PC qui rame a gogo
nichotV
Messages postés
18
Statut
Membre
-
nichotV Messages postés 18 Statut Membre -
nichotV Messages postés 18 Statut Membre -
Bonjour,
J'ai le PC de mon boulot qui rame a gogo, j'ai fait une analyse avec Bidefender, et ile me trouve 2 virus qu'il ne peut pas supprimer, voici sont rapport :
//-----------------------------------------------------------------
//
// Produit BitDefender Free Edition v10
// Produit 10.2
//
// Créé le: 15/02/2008 15:35:25
//
//-----------------------------------------------------------------
Statistiques
Chemin cible: C:\
Dossiers : 5608
Fichiers : 236689
Processus Mémoire analysés : 39
Archives : 1573
Fichiers enpaquetés : 8862
Virus trouvés : 3
Fichiers infectés : 4
Processus Mémoire infectés : 0
Fichiers suspects : 0
Alertes : 0
Fichiers désinfectés : 0
Fichiers effacés : 3
Fichiers déplacés : 0
Erreurs I/O : 1074
Temps d'analyse :=01:51:20
Fichiers/seconde :35
Statistiques Spywares
Registres analysés : 310
Registres infectés : 1
Cookies analysés : 28
Cookies infectés : 0
Fichiers spyware infectés : 0
Menaces Spyware détectées : 1
Définitions virus : 980960
Plugins d'analyse : 16
Plugins archives : 41
Plug-ins décompression : 7
Plug-ins messagerie : 6
Plug-ins système : 5
Options d'analyse
Détection
[X] Analyser le secteur de boot
[X] Processus mémoire
[X] Analyser les archives
[X] Analyser les fichiers enpaquetés
[X] Analyser la messagerie
Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;
Action
Objets infectés
[ ] Ignorer
[ ] Désinfecter
[X] Effacer
[ ] Mettre en quarantaine
[ ] Demander l'action
Seconde action
[ ] Ignorer
[X] Effacer
[ ] Mettre en quarantaine
[ ] Demander l'action
Options d'analyse
[X] Activer les alertes
[X] Activer l'heuristique
[X] Afficher tous les fichiers dans le journal
[X] Fichier journal: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1203086125.log
Options d'analyse Spyware
[X] Analyse contre les risques non-viraux
[ ] Ecarter de l'analyse les dialers et les applications
[X] Clés de registres
[X] Cookies
Résumé:
<System>=>HKEY_USERS\S-1-5-21-1715567821-861567501-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Firewall auto setup=>C:\DOCUME~1\VAUDAU~1\LOCALS~1\TEMP\WINLOGON.EXE Détecté: Trojan.Dropper.LDPinch.Q
<System>=>HKEY_USERS\S-1-5-21-1715567821-861567501-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Firewall auto setup=>C:\DOCUME~1\VAUDAU~1\LOCALS~1\TEMP\WINLOGON.EXE Effacé
<System> La recompression des archives a échoué (actions marquées non effectuées)
C:\Documents and Settings\VAUDAUX SA\Local Settings\Temp\qrjatydi.exe Infecté: Trojan.FakeAlert.PS
C:\Documents and Settings\VAUDAUX SA\Local Settings\Temp\qrjatydi.exe Effacé
C:\Documents and Settings\VAUDAUX SA\Local Settings\Temp\sb8s.1=>(NSIS o)=>lzma_solid_nsis0004 Détecté: Adware.AdRotator.Gen
C:\Documents and Settings\VAUDAUX SA\Local Settings\Temp\sb8s.1=>(NSIS o)=>lzma_solid_nsis0004 Effacé
C:\Documents and Settings\VAUDAUX SA\Local Settings\Temp\sb8s.1=>(NSIS o) La recompression des archives a échoué (actions marquées non effectuées)
C:\WINDOWS\system32\isxrjsws.dll Infecté: Trojan.Vundo.DWB
C:\WINDOWS\system32\isxrjsws.dll Effacement impossible
C:\WINDOWS\system32\isxrjsws.dll Effacement impossible
C:\WINDOWS\system32\sprt_ads.dll Détecté: Adware.AdRotator.Gen
C:\WINDOWS\system32\sprt_ads.dll Effacement impossible
C:\WINDOWS\system32\sprt_ads.dll Effacement impossible
Est ce que quelqu'un a eu deja le meme probleme et comment le resoudre? car ca me ralenti ennormement mon PC.
