Logo GNT
Actualités Tests & Guides Bons Plans
Twitter iPhone pliant OnePlus 11 PS5 Disney+ Orange Livebox Windows 11
Entraide Sécurité Sécurité Virus trojan et fichier edlm2.exe

trojan et fichier edlm2.exe

14 réponses
Avatar
gerard
bonjour
J'ai le fichier edlm2.exe qui est infecté par un trojean.
Mon antivirus AVG7 le "heal" quand il apparait mais cela revient
régulièrement
comment m'en débarrasser ?
A quoi sert le fichier edlm2.exe
le message qui apparait :
infecté par "trojan horse generic.TSD"
ou "trojan horse downloader.generic.ZXE"
Merci pour vos conseils
Cordialement
Gérard
Signaler un problème avec ce contenu

10 réponses

Supprimer
Cette action est irreversible, confirmez la suppression du commentaire ?
Signaler le commentaire

Veuillez sélectionner un problème

Nudité
Violence
Harcèlement
Fraude
Vente illégale
Discours haineux
Terrorisme
Autre
1 2
Avatar
NyC
hello gerard you wrote

bonjour
J'ai le fichier edlm2.exe qui est infecté par un trojean.
Mon antivirus AVG7 le "heal" quand il apparait mais cela revient
régulièrement
comment m'en débarrasser ?
A quoi sert le fichier edlm2.exe
le message qui apparait :
infecté par "trojan horse generic.TSD"
ou "trojan horse downloader.generic.ZXE"
Merci pour vos conseils
Cordialement
Gérard


salut,

http://www.sur-la-toile.com/viewTopic_25014_5_edlm2.exe.-Virus-.html


Donc tu passes un coup de Hijackthis, et postes ici le résultat,

te dirais ( ou autre spécialiste )


Cordialement,
--
NyC

return adress valid.

Avatar
gerard
Merci pour vos conseils
Voilà le log Hijackthis
Merci d'avance pour m'aider à faire du ménage
Cordialement
Gérard
-------------
Logfile of HijackThis v1.99.1
Scan saved at 15:31:49, on 17/05/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:WINDOWSSystem32smss.exe
C:WINDOWSsystem32winlogon.exe
C:WINDOWSsystem32services.exe
C:WINDOWSsystem32lsass.exe
C:WINDOWSsystem32svchost.exe
C:Program FilesWindows DefenderMsMpEng.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSExplorer.EXE
C:WINDOWSsystem32spoolsv.exe
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
C:WINDOWSsystem32cisvc.exe
C:WINDOWSsystem32nvsvc32.exe
C:WINDOWSSystem32tcpsvcs.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32ZoneLabsvsmon.exe
C:WINDOWSsystem32SearchIndexer.exe
C:PROGRA~1GrisoftAVGFRE~1avgcc.exe
C:Program FilesJavajre1.5.0_06binjusched.exe
C:WINDOWSSOUNDMAN.EXE
C:Program FilesZone LabsZoneAlarmzlclient.exe
C:Program FilesMSN AppsUpdater1.02.5000.1021frmsnappau.exe
C:Program FilesWindows DefenderMSASCui.exe
C:Program FilesScanSoftOmniPage15.0Opware15.exe
C:Program FilesWinOSXWinRollWinRoll.exe
C:Program FilesWinOSX3r-1c3r-1c.exe
C:Program FilesWinOSXYzShadowYzShadow.exe
C:Program FilesWinOSXObjectDockObjectDock.exe
C:WINDOWSsystem32ctfmon.exe
C:Program FilesRamBoost XPrambxpfr.exe
C:Program FilesFiretrustMailWasher ProMailWasher.exe
C:WINDOWSSystem32svchost.exe
C:WINDOWSsystem32cidaemon.exe
C:WINDOWSsystem32ntvdm.exe
C:Program FilesOutlook Expressmsimn.exe
C:WINDOWSExplorer.EXE
I:HijackThisGenericRenosFix.exe

