Sujet Précédent Sujet Suivant

Virus infeccté par differents trojans

Fermé
pipicacapopo - 1 févr. 2008 à 13:41
vieu bison boiteu Messages postés 44314 Date d'inscription lundi 11 avril 2005 Statut Contributeur Dernière intervention 23 décembre 2024 - 1 févr. 2008 à 14:11
Bonjour,
Aujourd'hui j'allume mon PC et je remarque qu'il effectue certaines operations anormales . Tout d'abord l'acces au changement de fond d'écran ( Proprietés ) n'est plus accessible, ensuite un message m'avertit regulierement de mon infection, j'ai telechargé Trojan Remover qui m'a fait un rapport, en effet je pense que c'est un trojan car ayant un antivirus il le l'a indiqué mais je n'en suis pas sur
Voici le rapport :

Ici : ***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
2/1/2008 1:22:53 PM: Trojan Remover has been restarted
=======================================================
Removing the following registry keys:
HKCR\CLSID\{bb14d5ae-5600-4980-9448-4db5d7a3df23} - already removed
HKCR\CLSID\{F4446BBA-5EEE-C110-11F3-D294C3B838AF} - already removed
=======================================================
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[Printer] - already deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[Ultimate Defender] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[Windows update loader] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[Brave-Sentry] - already deleted
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\[Spoolsv] - already deleted
HKLM\SYSTEM\CurrentControlSet\Services\runtime\[ImagePath] - already deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\[KernelRam] - already deleted
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\[yQJfCbpYY] - already deleted
=======================================================
Unable to rename C:\Windows\xpupdate.exe to C:\Windows\xpupdate.exe.vir
(C:\Windows\xpupdate.exe does not appear to exist)
Unable to rename C:\WINNT\System32\drivers\runtime.sys to C:\WINNT\System32\drivers\runtime.sys.vir
(C:\WINNT\System32\drivers\runtime.sys does not appear to exist)
2/1/2008 1:22:53 PM: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.5.2510. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 2/1/2008 1:15:56 PM
Using Database v6929
Operating System: Windows 2000 Server Service Pack 4 (Build 2195)
File System: NTFS
Data directory: C:\Documents and Settings\Administrator\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\Administrator\My Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges


