipped
C:\Windows\System32\catroot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\catroot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb Object is locked skipped
C:\Windows\System32\config\COMPONENTS Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG1 Object is locked skipped
C:\Windows\System32\config\COMPONENTS.LOG2 Object is locked skipped
C:\Windows\System32\config\DEFAULT Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG1 Object is locked skipped
C:\Windows\System32\config\DEFAULT.LOG2 Object is locked skipped
C:\Windows\System32\config\SAM Object is locked skipped
C:\Windows\System32\config\SAM.LOG1 Object is locked skipped
C:\Windows\System32\config\SAM.LOG2 Object is locked skipped
C:\Windows\System32\config\SECURITY Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG1 Object is locked skipped
C:\Windows\System32\config\SECURITY.LOG2 Object is locked skipped
C:\Windows\System32\config\SOFTWARE Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG1 Object is locked skipped
C:\Windows\System32\config\SOFTWARE.LOG2 Object is locked skipped
C:\Windows\System32\config\SYSTEM Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG1 Object is locked skipped
C:\Windows\System32\config\SYSTEM.LOG2 Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.0.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834b7-750c-494d-bdc3-da86b6e2101a}.TxR.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TM.blf Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer0000000000000000000 1.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer0000000000000000000 2.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer0000000000000000000 3.regtrans-ms Object is locked skipped
C:\Windows\System32\config\TxR\{250834B7-750C-494d-BDC3-DA86B6E2101B}.TMContainer0000000000000000000 4.regtrans-ms Object is locked skipped
C:\Windows\System32\LogFiles\Scm\SCM.EVM Object is locked skipped
C:\Windows\System32\LogFiles\WUDF\WUDFTrace.etl Object is locked skipped
C:\Windows\System32\restore\MachineGuid.txt Object is locked skipped
C:\Windows\System32\spool\SpoolerETW.etl Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagerr.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\diagwrn.xml Object is locked skipped
C:\Windows\System32\sysprep\Panther\setupact.log Object is locked skipped
C:\Windows\System32\sysprep\Panther\setuperr.log Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\3460B7617E0429A960E481B197F238A3.mof Object is locked skipped
C:\Windows\System32\wbem\AutoRecover\8A94AF24F162D580E3D9889344A3A317.mof Object is locked skipped
C:\Windows\System32\wbem\Logs\WMITracing.log Object is locked skipped
C:\Windows\System32\wbem\Repository\INDEX.BTR Object is locked skipped
C:\Windows\System32\wbem\Repository\MAPPI