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.netvibes.com/
R0 - HKLMSoftwareMicrosoftInternet ExplorerMain,Start Page =
http://www.VeryCD.com
R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Local Page R1 - HKCUSoftwareMicrosoftInternet Connection Wizard,ShellNext =
http://www.medion.com/
R1 - HKCUSoftwareMicrosoftWindowsCurrentVersionInternet
Settings,ProxyServer = proxy.wanadoo.fr:8080
R0 - HKCUSoftwareMicrosoftInternet ExplorerToolbar,LinksFolderName =
Liens
F3 - REG:win.ini: run O2 - BHO: Adobe PDF Reader Link Helper -
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:Program FilesAdobeAcrobat
7.0ActiveXAcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} -
C:PROGRA~1SPYBOT~1SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -
C:Program FilesJavajre1.5.0_06binssv.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:Program FilesMSN
AppsST1.03.0000.1005en-xustmain.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} -
c:program filesgooglegoogletoolbar1.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} -
C:Program FilesMSN AppsMSN Toolbar1.02.5000.1021frmsntb.dll
O2 - BHO: IE DOM Explorer - {CC7E636D-39AA-49b6-B511-65413DA137A1} -
C:Program FilesInternet Explorer Developer ToolbarIEDevToolbar.dll
O3 - Toolbar: Developer Toolbar - {CC962137-2E78-4f94-975E-FC0C07DBD78F} -
C:Program FilesInternet Explorer Developer ToolbarIEDevToolbar.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:program
filesgooglegoogletoolbar1.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:Program
FilesMSN AppsMSN Toolbar1.02.5000.1021frmsntb.dll
O4 - HKLM..Run: [WebCam Go Sti Service Application] wbcgosvc
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GrisoftAVGFRE~1avgcc.exe /STARTUP
O4 - HKLM..Run: [SunJavaUpdateSched] C:Program
FilesJavajre1.5.0_06binjusched.exe
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSsystem32NvCpl.dll,NvStartup
O4 - HKLM..Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM..Run: [SiSUSBRG] C:WINDOWSSiSUSBrg.exe
O4 - HKLM..Run: [HostsMan] C:Program
Filesabelhadigital.comHostsManhm.exe -s
O4 - HKLM..Run: [Zone Labs Client] C:Program FilesZone
LabsZoneAlarmzlclient.exe
O4 - HKLM..Run: [msnappau] "C:Program FilesMSN
AppsUpdater1.02.5000.1021frmsnappau.exe"
O4 - HKLM..Run: [Windows Defender] "C:Program FilesWindows
DefenderMSASCui.exe" -hide
O4 - HKLM..Run: [Opware15] "C:Program
FilesScanSoftOmniPage15.0Opware15.exe"
O4 - HKLM..Run: [PDF3 Registry Controller] "C:Program
FilesScanSoftOmniPage15.0PDFConverter3RegistryController.exe"
O4 - HKCU..Run: [msnmsgr] "C:Program FilesMSN Messengermsnmsgr.exe"
/background
O4 - HKCU..Run: [HSIMargin] C:Program FilesWinOSXHSIHSI.exe
"C:Program FilesWinOSXHSIMargin.hss"
O4 - HKCU..Run: [WinRoll] "C:Program FilesWinOSXWinRollWinRoll.exe"
O4 - HKCU..Run: [3r-1c (Volume Control)] C:Program
FilesWinOSX3r-1c3r-1c.exe
O4 - HKCU..Run: [YzShadow] C:Program FilesWinOSXYzShadowYzShadow.exe
O4 - HKCU..Run: [ObjectDock] C:Program
FilesWinOSXObjectDockObjectDock.exe
O4 - HKCU..Run: [ctfmon.exe] C:WINDOWSsystem32ctfmon.exe
O4 - HKCU..Run: [OpAgent] "C:Program
FilesScanSoftOmniPage15.0OpAgent.exe" /agent
O4 - HKCU..Run: [RamBoostXp] C:Program FilesRamBoost XPrambxpfr.exe
O4 - Startup: MailWasherPro.lnk = C:Program FilesFiretrustMailWasher
ProMailWasher.exe
O6 - HKCUSoftwarePoliciesMicrosoftInternet ExplorerControl Panel
present
O8 - Extra context menu item: &MSN Search - res://C:Program FilesMSN
Toolbar SuiteTB2.05.0000.1105fr-frmsntb.dll/search.htm
O8 - Extra context menu item: &Traduire à partir de l'anglais -
res://c:program filesgoogleGoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel -
res://C:PROGRA~1MICROS~2OFFICE11EXCEL.EXE/3000
O8 - Extra context menu item: Open with Scansoft PDF Converter 3.0 -
res://C:Program FilesScanSoftOmniPage15.0PDFConverter3IEShellExt.dll
/100