**************************************************

**************************************************
1:15:56 PM: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINNT

**************************************************
1:15:56 PM: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINNT

**************************************************
1:15:56 PM: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
1:15:57 PM: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINNT\Explorer.exe
243472 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
File: C:\WINNT\shell.exe
C:\WINNT\shell.exe
9728 bytes
Created: 2/1/2008
Modified: 6/6/2005
Company:
C:\WINNT\shell.exe - process is either not running or could not be terminated
C:\WINNT\shell.exe has been renamed to: C:\WINNT\shell.exe.vir
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINNT\system32\userinit.exe
C:\WINNT\system32\userinit.exe
17680 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value appears to be blank
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: run
C:\WINNT\mmall.exe
23552 bytes
Created: 2/1/2008
Modified: 2/1/2008
Company:
--------------------
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: SmcService
Value Data: C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
C:\PROGRA~1\Sygate\SPF\smc.exe
2532576 bytes
Created: 8/13/2004
Modified: 8/13/2004
Company: Sygate Technologies, Inc.
--------------------
Value Name: PinnacleDriverCheck
Value Data: C:\WINNT\system32\PSDrvCheck.exe
C:\WINNT\system32\PSDrvCheck.exe
406016 bytes
Created: 11/10/2003
Modified: 11/10/2003
Company:
--------------------
Value Name: CTSysVol
Value Data: C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe /r
C:\Program Files\Creative\SBLive 24-Bit External\Surround Mixer\CTSysVol.exe
57344 bytes
Created: 1/7/2006
Modified: 9/17/2003
Company: Creative Technology Ltd
--------------------
Value Name: SbUsb AudCtrl
Value Data: RunDll32 sbusbdll.dll,RCMonitor
C:\WINNT\system32\sbusbdll.dll
119296 bytes
Created: 1/7/2006
Modified: 7/9/2004
Company: Creative Technology Ltd
--------------------
Value Name: UpdReg
Value Data: C:\WINNT\UpdReg.EXE
C:\WINNT\UpdReg.EXE
90112 bytes
Created: 1/7/2006
Modified: 5/11/2000
Company: Creative Technology Ltd.
--------------------
Value Name: RemoteCenter
Value Data:
The Value Data for this entry appears to be blank
--------------------
Value Name: TalkRun
Value Data: "C:\Program Files\NCH Swift Sound\Talk\talk.exe" -logon
C:\Program Files\NCH Swift Sound\Talk\talk.exe
544772 bytes
Created: 8/9/2007
Modified: 8/9/2007
Company:
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
155648 bytes
Created: 12/26/2007
Modified: 12/26/2007
Company: Apple Computer, Inc.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
132496 bytes
Created: 12/27/2007
Modified: 9/25/2007
Company: Sun Microsystems, Inc.
--------------------
Value Name: System
Value Data: C:\WINNT\system32\kernelwind64.exe
C:\WINNT\system32\kernelwind64.exe
17520 bytes
Created: 2/1/2008
Modified: 2/1/2008
Company:
--------------------
Value Name: SystemSv121
Value Data: C:\WINNT\system32\n2ewma1xxsv234.exe
C:\WINNT\system32\n2ewma1xxsv234.exe
13682 bytes
Created: 2/1/2008
Modified: 2/1/2008
Company:
--------------------
Value Name: runtime.exe
Value Data: C:\WINNT\system32\runtime.exe
C:\WINNT\system32\runtime.exe
112640 bytes
Created: 2/1/2008
Modified: 2/1/2008
Company:
--------------------
Value Name: SystemSv12
Value Data: C:\WINNT\system32\newmaxxsv234.exe
C:\WINNT\system32\newmaxxsv234.exe
12796 bytes
Created: 2/1/2008
Modified: 2/1/2008
Company:
--------------------
Value Name: InstallShield Installation Information
Value Data: C:\WINNT\twain.exe
C:\WINNT\twain.exe
35840 bytes
Created: 2/1/2008
Modified: 2/1/2008
Company:
--------------------
Value Name: Printer
Value Data: C:\WINNT\system32\printer.exe
C:\WINNT\system32\printer.exe
9728 bytes
Created: 2/1/2008
Modified: 6/6/2005
Company:
C:\WINNT\system32\printer.exe appears to contain: SUSPICIOUS.ENTRY
C:\WINNT\system32\printer.exe - this registry value has been removed
C:\WINNT\system32\printer.exe - process is either not running or could not be terminated
C:\WINNT\system32\printer.exe has been renamed to: C:\WINNT\system32\printer.exe.vir
--------------------
Value Name: runner1
Value Data: C:\WINNT\mrofinu27.exe 61A847B5BBF72810358B2B27128065E9C084320161C4661227A755E9C2933154389A
C:\WINNT\mrofinu27.exe [file not found to scan]
--------------------
Value Name: Microsoft all
Value Data: C:\WINNT\mmall.exe
C:\WINNT\mmall.exe
23552 bytes
Created: 2/1/2008
Modified: 2/1/2008
Company:
--------------------
Value Name: Ultimate Defender
Value Data: "C:\Program Files\Ultimate Defender\UltimateDefender.exe" hide
C:\Program Files\Ultimate Defender\UltimateDefender.exe
1304272 bytes
Created: 2/1/2008
Modified: 2/1/2008
Company: Nous-Tech Solutions Ltd.
C:\Program Files\Ultimate Defender\UltimateDefender.exe appears to contain: PUS.ULTIMATEDEFENDER
C:\Program Files\Ultimate Defender\UltimateDefender.exe" hide - this registry value has been removed
C:\Program Files\Ultimate Defender\UltimateDefender.exe - running process located and terminated
C:\Program Files\Ultimate Defender\UltimateDefender.exe has been renamed to: C:\Program Files\Ultimate Defender\UltimateDefender.exe.vir
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
744016 bytes
Created: 2/1/2008
Modified: 1/31/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: ctfmon.exe
C:\WINNT\system32\ctfmon.exe
8192 bytes
Created: 2/20/2001
Modified: 2/20/2001
Company: Microsoft Corporation
--------------------
Value Name: SetDefaultMIDI
Value Data: MIDIDef.exe
MIDIDef.exe [file not found to scan]
--------------------
Value Name: RemoteCenter
Value Data: C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe
147456 bytes
Created: 1/7/2006
Modified: 6/25/2004
Company: Creative Technology Ltd
--------------------
Value Name: RemoteControl
Value Data:
The Value Data for this entry appears to be blank
--------------------
Value Name: Creative Detector
Value Data: C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe /R
C:\Program Files\Creative\MediaSource\Detector\CTDetect.exe
98304 bytes
Created: 1/7/2006
Modified: 10/2/2003
Company: Creative Technology Ltd
--------------------
Value Name: Windows update loader
Value Data: C:\Windows\xpupdate.exe
C:\Windows\xpupdate.exe - has a *known* Malware filename: TROJAN.FAKEALERT
C:\Windows\xpupdate.exe - this registry value has been removed [file not found to scan]
C:\Windows\xpupdate.exe - process is either not running or could not be terminated
C:\Windows\xpupdate.exe - unable to take ownsership/change permissions
C:\Windows\xpupdate.exe has been marked for renaming when the PC is restarted (if it exists)
C:\WINNT\DESKTOP.HTML, associated with Trojan.FakeAlert, has been deleted
--------------------
Value Name: Brave-Sentry
Value Data: C:\Program Files\BraveSentry\BraveSentry.exe
C:\Program Files\BraveSentry\BraveSentry.exe
471040 bytes
Created: 2/1/2008
Modified: 2/1/2008
Company:
C:\Program Files\BraveSentry\BraveSentry.exe appears to contain: SECURITYRISK.BRAVESENTRY
C:\Program Files\BraveSentry\BraveSentry.exe - this registry value has been removed
C:\Program Files\BraveSentry\BraveSentry.exe - running process located and terminated
C:\Program Files\BraveSentry\BraveSentry.exe has been renamed to: C:\Program Files\BraveSentry\BraveSentry.exe.vir
--------------------
Value Name: Spoolsv
Value Data: C:\WINNT\system32\spoolvs.exe
C:\WINNT\system32\spoolvs.exe
9728 bytes
Created: 2/1/2008
Modified: 6/6/2005
Company:
C:\WINNT\system32\spoolvs.exe appears to contain: SUSPICIOUS.ENTRY
C:\WINNT\system32\spoolvs.exe - this registry value has been removed
C:\WINNT\system32\spoolvs.exe - process is either not running or could not be terminated
C:\WINNT\system32\spoolvs.exe has been renamed to: C:\WINNT\system32\spoolvs.exe.vir
--------------------
Value Name: Microsoft all
Value Data: C:\WINNT\mmall.exe
C:\WINNT\mmall.exe
23552 bytes
Created: 2/1/2008
Modified: 2/1/2008
Company:
--------------------
Value Name: Dot1XCfg
Value Data: C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
61440 bytes
Created: 2/1/2008
Modified: 2/1/2008
Company:
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

**************************************************
1:16:29 PM: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

**************************************************
1:16:29 PM: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
1:16:30 PM: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
--------------------

**************************************************
1:16:30 PM: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: C:\WINNT\inf\unregmp2.exe
C:\WINNT\inf\unregmp2.exe
192512 bytes
Created: 1/20/2008
Modified: 12/11/2002
Company: Microsoft Corporation
----------
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: %ProgramFiles%\Outlook Express\setup50.exe
C:\Program Files\Outlook Express\setup50.exe
67584 bytes
Created: 8/29/2002
Modified: 8/29/2002
Company: Microsoft Corporation
----------
Key: {6A5110B5-E14B-4268-A065-EF89FF33C325}
Path: regsvr32.exe
C:\WINNT\system32\regsvr32.exe
11024 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: %ProgramFiles%\Outlook Express\setup50.exe
C:\Program Files\Outlook Express\setup50.exe
67584 bytes
Created: 8/29/2002
Modified: 8/29/2002
Company: Microsoft Corporation
----------
Key: {89820200-ECBD-11cf-8B85-00AA005B4340}
Path: regsvr32.exe
C:\WINNT\system32\regsvr32.exe
11024 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: %SystemRoot%\system32\ie4uinit.exe
C:\WINNT\system32\ie4uinit.exe
28672 bytes
Created: 8/29/2002
Modified: 8/29/2002
Company: Microsoft Corporation
----------
Key: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
Path: %SystemRoot%\system32\updcrl.exe
C:\WINNT\system32\updcrl.exe
7168 bytes
Created: 3/23/2001
Modified: 3/23/2001
Company: Microsoft Corporation
----------