Par avance merci
J'ai le PC de mon boulot qui rame a gogo, j'ai fait une analyse avec Bidefender, et ile me trouve 2 virus qu'il ne peut pas supprimer, voici sont rapport :
//-----------------------------------------------------------------
//
// Produit BitDefender Free Edition v10
// Produit 10.2
//
// Créé le: 15/02/2008 15:35:25
//
//-----------------------------------------------------------------
Statistiques
Chemin cible: C:\
Dossiers : 5608
Fichiers : 236689
Processus Mémoire analysés : 39
Archives : 1573
Fichiers enpaquetés : 8862
Virus trouvés : 3
Fichiers infectés : 4
Processus Mémoire infectés : 0
Fichiers suspects : 0
Alertes : 0
Fichiers désinfectés : 0
Fichiers effacés : 3
Fichiers déplacés : 0
Erreurs I/O : 1074
Temps d'analyse :=01:51:20
Fichiers/seconde :35
Statistiques Spywares
Registres analysés : 310
Registres infectés : 1
Cookies analysés : 28
Cookies infectés : 0
Fichiers spyware infectés : 0
Menaces Spyware détectées : 1
Définitions virus : 980960
Plugins d'analyse : 16
Plugins archives : 41
Plug-ins décompression : 7
Plug-ins messagerie : 6
Plug-ins système : 5
Options d'analyse
Détection
[X] Analyser le secteur de boot
[X] Processus mémoire
[X] Analyser les archives
[X] Analyser les fichiers enpaquetés
[X] Analyser la messagerie
Masque fichiers
[ ] Programmes
[X] Tous les fichiers
[ ] Extensions définies par l'utilisateur:
[ ] Exclure les extensions: ;
Action
Objets infectés
[ ] Ignorer
[ ] Désinfecter
[X] Effacer
[ ] Mettre en quarantaine
[ ] Demander l'action
Seconde action
[ ] Ignorer
[X] Effacer
[ ] Mettre en quarantaine
[ ] Demander l'action
Options d'analyse
[X] Activer les alertes
[X] Activer l'heuristique
[X] Afficher tous les fichiers dans le journal
[X] Fichier journal: C:\Documents and Settings\All Users\Application Data\Bitdefender\Desktop\Profiles\Logs\deep_scan\1203086125.log
Options d'analyse Spyware
[X] Analyse contre les risques non-viraux
[ ] Ecarter de l'analyse les dialers et les applications
[X] Clés de registres
[X] Cookies
Résumé:
<System>=>HKEY_USERS\S-1-5-21-1715567821-861567501-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Firewall auto setup=>C:\DOCUME~1\VAUDAU~1\LOCALS~1\TEMP\WINLOGON.EXE Détecté: Trojan.Dropper.LDPinch.Q
<System>=>HKEY_USERS\S-1-5-21-1715567821-861567501-725345543-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN\Firewall auto setup=>C:\DOCUME~1\VAUDAU~1\LOCALS~1\TEMP\WINLOGON.EXE Effacé
<System> La recompression des archives a échoué (actions marquées non effectuées)
C:\Documents and Settings\VAUDAUX SA\Local Settings\Temp\qrjatydi.exe Infecté: Trojan.FakeAlert.PS
C:\Documents and Settings\VAUDAUX SA\Local Settings\Temp\qrjatydi.exe Effacé
C:\Documents and Settings\VAUDAUX SA\Local Settings\Temp\sb8s.1=>(NSIS o)=>lzma_solid_nsis0004 Détecté: Adware.AdRotator.Gen
C:\Documents and Settings\VAUDAUX SA\Local Settings\Temp\sb8s.1=>(NSIS o)=>lzma_solid_nsis0004 Effacé
C:\Documents and Settings\VAUDAUX SA\Local Settings\Temp\sb8s.1=>(NSIS o) La recompression des archives a échoué (actions marquées non effectuées)
C:\WINDOWS\system32\isxrjsws.dll Infecté: Trojan.Vundo.DWB
C:\WINDOWS\system32\isxrjsws.dll Effacement impossible
C:\WINDOWS\system32\isxrjsws.dll Effacement impossible
C:\WINDOWS\system32\sprt_ads.dll Détecté: Adware.AdRotator.Gen
C:\WINDOWS\system32\sprt_ads.dll Effacement impossible
C:\WINDOWS\system32\sprt_ads.dll Effacement impossible
Est ce que quelqu'un a eu deja le meme probleme et comment le resoudre? car ca me ralenti ennormement mon PC.