O8 - Extra context menu item: Ouvrir dans un nouvel onglet d'arrière-plan -
res://C:Program FilesMSN Toolbar
SuiteTAB2.05.0000.1105fr-frmsntabres.dll/229?7bee70eaf2c14b54b2767e3a883c135
O8 - Extra context menu item: Ouvrir dans un nouvel onglet de premier plan -
res://C:Program FilesMSN Toolbar
SuiteTAB2.05.0000.1105fr-frmsntabres.dll/230?7bee70eaf2c14b54b2767e3a883c135
O8 - Extra context menu item: Pages liées - res://c:program
filesgoogleGoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Pages similaires - res://c:program
filesgoogleGoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Recherche &Google - res://c:program
filesgoogleGoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Version de la page actuelle disponible dans le
cache Google - res://c:program filesgoogleGoogleToolbar1.dll/cmcache.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} -
C:Program FilesJavajre1.5.0_06binssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) -
{08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:Program
FilesJavajre1.5.0_06binssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} -
C:PROGRA~1MICROS~2OFFICE11REFIEBAR.DLL
O9 - Extra button: eBay - Homepage -
{EF79EAC5-3452-4E02-B8BD-BA4C89F1AC7A} - C:Program
FilesIrfanViewEbayEbay.htm (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} -
C:Program FilesMessengermsmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger -
{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:Program
FilesMessengermsmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage
Validation Tool) - http://go.microsoft.com/fwlink/?linkid9204
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety
Center Base Module) -
https://scan.safety.live.com/resource/download/scanner/en-us/wlscbase3401.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120685067140
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} (DivXBrowserPlugin
Object) - http://go.divx.com/plugin/DivXBrowserPlugin.cab
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall Control) -
http://a840.g.akamai.net/7/840/537/2003120501/housecall.antivirus.com/housecall/xscan53.cab
O16 - DPF: {80DD2229-B8E4-4C77-B72F-F22972D723EA} (AvxScanOnline Control) -
http://www.bitdefender.com/scan/Msie/bitdefender.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient
Class) -
http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF}
(MsnMessengerSetupDownloadControl Class) -
http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) -
http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {BD4C7EDB-A392-11D9-8BFB-0040953018D7} (PhaseCaster Widget) -
http://www.streamerp2p.com/sfiles/phasex.cab
O16 - DPF: {C1BAC744-8F0B-11D0-89E7-00C0A8295197} (Cameractl Class) -
http://www.crtvg.es/camweb/camera.cab
O16 - DPF: {E87F6C8E-16C0-11D3-BEF7-009027438003} (Persits Software
XUpload) - http://mediamax.streamload.com/Upload/XUpload.ocx
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown
Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} -
"C:PROGRA~1MSNMES~1msgrapp.dll" (file missing)
O18 - Protocol: x-excid - {9D6CC632-1337-4A33-9214-2DA092E776F4} -
C:WINDOWSDownloaded Program Filesmimectl.dll
O20 - Winlogon Notify: ldr64 - C:WINDOWSSYSTEM32ldr64.dll
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. -
C:PROGRA~1GrisoftAVGFRE~1avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. -
C:PROGRA~1GrisoftAVGFRE~1avgupsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision
Corporation - C:Program FilesFichiers
communsInstallShieldDriver11Intel 32IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:Program
FilesiPodbiniPodService.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation -
C:WINDOWSsystem32nvsvc32.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC -
C:WINDOWSsystem32ZoneLabsvsmon.exe
O23 - Service: Service de lancement de WlanCfg (Wlancfg) - Inventel -
C:WINDOWSwlancfg.exe
Avatar
NyC
hello gerard you wrote