**************************************************
1:16:31 PM: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: C:\WINNT\system32\qmgr.dll
C:\WINNT\system32\qmgr.dll
244224 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
--------------------
Key: EventSystem
Path: C:\WINNT\system32\es.dll
C:\WINNT\system32\es.dll
239888 bytes
Created: 3/11/2004
Modified: 3/11/2004
Company: Microsoft Corporation
--------------------
Key: Netman
Path: %SystemRoot%\System32\netman.dll
C:\WINNT\System32\netman.dll
95504 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
--------------------
Key: NtmsSvc
Path: %SystemRoot%\System32\NtmsSvc.dll
C:\WINNT\System32\NtmsSvc.dll
401168 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
--------------------
Key: RasAuto
Path: %SystemRoot%\System32\rasauto.dll
C:\WINNT\System32\rasauto.dll
77584 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
--------------------
Key: RasMan
Path: %SystemRoot%\System32\rasmans.dll
C:\WINNT\System32\rasmans.dll
153360 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
--------------------
Key: RemoteAccess
Path: %SystemRoot%\System32\mprdim.dll
C:\WINNT\System32\mprdim.dll
47376 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
--------------------
Key: RpcSs
Path: %SystemRoot%\system32\rpcss.dll
C:\WINNT\system32\rpcss.dll
273680 bytes
Created: 4/8/2005
Modified: 4/8/2005
Company: Microsoft Corporation
--------------------
Key: SENS
Path: %SystemRoot%\system32\sens.dll
C:\WINNT\system32\sens.dll
38160 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
--------------------
Key: SharedAccess
Path: %SystemRoot%\System32\ipnathlp.dll
C:\WINNT\System32\ipnathlp.dll
442640 bytes
Created: 10/19/2005
Modified: 1/12/2005
Company: Microsoft Corporation
--------------------
Key: TapiSrv
Path: %SystemRoot%\System32\tapisrv.dll
C:\WINNT\System32\tapisrv.dll
173840 bytes
Created: 1/13/2005
Modified: 1/13/2005
Company: Microsoft Corporation
--------------------
Key: WmdmPmSN
Path: C:\WINNT\system32\mspmsnsv.dll
C:\WINNT\system32\mspmsnsv.dll
52224 bytes
Created: 1/7/2006
Modified: 11/26/2002
Company: Microsoft Corporation
--------------------
Key: wuauserv
Path: C:\WINNT\system32\wuauserv.dll
C:\WINNT\system32\wuauserv.dll
9216 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
--------------------
Key: WZCSVC
Path: %SystemRoot%\System32\wzcsvc.dll
C:\WINNT\System32\wzcsvc.dll
195856 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
--------------------