Par avance merci
A voir également:
- PC qui rame a gogo
- Pc qui rame - Guide
- Remettre a zero un pc - Guide
- Downloader for pc - Télécharger - Téléchargement & Transfert
- Double ecran pc - Guide
- Forcer demarrage pc - Guide
9 réponses
J'avais demandé de faire Trojan Remover AVANT HiJackThis ...
* Tu as 2 anti-virus: AVG et BitDefender, ça crée des conflits
=> désinstalle proprement l'un ou l'autre !
* Tu n'as pas de pare-feu actif (celui de windows ne compte pas)
=> télécharge et installe:
http://www.commentcamarche.net/telecharger/telecharger 206 kerio
* Télécharge VundoFix: http://www.atribune.org/ccount/click.php?id=4
Double-clique sur VundoFix.exe
Clique sur le bouton Scan for Vundo
Si le programme te demande de supprimer des fichiers, dis oui
Lorsque le programme a fini de scanner ton pc, il doit être éteint, redémarre le.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt
* Télécharge Combofix.exe sur ton Bureau: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Déconnecte-toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
Double clique sur Combofix.exe
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan
Lorsque le scan sera terminé, un rapport apparaîtra
Poste le rapport sauvegardé: C:\Combofix.txt
* Télécharge: http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute-le, double-clic sur Smitfraudfix.cmd, choisis l’option 1
Il va générer un rapport : copie/colle son contenu
* Tu as 2 anti-virus: AVG et BitDefender, ça crée des conflits
=> désinstalle proprement l'un ou l'autre !
* Tu n'as pas de pare-feu actif (celui de windows ne compte pas)
=> télécharge et installe:
http://www.commentcamarche.net/telecharger/telecharger 206 kerio
* Télécharge VundoFix: http://www.atribune.org/ccount/click.php?id=4
Double-clique sur VundoFix.exe
Clique sur le bouton Scan for Vundo
Si le programme te demande de supprimer des fichiers, dis oui
Lorsque le programme a fini de scanner ton pc, il doit être éteint, redémarre le.