Merci pour vos conseils
Voilà le log Hijackthis
Merci d'avance pour m'aider à faire du ménage
Cordialement
Gérard



Cut un peu:

Anna Lyse de sang le robot detectes déja tout ce qui n'est pas logique
sur ton système :

http://www.hijackthis.de/logfiles/9bf3dbd56ecece2b7995e33e33b137e5.html


Il y a pas mal a fixer ( enlever )

Je réfléchis et te dis,

Cdlmt
--
NyC

return adress valid.

Avatar
Boris Ryser
bonojour

j'utilse avg free edition sur mon vieux win98SE

depuis 10 jours...impossible de faire un scan complet...
à chaque fois crash et shutdown...
j'ai installé kaspersky bitdefender les uns après les autres..
et les mêmes crashes...
scan on line panda crash.... securer crash ????
adware et spyboot installlé et à jour


????


à part cela le PC tourne bien !

si quelqu'un à une idée....merci d'avance.

boris ryser
Avatar
gerard
Merci d'avance pour m'expliquer pour le ménage...
Cordialement
Gérard
Avatar
la greunne
Boris Ryser wrote:


si quelqu'un à une idée....merci d'avance.


B'soir,

et lui mettres un coup d'hijackthis ?

http://minilien.com/?URiLI2on5U


--
ben poukoi ?

Avatar
Boris Ryser
"la greunne" a écrit dans le message de
news:446b605f$0$6688$
Boris Ryser wrote:


si quelqu'un à une idée....merci d'avance.


B'soir,

et lui mettres un coup d'hijackthis ?

http://minilien.com/?URiLI2on5U
Logfile of HijackThis v1.99.1

Scan saved at 19:51:34, on 17/05/2006
Platform: Windows 98 SE (Win9x 4.10.2222A)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)

Running processes:
C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMZONELABSVSMON.EXE
C:WINDOWSEXPLORER.EXE
C:PROGRAM FILESGOOGLEGGVIEWER67-54.EXE
C:WINDOWSMIXER.EXE
C:PROGRAM FILESGRISOFTAVG FREEAVGAMSVR.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:PROGRAM FILESGRISOFTAVG FREEAVGCC.EXE
C:PROGRAM FILESGRISOFTAVG FREEAVGEMC.EXE
C:PROGRAM FILESRAM IDLERAMIDLE.EXE
C:PROGRAM FILESZONE LABSZONEALARMZLCLIENT.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAM FILESICOSAUVEICOSAUVE.EXE
C:PROGRAM FILESKASPERSKY LABKASPERSKY ANTI-HACKERKAVPF.EXE
C:WINAMPWINAMP.EXE
H:HEREEMULEEMULE.EXE
C:PROGRAM FILESOUTLOOK EXPRESSMSIMN.EXE
C:PROGRAM FILESOE-QUOTEFIXOEQUOTEFIX.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
F:VIRTUELPROGRHIJACKTHIS.EXE

R0 - HKCUSoftwareMicrosoftInternet ExplorerMain,Start Page http://www.romandie.com/news/
O4 - HKLM..Run: [NvCplDaemon] RUNDLL32.EXE
C:WINDOWSSYSTEMNvCpl.dll,NvStartup
O4 - HKLM..Run: [ScanRegistry] C:WINDOWSscanregw.exe /autorun
O4 - HKLM..Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM..Run: [AVG7_AMSVR] C:PROGRA~1GRISOFTAVGFRE~1AVGAMSVR.EXE
O4 - HKLM..Run: [AVG7_CC] C:PROGRA~1GRISOFTAVGFRE~1AVGCC.EXE /STARTUP
O4 - HKLM..Run: [AVG7_EMC] C:PROGRA~1GRISOFTAVGFRE~1AVGEMC.EXE
O4 - HKLM..Run: [RAM Idle] C:Program FilesRAM IdleRAMIdle.exe
O4 - HKLM..Run: [Zone Labs Client] C:Program FilesZone
LabsZoneAlarmzlclient.exe
O4 - HKLM..Run: [SystemTray] SysTray.Exe
O4 - HKLM..Run: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - HKLM..RunServices: [TrueVector]
C:WINDOWSSYSTEMZONELABSVSMON.EXE -service
O4 - HKLM..RunServices: [LoadPowerProfile] Rundll32.exe
powrprof.dll,LoadCurrentPwrScheme
O4 - Startup: IcoSauve.lnk = C:Program FilesIcoSauveIcoSauve.exe
O4 - Startup: Kaspersky Anti-Hacker.lnk = C:Program FilesKaspersky
LabKaspersky Anti-HackerKAVPF.exe