**************************************************
1:16:32 PM: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ACPI
ImagePath: system32\DRIVERS\ACPI.sys
C:\WINNT\system32\DRIVERS\ACPI.sys
163120 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: AFD
ImagePath: \SystemRoot\System32\drivers\afd.sys
C:\WINNT\System32\drivers\afd.sys
127568 bytes
Created: 10/19/2005
Modified: 4/21/2005
Company: Microsoft Corporation
----------
Key: Alerter
ImagePath: %SystemRoot%\system32\services.exe
C:\WINNT\system32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: AppMgmt
ImagePath: %SystemRoot%\system32\services.exe
C:\WINNT\system32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: ASAPIW2K
ImagePath: System32\Drivers\ASAPIW2K.sys
C:\WINNT\System32\Drivers\ASAPIW2K.sys
11264 bytes
Created: 11/28/2003
Modified: 11/28/2003
Company: Pinnacle Systems GmbH
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\WINNT\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
32768 bytes
Created: 2/20/2003
Modified: 2/20/2003
Company: Microsoft Corporation
----------
Key: AsyncMac
ImagePath: system32\DRIVERS\asyncmac.sys
C:\WINNT\system32\DRIVERS\asyncmac.sys
17840 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINNT\system32\DRIVERS\atapi.sys
86672 bytes
Created: 10/19/2005
Modified: 6/19/2003
Company: Microsoft Corporation
----------
Key: atirage3
ImagePath: system32\DRIVERS\atimpab.sys
C:\WINNT\system32\DRIVERS\atimpab.sys
71632 bytes
Created: 10/19/2005
Modified: 11/10/1999
Company: ATI Technologies Inc.
----------
Key: Atmarpc
ImagePath: system32\DRIVERS\atmarpc.sys
C:\WINNT\system32\DRIVERS\atmarpc.sys
57904 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: audstub
ImagePath: system32\DRIVERS\audstub.sys
C:\WINNT\system32\DRIVERS\audstub.sys
2896 bytes
Created: 10/19/2005
Modified: 9/25/1999
Company: Microsoft Corporation
----------
Key: Browser
ImagePath: %SystemRoot%\system32\services.exe
C:\WINNT\system32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: ccdecode
ImagePath: system32\drivers\ccdecode.sys
C:\WINNT\system32\drivers\ccdecode.sys
16384 bytes
Created: 10/27/2005
Modified: 2/17/2003
Company: Microsoft Corporation
----------
Key: cdrdrv
ImagePath: System32\Drivers\Cdrdrv.sys
C:\WINNT\System32\Drivers\Cdrdrv.sys
62976 bytes
Created: 8/3/2004
Modified: 8/3/2004
Company: Pinnacle Systems GmbH
----------
Key: Cdrom
ImagePath: system32\DRIVERS\cdrom.sys
C:\WINNT\system32\DRIVERS\cdrom.sys
27984 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: cisvc
ImagePath: C:\WINNT\system32\cisvc.exe
C:\WINNT\system32\cisvc.exe
5392 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: ClipSrv
ImagePath: %SystemRoot%\system32\clipsrv.exe
C:\WINNT\system32\clipsrv.exe
31504 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: CoachUsb
ImagePath: system32\DRIVERS\CoachUsb.sys
C:\WINNT\system32\DRIVERS\CoachUsb.sys
-R- 50368 bytes
Created: 12/26/2007
Modified: 3/22/2007
Company: FotoNation Inc.
----------
Key: Creative Service for CDROM Access
ImagePath: C:\WINNT\system32\CTsvcCDA.EXE
C:\WINNT\system32\CTsvcCDA.EXE
44032 bytes
Created: 1/7/2006
Modified: 12/13/1999
Company: Creative Technology Ltd
----------
Key: ctsfm2k
ImagePath: system32\DRIVERS\ctsfm2k.sys
C:\WINNT\system32\DRIVERS\ctsfm2k.sys
130384 bytes
Created: 1/7/2006
Modified: 4/26/2004
Company: Creative Technology Ltd
----------
Key: Dfs
ImagePath: %SystemRoot%\system32\Dfssvc.exe
C:\WINNT\system32\Dfssvc.exe
90896 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: DfsDriver
ImagePath: system32\drivers\Dfs.sys
C:\WINNT\system32\drivers\Dfs.sys
74448 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Dhcp
ImagePath: %SystemRoot%\system32\services.exe
C:\WINNT\system32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: Disk
ImagePath: system32\DRIVERS\disk.sys
C:\WINNT\system32\DRIVERS\disk.sys
30768 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: dmadmin
ImagePath: %SystemRoot%\System32\dmadmin.exe /com
C:\WINNT\System32\dmadmin.exe
147728 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: VERITAS Software Corp.
----------
Key: dmboot
ImagePath: System32\drivers\dmboot.sys
C:\WINNT\System32\drivers\dmboot.sys
369104 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: VERITAS Software Corp.
----------
Key: dmio
ImagePath: System32\drivers\dmio.sys
C:\WINNT\System32\drivers\dmio.sys
137936 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: VERITAS Software Corp.
----------
Key: dmload
ImagePath: System32\drivers\dmload.sys
C:\WINNT\System32\drivers\dmload.sys
7312 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: VERITAS Software Corp.
----------
Key: dmserver
ImagePath: %SystemRoot%\System32\services.exe
C:\WINNT\System32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: DMusic
ImagePath: system32\drivers\DMusic.sys
C:\WINNT\system32\drivers\DMusic.sys
51152 bytes
Created: 1/7/2006
Modified: 10/28/1999
Company: Microsoft Corporation
----------
Key: Dnscache
ImagePath: %SystemRoot%\system32\services.exe
C:\WINNT\system32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: E1000
ImagePath: system32\DRIVERS\e1000nt5.sys
C:\WINNT\system32\DRIVERS\e1000nt5.sys
-R- 170496 bytes
Created: 10/19/2005
Modified: 6/3/2005
Company: Intel Corporation
----------
Key: Eventlog
ImagePath: %SystemRoot%\system32\services.exe
C:\WINNT\system32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: Fax
ImagePath: %systemroot%\system32\faxsvc.exe
C:\WINNT\system32\faxsvc.exe
94992 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Fdc
ImagePath: system32\DRIVERS\fdc.sys
C:\WINNT\system32\DRIVERS\fdc.sys
26256 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Flpydisk
ImagePath: system32\DRIVERS\flpydisk.sys
C:\WINNT\system32\DRIVERS\flpydisk.sys
19312 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: FltMgr
ImagePath: system32\drivers\fltmgr.sys
C:\WINNT\system32\drivers\fltmgr.sys
136880 bytes
Created: 4/13/2005
Modified: 4/13/2005
Company: Microsoft Corporation
----------
Key: Ftdisk
ImagePath: system32\DRIVERS\ftdisk.sys
C:\WINNT\system32\DRIVERS\ftdisk.sys
116400 bytes
Created: 10/19/2005
Modified: 12/2/2004
Company: Microsoft Corporation
----------
Key: Gpc
ImagePath: system32\DRIVERS\msgpc.sys
C:\WINNT\system32\DRIVERS\msgpc.sys
34704 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: hidusb
ImagePath: system32\DRIVERS\hidusb.sys
C:\WINNT\system32\DRIVERS\hidusb.sys
13904 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: i8042prt
ImagePath: system32\DRIVERS\i8042prt.sys
C:\WINNT\system32\DRIVERS\i8042prt.sys
46992 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: IDriverT
ImagePath: "C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created: 11/14/2005
Modified: 11/14/2005
Company: Macrovision Corporation
----------
Key: IISADMIN
ImagePath: C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
14608 bytes
Created: 10/23/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: IpFilterDriver
ImagePath: system32\DRIVERS\ipfltdrv.sys
C:\WINNT\system32\DRIVERS\ipfltdrv.sys
34416 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: IpInIp