Copie/colle le contenu du rapport situé dans C:\vundofix.txt
* Télécharge Combofix.exe sur ton Bureau: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Déconnecte-toi du net et désactive ton antivirus pour que Combofix puisse s'exécuter normalement
Double clique sur Combofix.exe
Mets le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan
Lorsque le scan sera terminé, un rapport apparaîtra
Poste le rapport sauvegardé: C:\Combofix.txt
* Télécharge: http://siri.urz.free.fr/Fix/SmitfraudFix.zip
Exécute-le, double-clic sur Smitfraudfix.cmd, choisis l’option 1
Il va générer un rapport : copie/colle son contenu
Bonjour,
1) télécharge et installe:
http://www.commentcamarche.net/telecharger/telecharger 34055042 trojan remover
Scanne et poste le rapport stp
2) Télécharge HiJackThis:
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
* Dézippe-le dans un dossier prévu à cet effet à la racine du disque. Par exemple C:\hijackthis
* Exécute-le puis clic sur "Do a system scan and save a logfile"
* Copie-colle le rapport dans ta prochaine réponse
1) télécharge et installe:
http://www.commentcamarche.net/telecharger/telecharger 34055042 trojan remover
Scanne et poste le rapport stp
2) Télécharge HiJackThis:
http://www.commentcamarche.net/telecharger/telecharger 159 hijackthis
* Dézippe-le dans un dossier prévu à cet effet à la racine du disque. Par exemple C:\hijackthis
* Exécute-le puis clic sur "Do a system scan and save a logfile"
* Copie-colle le rapport dans ta prochaine réponse
voici le rapport avec HiJackThis :
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:01, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\VAUDAUX SA\Bureau\trsetup.exe
C:\DOCUME~1\VAUDAU~1\LOCALS~1\Temp\is-ISFN8.tmp\is-875VV.tmp
C:\Program Files\Trojan Remover\trupd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {084412BE-59F0-4913-884E-806A28A9C360} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nscD6.dll (file missing)
O2 - BHO: {6bdab348-3d88-beca-d914-693964ad3ff6} - {6ff3da46-9396-419d-aceb-88d3843badb6} - C:\WINDOWS\system32\gsipbpni.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: superiorads browser enhancer - {79F562E5-768C-4494-8E6C-824ADA4A9C2C} - C:\WINDOWS\system32\sprt_ads.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\isxrjsws.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1202832920.dll
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\jkkjkkj.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [986fac69] rundll32.exe "C:\WINDOWS\system32\fefmorpb.dll",b
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\VAUDAU~1\LOCALS~1\Temp\winlogon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FTP Utility.lnk = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe
O4 - Global Startup: Indago Updater.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28DBFA54-1A7D-4E4D-B64C-573B0A3EC3C3}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: isxrjsws - C:\WINDOWS\SYSTEM32\isxrjsws.dll
O20 - Winlogon Notify: jkkjkkj - jkkjkkj.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:52:01, on 21/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\WINDOWS\System32\Rundll32.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Documents and Settings\VAUDAUX SA\Bureau\trsetup.exe
C:\DOCUME~1\VAUDAU~1\LOCALS~1\Temp\is-ISFN8.tmp\is-875VV.tmp
C:\Program Files\Trojan Remover\trupd.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {084412BE-59F0-4913-884E-806A28A9C360} - C:\WINDOWS\system32\ddcyw.dll (file missing)
O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: dcads - {6FC3C36D-7635-4D43-BA62-0D9D2F2CD06E} - C:\WINDOWS\system32\nscD6.dll (file missing)
O2 - BHO: {6bdab348-3d88-beca-d914-693964ad3ff6} - {6ff3da46-9396-419d-aceb-88d3843badb6} - C:\WINDOWS\system32\gsipbpni.dll (file missing)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: superiorads browser enhancer - {79F562E5-768C-4494-8E6C-824ADA4A9C2C} - C:\WINDOWS\system32\sprt_ads.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {A95B2816-1D7E-4561-A202-68C0DE02353A} - C:\WINDOWS\system32\isxrjsws.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: e404 helper - {C03FD59D-9104-44B7-929A-9EAA0BA05211} - C:\Program Files\Helper\1202832920.dll
O2 - BHO: (no name) - {E180F496-8A4B-44E2-9FE0-0364E345DB7F} - C:\WINDOWS\system32\jkkjkkj.dll (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [986fac69] rundll32.exe "C:\WINDOWS\system32\fefmorpb.dll",b
O4 - HKLM\..\Run: [BDMCon] C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [spa_start] C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [Firewall auto setup] C:\DOCUME~1\VAUDAU~1\LOCALS~1\Temp\winlogon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FTP Utility.lnk = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe
O4 - Global Startup: Indago Updater.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28DBFA54-1A7D-4E4D-B64C-573B0A3EC3C3}: NameServer = 193.252.19.3,193.252.19.4
O20 - Winlogon Notify: isxrjsws - C:\WINDOWS\SYSTEM32\isxrjsws.dll
O20 - Winlogon Notify: jkkjkkj - jkkjkkj.dll (file missing)