Avatar
la greunne
Boris Ryser wrote:

et lui mettres un coup d'hijackthis ?

http://minilien.com/?URiLI2on5U
Logfile of HijackThis v1.99.1



couic

O4 - Startup: IcoSauve.lnk = C:Program FilesIcoSauveIcoSauve.exe
O4 - Startup: Kaspersky Anti-Hacker.lnk = C:Program FilesKaspersky
LabKaspersky Anti-HackerKAVPF.exe


manque la suite !


Avatar
Boris Ryser
"la greunne" a écrit dans le message de
news:446b68ca$0$18315$
Boris Ryser wrote:

et lui mettres un coup d'hijackthis ?

http://minilien.com/?URiLI2on5U
Logfile of HijackThis v1.99.1



couic

O4 - Startup: IcoSauve.lnk = C:Program FilesIcoSauveIcoSauve.exe
O4 - Startup: Kaspersky Anti-Hacker.lnk = C:Program FilesKaspersky
LabKaspersky Anti-HackerKAVPF.exe


manque la suite !


Non ! Non ! Il y a tout....( je l'ai refait et c'est le même log!)

boirs ryser



Avatar
Boris Ryser
"la greunne" a écrit dans le message de
news:446b68ca$0$18315$
Boris Ryser wrote:

et lui mettres un coup d'hijackthis ?

http://minilien.com/?URiLI2on5U
Logfile of HijackThis v1.99.1



couic

O4 - Startup: IcoSauve.lnk = C:Program FilesIcoSauveIcoSauve.exe
O4 - Startup: Kaspersky Anti-Hacker.lnk = C:Program FilesKaspersky
LabKaspersky Anti-HackerKAVPF.exe


manque la suite !


voilà:

StartupList report, 17/05/2006, 21:23:38
StartupList version: 1.52.2
Started from : F:VIRTUELPROGRHIJACKTHIS.EXE
Detected: Windows 98 SE (Win9x 4.10.2222A)
Detected: Internet Explorer v6.00 SP1 (6.00.2800.1106)
* Using default options
* Showing rarely important sections
=================================================
Running processes:

C:WINDOWSSYSTEMKERNEL32.DLL
C:WINDOWSSYSTEMMSGSRV32.EXE
C:WINDOWSSYSTEMMPREXE.EXE
C:WINDOWSSYSTEMmmtask.tsk
C:WINDOWSSYSTEMZONELABSVSMON.EXE
C:WINDOWSEXPLORER.EXE
C:PROGRAM FILESGOOGLEGGVIEWER67-54.EXE
C:WINDOWSMIXER.EXE
C:PROGRAM FILESGRISOFTAVG FREEAVGAMSVR.EXE
C:WINDOWSSYSTEMDDHELP.EXE
C:PROGRAM FILESGRISOFTAVG FREEAVGCC.EXE
C:PROGRAM FILESGRISOFTAVG FREEAVGEMC.EXE
C:PROGRAM FILESRAM IDLERAMIDLE.EXE
C:PROGRAM FILESZONE LABSZONEALARMZLCLIENT.EXE
C:WINDOWSSYSTEMSYSTRAY.EXE
C:PROGRAM FILESICOSAUVEICOSAUVE.EXE
C:PROGRAM FILESKASPERSKY LABKASPERSKY ANTI-HACKERKAVPF.EXE
C:WINAMPWINAMP.EXE
H:HEREEMULEEMULE.EXE
C:PROGRAM FILESOUTLOOK EXPRESSMSIMN.EXE
C:PROGRAM FILESOE-QUOTEFIXOEQUOTEFIX.EXE
C:PROGRAM FILESINTERNET EXPLORERIEXPLORE.EXE
C:WINDOWSSYSTEMPSTORES.EXE
F:VIRTUELPROGRHIJACKTHIS.EXE