ImagePath: system32\DRIVERS\ipinip.sys
C:\WINNT\system32\DRIVERS\ipinip.sys
19984 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: IpNat
ImagePath: system32\DRIVERS\ipnat.sys
C:\WINNT\system32\DRIVERS\ipnat.sys
67344 bytes
Created: 10/19/2005
Modified: 8/11/2004
Company: Microsoft Corporation
----------
Key: IPSEC
ImagePath: system32\DRIVERS\ipsec.sys
C:\WINNT\system32\DRIVERS\ipsec.sys
64304 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: IRENUM
ImagePath: System32\DRIVERS\irenum.sys
C:\WINNT\System32\DRIVERS\irenum.sys
10288 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: isapnp
ImagePath: system32\DRIVERS\isapnp.sys
C:\WINNT\system32\DRIVERS\isapnp.sys
46992 bytes
Created: 10/19/2005
Modified: 6/19/2003
Company: Microsoft Corporation
----------
Key: IsmServ
ImagePath: %SystemRoot%\System32\ismserv.exe
C:\WINNT\System32\ismserv.exe
25872 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Kbdclass
ImagePath: system32\DRIVERS\kbdclass.sys
C:\WINNT\system32\DRIVERS\kbdclass.sys
24528 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: kbdhid
ImagePath: system32\DRIVERS\kbdhid.sys
C:\WINNT\system32\DRIVERS\kbdhid.sys
13744 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: kdc
ImagePath: %SystemRoot%\System32\lsass.exe
C:\WINNT\System32\lsass.exe
33552 bytes
Created: 10/19/2005
Modified: 12/19/2004
Company: Microsoft Corporation
----------
Key: kmixer
ImagePath: system32\drivers\kmixer.sys
C:\WINNT\system32\drivers\kmixer.sys
148304 bytes
Created: 1/7/2006
Modified: 6/19/2003
Company: Microsoft Corporation
----------
Key: lanmanserver
ImagePath: %SystemRoot%\system32\services.exe
C:\WINNT\system32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: lanmanworkstation
ImagePath: %SystemRoot%\system32\services.exe
C:\WINNT\system32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: LicenseService
ImagePath: %SystemRoot%\System32\llssrv.exe
C:\WINNT\System32\llssrv.exe
85264 bytes
Created: 1/13/2005
Modified: 1/13/2005
Company: Microsoft Corporation
----------
Key: LmHosts
ImagePath: %SystemRoot%\system32\services.exe
C:\WINNT\system32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: MDM
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe"
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
270336 bytes
Created: 2/23/2001
Modified: 2/23/2001
Company: Microsoft Corporation
----------
Key: Messenger
ImagePath: %SystemRoot%\system32\services.exe
C:\WINNT\system32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: mnmsrvc
ImagePath: C:\WINNT\system32\mnmsrvc.exe
C:\WINNT\system32\mnmsrvc.exe
21776 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Mouclass
ImagePath: system32\DRIVERS\mouclass.sys
C:\WINNT\system32\DRIVERS\mouclass.sys
21776 bytes
Created: 6/19/2003
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: mouhid
ImagePath: system32\DRIVERS\mouhid.sys
C:\WINNT\system32\DRIVERS\mouhid.sys
11632 bytes
Created: 6/19/2003
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: MPE
ImagePath: system32\DRIVERS\MPE.sys
C:\WINNT\system32\DRIVERS\MPE.sys
15104 bytes
Created: 10/27/2005
Modified: 2/17/2003
Company: Microsoft Corporation
----------
Key: MRxSmb
ImagePath: system32\DRIVERS\mrxsmb.sys
C:\WINNT\system32\DRIVERS\mrxsmb.sys
432976 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: MSDTC
ImagePath: C:\WINNT\system32\msdtc.exe
C:\WINNT\system32\msdtc.exe
6928 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: MSFTPSVC
ImagePath: C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
14608 bytes
Created: 10/23/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: MSIServer
ImagePath: C:\WINNT\system32\msiexec.exe /V
C:\WINNT\system32\msiexec.exe
78848 bytes
Created: 10/19/2005
Modified: 5/3/2005
Company: Microsoft Corporation
----------
Key: MSKSSRV
ImagePath: system32\drivers\MSKSSRV.sys
C:\WINNT\system32\drivers\MSKSSRV.sys
7424 bytes
Created: 10/27/2005
Modified: 12/11/2002
Company: Microsoft Corporation
----------
Key: MSPCLOCK
ImagePath: system32\drivers\MSPCLOCK.sys
C:\WINNT\system32\drivers\MSPCLOCK.sys
5248 bytes
Created: 10/27/2005
Modified: 12/11/2002
Company: Microsoft Corporation
----------
Key: MSPQM
ImagePath: system32\drivers\MSPQM.sys
C:\WINNT\system32\drivers\MSPQM.sys
4816 bytes
Created: 10/19/2005
Modified: 9/25/1999
Company: Microsoft Corporation
----------
Key: MSSEARCH
ImagePath: "C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\mssearch.exe"
C:\Program Files\Common Files\Microsoft Shared\MSSearch\Bin\mssearch.exe
69632 bytes
Created: 1/3/2006
Modified: 12/4/2002
Company: Microsoft Corporation
----------
Key: MSSQLSERVER
ImagePath: C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlservr.exe
7520337 bytes
Created: 10/23/2005
Modified: 12/17/2002
Company: Microsoft Corporation
----------
Key: MSSQLServerADHelper
ImagePath: C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
66112 bytes
Created: 10/23/2005
Modified: 12/17/2002
Company: Microsoft Corporation
----------
Key: MSTEE
ImagePath: system32\drivers\MSTEE.sys
C:\WINNT\system32\drivers\MSTEE.sys
5504 bytes
Created: 10/27/2005
Modified: 12/11/2002
Company: Microsoft Corporation
----------
Key: NABTSFEC
ImagePath: system32\DRIVERS\NABTSFEC.sys
C:\WINNT\system32\DRIVERS\NABTSFEC.sys
83968 bytes
Created: 10/27/2005
Modified: 2/17/2003
Company: Microsoft Corporation
----------
Key: NdisTapi
ImagePath: system32\DRIVERS\ndistapi.sys
C:\WINNT\system32\DRIVERS\ndistapi.sys
9200 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Ndisuio
ImagePath: system32\DRIVERS\ndisuio.sys
C:\WINNT\system32\DRIVERS\ndisuio.sys
11984 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: NdisWan
ImagePath: system32\DRIVERS\ndiswan.sys
C:\WINNT\system32\DRIVERS\ndiswan.sys
93360 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: NetBIOS
ImagePath: system32\DRIVERS\netbios.sys
C:\WINNT\system32\DRIVERS\netbios.sys
33456 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: NetBT
ImagePath: system32\DRIVERS\netbt.sys
C:\WINNT\system32\DRIVERS\netbt.sys
175632 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: NetDDE
ImagePath: %SystemRoot%\system32\netdde.exe
C:\WINNT\system32\netdde.exe
110352 bytes
Created: 10/19/2005
Modified: 7/9/2004
Company: Microsoft Corporation
----------
Key: NetDDEdsdm
ImagePath: %SystemRoot%\system32\netdde.exe
C:\WINNT\system32\netdde.exe
110352 bytes
Created: 10/19/2005
Modified: 7/9/2004
Company: Microsoft Corporation
----------
Key: NetDetect
ImagePath: \SystemRoot\system32\drivers\netdtect.sys
C:\WINNT\system32\drivers\netdtect.sys
9680 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Netlogon
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINNT\system32\lsass.exe
33552 bytes
Created: 10/19/2005
Modified: 12/19/2004
Company: Microsoft Corporation
----------
Key: NntpSvc
ImagePath: C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
14608 bytes
Created: 10/23/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: NtFrs
ImagePath: %SystemRoot%\system32\ntfrs.exe
C:\WINNT\system32\ntfrs.exe
745232 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: NtLmSsp
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINNT\system32\lsass.exe
33552 bytes
Created: 10/19/2005
Modified: 12/19/2004
Company: Microsoft Corporation
----------
Key: NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys
C:\WINNT\system32\DRIVERS\nwlnkflt.sys
12560 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys
C:\WINNT\system32\DRIVERS\nwlnkfwd.sys
35344 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: ossrv
ImagePath: system32\DRIVERS\ctoss2k.sys
C:\WINNT\system32\DRIVERS\ctoss2k.sys
178736 bytes
Created: 1/7/2006
Modified: 4/26/2004
Company: Creative Technology Ltd.
----------
Key: Parallel
ImagePath: system32\DRIVERS\parallel.sys
C:\WINNT\system32\DRIVERS\parallel.sys
60208 bytes
Created: 6/19/2003
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Parport
ImagePath: system32\DRIVERS\parport.sys
C:\WINNT\system32\DRIVERS\parport.sys
25104 bytes
Created: 6/19/2003
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: PCANDIS5
ImagePath: \??\C:\WINNT\system32\PCANDIS5.SYS
C:\WINNT\system32\PCANDIS5.SYS
17134 bytes
Created: 10/19/2005
Modified: 10/19/2005
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: PCI
ImagePath: system32\DRIVERS\pci.sys
C:\WINNT\system32\DRIVERS\pci.sys
59312 bytes
Created: 10/19/2005
Modified: 6/19/2003
Company: Microsoft Corporation
----------
Key: PCIIde
ImagePath: system32\DRIVERS\pciide.sys
C:\WINNT\system32\DRIVERS\pciide.sys
3088 bytes
Created: 10/19/2005
Modified: 6/19/2003
Company: Microsoft Corporation
----------
Key: PfModNT
ImagePath: \??\C:\WINNT\system32\drivers\PfModNT.sys
C:\WINNT\system32\drivers\PfModNT.sys
71596 bytes
Created: 1/7/2006
Modified: 6/3/2004
Company: Creative Technology Ltd.
----------
Key: PlugPlay
ImagePath: %SystemRoot%\system32\services.exe
C:\WINNT\system32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: PolicyAgent
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINNT\system32\lsass.exe
33552 bytes
Created: 10/19/2005
Modified: 12/19/2004
Company: Microsoft Corporation
----------
Key: PptpMiniport
ImagePath: system32\DRIVERS\raspptp.sys
C:\WINNT\system32\DRIVERS\raspptp.sys
48464 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: ProtectedStorage
ImagePath: %SystemRoot%\system32\services.exe
C:\WINNT\system32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: Ptilink
ImagePath: system32\DRIVERS\ptilink.sys
C:\WINNT\system32\DRIVERS\ptilink.sys
17680 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Parallel Technologies, Inc.
----------
Key: RasAcd
ImagePath: system32\DRIVERS\rasacd.sys
C:\WINNT\system32\DRIVERS\rasacd.sys
8016 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Rasl2tp
ImagePath: system32\DRIVERS\rasl2tp.sys
C:\WINNT\system32\DRIVERS\rasl2tp.sys
52112 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Raspti
ImagePath: system32\DRIVERS\raspti.sys
C:\WINNT\system32\DRIVERS\raspti.sys
16880 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: RCA
ImagePath: system32\drivers\RCA.sys
C:\WINNT\system32\drivers\RCA.sys
21712 bytes
Created: 10/26/1999
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Rdbss
ImagePath: system32\DRIVERS\rdbss.sys
C:\WINNT\system32\DRIVERS\rdbss.sys
183248 bytes
Created: 10/19/2005
Modified: 4/21/2005
Company: Microsoft Corporation
----------
Key: rdpdr
ImagePath: system32\DRIVERS\rdpdr.sys
C:\WINNT\system32\DRIVERS\rdpdr.sys
143728 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: redbook
ImagePath: system32\DRIVERS\redbook.sys
C:\WINNT\system32\DRIVERS\redbook.sys
35344 bytes
Created: 10/19/2005
Modified: 6/19/2003
Company: Microsoft Corporation
----------
Key: RemoteRegistry
ImagePath: %SystemRoot%\system32\regsvc.exe
C:\WINNT\system32\regsvc.exe
68368 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: RpcLocator
ImagePath: %SystemRoot%\system32\locator.exe
C:\WINNT\system32\locator.exe
72464 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: RpcSvr4x
ImagePath: C:\Program Files\Access Remote PC 4\rpcsetup.exe /server /silent
C:\Program Files\Access Remote PC 4\rpcsetup.exe
1277952 bytes
Created: 10/20/2005
Modified: 10/20/2005
Company: Access Remote PC (www.access-remote-pc.com)
----------
Key: RSVP
ImagePath: %SystemRoot%\system32\rsvp.exe -s
C:\WINNT\system32\rsvp.exe
176912 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: runtime
ImagePath: \??\C:\WINNT\System32\drivers\runtime.sys
C:\WINNT\System32\drivers\runtime.sys - has a *known* Malware filename: SUSPICIOUS.ENTRY
C:\WINNT\System32\drivers\runtime.sys - this registry value has been removed [file not found to scan]
C:\WINNT\System32\drivers\runtime.sys - unable to take ownsership/change permissions
C:\WINNT\System32\drivers\runtime.sys has been marked for renaming when the PC is restarted (if it exists)
----------
Key: r_server
ImagePath: "C:\WINNT\system32\r_server.exe" /service
C:\WINNT\system32\r_server.exe
724992 bytes
Created: 4/26/2006
Modified: 6/21/2005
Company:
----------
Key: SamSs
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINNT\system32\lsass.exe
33552 bytes
Created: 10/19/2005
Modified: 12/19/2004
Company: Microsoft Corporation
----------
Key: sbusb
ImagePath: system32\DRIVERS\sbusb.sys
C:\WINNT\system32\DRIVERS\sbusb.sys
1643648 bytes
Created: 1/7/2006
Modified: 7/27/2004
Company: Creative Technology Ltd.
----------
Key: SCardDrv
ImagePath: %SystemRoot%\System32\SCardSvr.exe
C:\WINNT\System32\SCardSvr.exe
100112 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: SCardSvr
ImagePath: %SystemRoot%\System32\SCardSvr.exe
C:\WINNT\System32\SCardSvr.exe
100112 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Schedule
ImagePath: %SystemRoot%\system32\MSTask.exe
C:\WINNT\system32\MSTask.exe
122128 bytes
Created: 9/7/2004
Modified: 9/7/2004
Company: Microsoft Corporation
----------
Key: seclogon
ImagePath: %SystemRoot%\system32\services.exe
C:\WINNT\system32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: serenum
ImagePath: system32\DRIVERS\serenum.sys
C:\WINNT\system32\DRIVERS\serenum.sys
14160 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: system32\DRIVERS\serial.sys
C:\WINNT\system32\DRIVERS\serial.sys
62736 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: SLIP
ImagePath: system32\DRIVERS\SLIP.sys
C:\WINNT\system32\DRIVERS\SLIP.sys
10880 bytes
Created: 10/27/2005
Modified: 2/17/2003
Company: Microsoft Corporation
----------
Key: SmcService
ImagePath: C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Sygate\SPF\smc.exe
2532576 bytes
Created: 8/13/2004
Modified: 8/13/2004
Company: Sygate Technologies, Inc.
----------
Key: SMTPSVC
ImagePath: C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
14608 bytes
Created: 10/23/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Spooler
ImagePath: %SystemRoot%\system32\spoolsv.exe
C:\WINNT\system32\spoolsv.exe
48400 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: spud
ImagePath: \SystemRoot\System32\drivers\spud.sys
C:\WINNT\System32\drivers\spud.sys
12336 bytes
Created: 10/23/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: SQLSERVERAGENT