--------------------------------------------------

Listing of startup folders:

Shell folders Startup:
[C:WINDOWSMenu DémarrerProgrammesDémarrage]
IcoSauve.lnk = C:Program FilesIcoSauveIcoSauve.exe
Kaspersky Anti-Hacker.lnk = C:Program FilesKaspersky LabKaspersky
Anti-HackerKAVPF.exe

--------------------------------------------------

Autorun entries from Registry:
HKLMSoftwareMicrosoftWindowsCurrentVersionRun

NvCplDaemon = RUNDLL32.EXE C:WINDOWSSYSTEMNvCpl.dll,NvStartup
ScanRegistry = C:WINDOWSscanregw.exe /autorun
C-Media Mixer = Mixer.exe /startup
AVG7_AMSVR = C:PROGRA~1GRISOFTAVGFRE~1AVGAMSVR.EXE
AVG7_CC = C:PROGRA~1GRISOFTAVGFRE~1AVGCC.EXE /STARTUP
AVG7_EMC = C:PROGRA~1GRISOFTAVGFRE~1AVGEMC.EXE
RAM Idle = C:Program FilesRAM IdleRAMIdle.exe
Zone Labs Client = C:Program FilesZone LabsZoneAlarmzlclient.exe
SystemTray = SysTray.Exe
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

--------------------------------------------------

Autorun entries from Registry:
HKLMSoftwareMicrosoftWindowsCurrentVersionRunServices

TrueVector = C:WINDOWSSYSTEMZONELABSVSMON.EXE -service
LoadPowerProfile = Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

--------------------------------------------------

File association entry for .TXT:
HKEY_CLASSES_ROOTtxtfileshellopencommand

(Default) = C:WINDOWSNOTEPAD.EXE %1

--------------------------------------------------

Enumerating Active Setup stub paths:
HKLMSoftwareMicrosoftActive SetupInstalled Components
(* = disabled by HKCU twin)

[{89820200-ECBD-11cf-8B85-00AA005B4383}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper
{89820200-ECBD-11cf-8B85-00AA005B4383}

[>PerUser_MSN_Clean] *
StubPath = C:WINDOWSmsnmgsr1.exe

[PerUser_LinkBar_URLs] *
StubPath = C:WINDOWSCOMMANDsulfnbk.exe /L

[{44BBA840-CC51-11CF-AAFA-00AA00B6015C}] *
StubPath = rundll32.exe advpack.dll,UserInstStubWrapper
{44BBA840-CC51-11CF-AAFA-00AA00B6015C}

[{7790769C-0471-11d2-AF11-00C04FA35D02}] *
StubPath = "C:Program FilesOutlook Expresssetup50.exe" /APP:WAB
/CALLER:WIN9X /user /install

[{9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}] *
StubPath = C:WINDOWSSYSTEMupdcrl.exe -e -u
C:WINDOWSSYSTEMverisignpub1.crl

[>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}] *
StubPath = C:WINDOWSinfunregmp2.exe /ShowWMP

[{44BBA851-CC51-11CF-AAFA-00AA00B6015C}]
StubPath = rundll32.exeadvpack.dll

[{89B4C1CD-B018-4511-B0A1-5476DBF70820}] *
StubPath = C:WINDOWSSYSTEMRundll32.exe

--------------------------------------------------

Shell & screensaver key from C:WINDOWSSYSTEM.INI:

Shell=Explorer.exe
SCRNSAVE.EXE drivers=mmsystem.dll power.drv

--------------------------------------------------

Checking for EXPLORER.EXE instances:

C:WINDOWSExplorer.exe: PRESENT!