ImagePath: C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe
C:\PROGRA~1\MICROS~4\MSSQL\binn\sqlagent.exe
311872 bytes
Created: 10/23/2005
Modified: 12/17/2002
Company: Microsoft Corporation
----------
Key: Srv
ImagePath: system32\DRIVERS\srv.sys
C:\WINNT\system32\DRIVERS\srv.sys
251760 bytes
Created: 10/19/2005
Modified: 4/21/2005
Company: Microsoft Corporation
----------
Key: stidexp
ImagePath: system32\DRIVERS\stidexp.sys
C:\WINNT\system32\DRIVERS\stidexp.sys
-R- 5504 bytes
Created: 10/19/2005
Modified: 10/26/2001
Company: Seagate Removable Storage Solutions, LLC
----------
Key: StillCam
ImagePath: system32\DRIVERS\serscan.sys
C:\WINNT\system32\DRIVERS\serscan.sys
6736 bytes
Created: 12/31/2007
Modified: 9/25/1999
Company: Microsoft Corporation
----------
Key: StiSvc
ImagePath: %systemroot%\system32\stisvc.exe
C:\WINNT\system32\stisvc.exe
61712 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: streamip
ImagePath: system32\DRIVERS\StreamIP.sys
C:\WINNT\system32\DRIVERS\StreamIP.sys
14976 bytes
Created: 10/27/2005
Modified: 2/17/2003
Company: Microsoft Corporation
----------
Key: swenum
ImagePath: system32\DRIVERS\swenum.sys
C:\WINNT\system32\DRIVERS\swenum.sys
4096 bytes
Created: 10/27/2005
Modified: 12/11/2002
Company: Microsoft Corporation
----------
Key: swmidi
ImagePath: system32\drivers\swmidi.sys
C:\WINNT\system32\drivers\swmidi.sys
53552 bytes
Created: 1/7/2006
Modified: 6/19/2003
Company: Microsoft Corporation
----------
Key: sysaudio
ImagePath: system32\drivers\sysaudio.sys
C:\WINNT\system32\drivers\sysaudio.sys
47568 bytes
Created: 1/7/2006
Modified: 6/19/2003
Company: Microsoft Corporation
----------
Key: SysmonLog
ImagePath: %SystemRoot%\system32\smlogsvc.exe
C:\WINNT\system32\smlogsvc.exe
85776 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Tcpip
ImagePath: system32\DRIVERS\tcpip.sys
C:\WINNT\system32\DRIVERS\tcpip.sys
320176 bytes
Created: 10/19/2005
Modified: 5/12/2005
Company: Microsoft Corporation
----------
Key: Teefer
ImagePath: \SystemRoot\SYSTEM32\Drivers\Teefer.sys
C:\WINNT\SYSTEM32\Drivers\Teefer.sys
59984 bytes
Created: 10/20/2005
Modified: 8/10/2004
Company: Sygate Technologies, Inc.
----------
Key: TermDD
ImagePath: \SystemRoot\System32\drivers\termdd.sys
C:\WINNT\System32\drivers\termdd.sys
35832 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: TermService
ImagePath: %SystemRoot%\System32\termsrv.exe
C:\WINNT\System32\termsrv.exe
142608 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: TlntSvr
ImagePath: %SystemRoot%\system32\tlntsvr.exe
C:\WINNT\system32\tlntsvr.exe
186128 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: TrkSvr
ImagePath: %SystemRoot%\system32\services.exe
C:\WINNT\system32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: TrkWks
ImagePath: %SystemRoot%\system32\services.exe
C:\WINNT\system32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: uhcd
ImagePath: system32\DRIVERS\uhcd.sys
C:\WINNT\system32\DRIVERS\uhcd.sys
32848 bytes
Created: 10/19/2005
Modified: 6/19/2003
Company: Microsoft Corporation
----------
Key: Update
ImagePath: system32\DRIVERS\update.sys
C:\WINNT\system32\DRIVERS\update.sys
173232 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: UPS
ImagePath: %SystemRoot%\System32\ups.exe
C:\WINNT\System32\ups.exe
17680 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: usbaudio
ImagePath: system32\drivers\usbaudio.sys
C:\WINNT\system32\drivers\usbaudio.sys
68912 bytes
Created: 1/7/2006
Modified: 10/12/1999
Company: Microsoft Corporation
----------
Key: usbehci
ImagePath: system32\DRIVERS\usbehci.sys
C:\WINNT\system32\DRIVERS\usbehci.sys
19728 bytes
Created: 10/19/2005
Modified: 6/19/2003
Company: Microsoft Corporation
----------
Key: usbhub
ImagePath: system32\DRIVERS\usbhub.sys
C:\WINNT\system32\DRIVERS\usbhub.sys
40560 bytes
Created: 10/19/2005
Modified: 12/2/2004
Company: Microsoft Corporation
----------
Key: usbhub20
ImagePath: system32\DRIVERS\usbhub20.sys
C:\WINNT\system32\DRIVERS\usbhub20.sys
49776 bytes
Created: 10/19/2005
Modified: 6/19/2003
Company: Microsoft Corporation
----------
Key: USBSTOR
ImagePath: system32\DRIVERS\USBSTOR.SYS
C:\WINNT\system32\DRIVERS\USBSTOR.SYS
21552 bytes
Created: 10/19/2005
Modified: 6/19/2003
Company: Microsoft Corporation
----------
Key: UtilMan
ImagePath: %SystemRoot%\System32\UtilMan.exe
C:\WINNT\System32\UtilMan.exe
22800 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: VgaSave
ImagePath: \SystemRoot\System32\drivers\vga.sys
C:\WINNT\System32\drivers\vga.sys
13968 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: VOBID
ImagePath: system32\DRIVERS\vobid.sys
C:\WINNT\system32\DRIVERS\vobid.sys
29239 bytes
Created: 8/1/2003
Modified: 8/1/2003
Company: Pinnacle Systems
----------
Key: W32Time
ImagePath: %SystemRoot%\System32\services.exe
C:\WINNT\System32\services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: W3SVC
ImagePath: C:\WINNT\system32\inetsrv\inetinfo.exe
C:\WINNT\system32\inetsrv\inetinfo.exe
14608 bytes
Created: 10/23/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Wanarp
ImagePath: system32\DRIVERS\wanarp.sys
C:\WINNT\system32\DRIVERS\wanarp.sys
32272 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: wdmaud
ImagePath: system32\drivers\wdmaud.sys
C:\WINNT\system32\drivers\wdmaud.sys
73872 bytes
Created: 1/7/2006
Modified: 6/19/2003
Company: Microsoft Corporation
----------
Key: wg3n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg3n.sys
C:\WINNT\SYSTEM32\Drivers\wg3n.sys
14240 bytes
Created: 10/20/2005
Modified: 8/10/2004
Company: Sygate Technologies, Inc.
----------
Key: wg4n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg4n.sys
C:\WINNT\SYSTEM32\Drivers\wg4n.sys
14240 bytes
Created: 10/22/2005
Modified: 8/10/2004
Company: Sygate Technologies, Inc.
----------
Key: wg5n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg5n.sys
C:\WINNT\SYSTEM32\Drivers\wg5n.sys
14240 bytes
Created: 10/22/2005
Modified: 8/10/2004
Company: Sygate Technologies, Inc.
----------
Key: wg6n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg6n.sys
C:\WINNT\SYSTEM32\Drivers\wg6n.sys
14240 bytes
Created: 10/22/2005
Modified: 8/10/2004
Company: Sygate Technologies, Inc.
----------
Key: WinMgmt
ImagePath: %SystemRoot%\System32\WBEM\WinMgmt.exe
C:\WINNT\System32\WBEM\WinMgmt.exe
196706 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: WMDM PMSP Service
ImagePath: C:\WINNT\system32\MsPMSPSv.exe
C:\WINNT\system32\MsPMSPSv.exe
53248 bytes
Created: 5/1/2001
Modified: 5/1/2001
Company: Microsoft Corporation
----------
Key: Wmi
ImagePath: %SystemRoot%\system32\Services.exe
C:\WINNT\system32\Services.exe
92944 bytes
Created: 10/19/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: wpsdrvnt
ImagePath: \??\C:\WINNT\system32\drivers\wpsdrvnt.sys
C:\WINNT\system32\drivers\wpsdrvnt.sys
21075 bytes
Created: 10/20/2005
Modified: 8/10/2004
Company: Sygate Technologies, Inc.
----------
Key: WSTCODEC
ImagePath: system32\DRIVERS\WSTCODEC.SYS
C:\WINNT\system32\DRIVERS\WSTCODEC.SYS
18688 bytes
Created: 10/27/2005
Modified: 2/17/2003
Company: Microsoft Corporation
----------

**************************************************
1:17:00 PM: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:

**************************************************
1:17:00 PM: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key: crypt32chain
DLL: crypt32.dll
C:\WINNT\system32\crypt32.dll
563984 bytes
Created: 4/8/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: cryptnet
DLL: cryptnet.dll
C:\WINNT\system32\cryptnet.dll
63760 bytes
Created: 4/8/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: cscdll
DLL: cscdll.dll
C:\WINNT\system32\cscdll.dll
101136 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: sclgntfy
DLL: sclgntfy.dll
C:\WINNT\system32\sclgntfy.dll
20752 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: SensLogn
DLL: WlNotify.dll
C:\WINNT\system32\WlNotify.dll
57104 bytes
Created: 4/8/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: termsrv
DLL: wlnotify.dll
C:\WINNT\system32\wlnotify.dll
57104 bytes
Created: 4/8/2005
Modified: 4/8/2005
Company: Microsoft Corporation
----------
Key: wzcnotif
DLL: wzcdlg.dll
C:\WINNT\system32\wzcdlg.dll
52496 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------

**************************************************
1:17:00 PM: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Offline Files
CLSID: {750fdf0e-2a26-11d1-a3ea-080036587f03}
Path: cscui.dll
C:\WINNT\system32\cscui.dll
242960 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: Open With
CLSID: {09799AFB-AD67-11d1-ABCD-00C04FC30936}
Path: %SystemRoot%\system32\shell32.dll
C:\WINNT\system32\shell32.dll
2432784 bytes
Created: 4/21/2005
Modified: 4/21/2005
Company: Microsoft Corporation
----------
Key: Open With EncryptionMenu
CLSID: {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Path: %SystemRoot%\system32\shell32.dll
C:\WINNT\system32\shell32.dll
2432784 bytes
Created: 4/21/2005
Modified: 4/21/2005
Company: Microsoft Corporation
----------
Key: Print602
CLSID: {0f420c1e-9ed6-4da5-8b91-eddde887a1dc}
Path: C:\Program Files\Common Files\QuickPDF\PrnShell.dll
C:\Program Files\Common Files\QuickPDF\PrnShell.dll
36864 bytes
Created: 10/19/2005
Modified: 6/3/2002
Company:
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\PROGRA~1\TROJAN~1\Trshlex.dll
C:\PROGRA~1\TROJAN~1\Trshlex.dll
467552 bytes
Created: 2/1/2008
Modified: 2/5/2007
Company: Simply Super Software
----------
Key: WinRAR
CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Path: C:\Program Files\WinRAR\rarext.dll
C:\Program Files\WinRAR\rarext.dll
129024 bytes
Created: 12/30/2007
Modified: 9/20/2007
Company:
----------
Key: WinZip
CLSID: {E0D79304-84BE-11CE-9641-444553540000}
Path: C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
20552 bytes
Created: 2/11/2003
Modified: 2/11/2003
Company: WinZip Computing, Inc.
----------

**************************************************
1:17:00 PM: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
File: %SystemRoot%\system32\shell32.dll
C:\WINNT\system32\shell32.dll
2432784 bytes
Created: 4/21/2005
Modified: 4/21/2005
Company: Microsoft Corporation
----------
Key: {24F14F01-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\shell32.dll
C:\WINNT\system32\shell32.dll
2432784 bytes
Created: 4/21/2005
Modified: 4/21/2005
Company: Microsoft Corporation
----------
Key: {24F14F02-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\shell32.dll
C:\WINNT\system32\shell32.dll
2432784 bytes
Created: 4/21/2005
Modified: 4/21/2005
Company: Microsoft Corporation
----------
Key: {66742402-F9B9-11D1-A202-0000F81FEDEE}
File: C:\WINNT\system32\docprop2.dll
C:\WINNT\system32\docprop2.dll
304912 bytes
Created: 10/19/2005
Modified: 6/20/2003
Company: Microsoft Corporation
----------
Key: {7f9609be-af9a-11d1-83e0-00c04fb6e984}
File: %SystemRoot%\system32\faxshell.dll
A voir également:

2 réponses

Réponse 1 / 2
vieu bison boiteu Messages postés 44314 Date d'inscription lundi 11 avril 2005 Statut Contributeur Dernière intervention 23 décembre 2024 Ambassadeur 3 553
1 févr. 2008 à 13:46
salut pipicacapopo

scanner spyware
http://www.secuser.com/outils/antivirus.htm
sur la première page , tu cliques sur l'image et les outils de diagnostique vont se charger
puis dans la fenêtre "Poste de travail" , tu sélectionnes les unités et tu coches "Auto Clean"
tu as aussi
https://assiste.com/404_La_page_demandee_n_existe_pas.php
http://www.bitdefender.fr/bd/site/search.php# (option Online Scanner)
https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr

et un outil très simple pour réparer Windows , restaurations de valeurs
= logiciel ZEB-Restore
http://telechargement.zebulon.fr/telecharger-zeb-restore.html

à+
0
Réponse 2 / 2
pipicacapopo
1 févr. 2008 à 13:51
merci mais cela va t il enlever les virus ou devrais je envoyer un rapport eventuel ?
0
vieu bison boiteu Messages postés 44314 Date d'inscription lundi 11 avril 2005 Statut Contributeur Dernière intervention 23 décembre 2024 3 553
1 févr. 2008 à 14:11
tu peux faire les deux pour certains , mais nettoyer tous

deux sites à faire : Secuser et BitDefender
attention à désactiver ton anti- virus et le pare feu Windows

donc pas de promenade sur le Web

à+
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
sortir des réseaux sociaux
barbapapy -
Xileh -

1 réponse
Comment supprimer le virus Trojan
vitsou -
vitsou -

18 réponses