C:Explorer.exe: not present
C:WINDOWSExplorerExplorer.exe: not present
C:WINDOWSSystemExplorer.exe: not present
C:WINDOWSSystem32Explorer.exe: not present
C:WINDOWSCommandExplorer.exe: not present
C:WINDOWSFontsExplorer.exe: not present

--------------------------------------------------

C:WINDOWSWININIT.BAK listing:
(Created 16/5/2006, 18:14:40)

[rename]
C:WINDOWSSYSTEMmouse.drv=C:WINDOWSSYSTEMmouse.001
C:WINDOWSSYSTEMnvmode.dll=C:WINDOWSSYSTEMmodetmp.dll
C:WINDOWSSYSTEMnvarch16.dll=C:WINDOWSSYSTEMarchtmp.dll
C:WINDOWSSYSTEMwdmaud.drv=C:WINDOWSSYSTEMwdmaud.003
NUL=C:WINDOWSw98setup.bin
NUL=C:WINDOWSsuback.bin
[NUL]
C:WINDOWSSYSTEMDCOMREG.EXE=1

--------------------------------------------------

C:AUTOEXEC.BAT listing:

C:PROGRA~1GRISOFTAVGFRE~1BOOTUP.EXE
C:LETASSIGLETASSIG.EXE @LETTERS.INI /O:DRIVEMAP.DAT /CD
Set tvdumpflags
Set tvdumpflags=8
Set tvdumpflags=8
mode con codepage prepare=((850) C:WINDOWSCOMMANDega.cpi)
mode con codepage select…0
keyb sf,,C:WINDOWSCOMMANDkeyboard.sys

--------------------------------------------------

C:CONFIG.SYS listing:

LASTDRIVE=Z
device=C:WINDOWSCOMMANDdisplay.sys con=(ega,,1)
Country1,850,C:WINDOWSCOMMANDcountry.sys

--------------------------------------------------

Checking for superhidden extensions:

.lnk: HIDDEN! (arrow overlay: yes)
.pif: HIDDEN! (arrow overlay: yes)
.exe: not hidden
.com: not hidden
.bat: not hidden
.hta: not hidden
.scr: not hidden
.shs: HIDDEN!
.shb: HIDDEN!
.vbs: not hidden
.vbe: not hidden
.wsh: not hidden
.scf: HIDDEN! (arrow overlay: NO!)
.url: HIDDEN! (arrow overlay: yes)
.js: not hidden
.jse: not hidden

--------------------------------------------------

Verifying REGEDIT.EXE integrity:

- Regedit.exe found in C:WINDOWS
- .reg open command is normal (regedit.exe %1)
- Regedit.exe has no CompanyName property! It is either missing or named
something else.
- Regedit.exe has no OriginalFilename property! It is either missing or
named something else.
- Regedit.exe has no FileDescription property! It is either missing or named
something else.

Registry check failed!

--------------------------------------------------

Enumerating Task Scheduler jobs:

Maintenance en 1 clic.job

--------------------------------------------------

Enumerating Download Program Files:

[Shockwave Flash Object]
InProcServer32 = C:WINDOWSSYSTEMMACROMEDFLASHFLASH8B.OCX
CODEBASE http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab

[Update Class]
InProcServer32 = C:WINDOWSSYSTEMIUCTL.DLL
CODEBASE http://v4.windowsupdate.microsoft.com/CAB/x86/ansi/iuctl.CAB?38391.7416435185

[Shockwave ActiveX Control]
InProcServer32 = C:WINDOWSSYSTEMMACROMEDDIRECTORSWDIR.DLL
CODEBASE = http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

--------------------------------------------------

Enumerating ShellServiceObjectDelayLoad items:

WebCheck: C:WINDOWSSYSTEMWEBCHECK.DLL

--------------------------------------------------
End of report, 8'042 bytes
Report generated in 1.784 seconds

Command line options:
/verbose - to add additional info on each section
/complete - to include empty sections and unsuspicious data
/full - to include several rarely-important sections
/force9x - to include Win9x-only startups even if running on WinNT
/forcent - to include WinNT-only startups even if running on Win9x
/forceall - to include all Win9x and WinNT startups, regardless of
platform
/history - to list version history only



1 2