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - SOFTWIN S.R.L. - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
O23 - Service: Microsoft security update service (msupdate) - Unknown owner - c:\windows\system32\msvcrtd.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - SOFTWIN S.R.L. - C:\Program Files\Softwin\BitDefender10\vsserv.exe
O23 - Service: BitDefender Communicator (XCOMM) - SOFTWIN S.R.L - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voici le rapport avec trojan remover :
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.7.2515. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 21/02/2008 13:54:36
Using Database v6939
Operating System: Windows XP SP2
File System: NTFS
Data directory: C:\Documents and Settings\VAUDAUX SA\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\VAUDAUX SA\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
**************************************************
The following Anti-Malware program(s) are loaded:
[AV Warnings are suppressed]
AVG Anti-Virus
Microsoft Windows Defender
**************************************************
**************************************************
13:54:36: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
**************************************************
13:54:36: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
**************************************************
13:54:36: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
**************************************************
13:54:37: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 05/08/2004
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: AVG7_CC
Value Data: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
579072 bytes
Created: 30/11/2006
Modified: 21/12/2007
Company: GRISOFT, s.r.o.
--------------------
Value Name: Acrobat Assistant 7.0
Value Data: "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
483328 bytes
Created: 24/09/2005
Modified: 12/01/2006
Company: Adobe Systems Inc.
--------------------
Value Name:
Value Data:
The Value Data for this entry appears to be blank
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
132496 bytes
Created: 14/11/2007
Modified: 25/09/2007
Company: Sun Microsystems, Inc.
--------------------
Value Name: Windows Defender
Value Data: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
C:\Program Files\Windows Defender\MSASCui.exe
866584 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
--------------------
Value Name: TkBellExe
Value Data: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
185896 bytes
Created: 18/01/2007
Modified: 18/01/2007
Company: RealNetworks, Inc.
--------------------
Value Name: ISUSPM
Value Data: "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [file not found to scan]
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
282624 bytes
Created: 01/09/2006
Modified: 01/09/2006
Company: Apple Computer, Inc.
--------------------
Value Name: NeroFilterCheck
Value Data: C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
153136 bytes
Created: 01/03/2007
Modified: 01/03/2007
Company: Nero AG
--------------------
Value Name: NBKeyScan
Value Data: "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
2213160 bytes
Created: 03/12/2007
Modified: 03/12/2007
Company: Nero AG
--------------------
Value Name: 986fac69
Value Data: rundll32.exe "C:\WINDOWS\system32\fefmorpb.dll",b
C:\WINDOWS\system32\fefmorpb.dll [file not found to scan]
--------------------
Value Name: BDMCon
Value Data: C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
290816 bytes
Created: 02/04/2007
Modified: 02/04/2007
Company: SOFTWIN S.R.L.
--------------------
Value Name: BDAgent
Value Data: "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
C:\Program Files\Softwin\BitDefender10\bdagent.exe
69632 bytes
Created: 26/03/2007
Modified: 26/03/2007
Company: SOFTWIN S.R.L.
--------------------
Value Name: spa_start
Value Data: C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart
C:\WINDOWS\system32\sprt_ads.dll
60928 bytes
Created: 20/02/2008
Modified: 20/02/2008
Company:
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
863824 bytes
Created: 21/02/2008
Modified: 21/02/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Value Name: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
Value Data: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
1688872 bytes
Created: 13/12/2007
Modified: 13/12/2007
Company: Nero AG
--------------------
Value Name: Firewall auto setup
Value Data: C:\DOCUME~1\VAUDAU~1\LOCALS~1\Temp\winlogon.exe
C:\DOCUME~1\VAUDAU~1\LOCALS~1\Temp\winlogon.exe [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
**************************************************
13:54:38: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WINDOW~4\MpShHook.dll
C:\PROGRA~1\WINDOW~4\MpShHook.dll
83224 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
**************************************************
13:54:38: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
**************************************************
13:54:38: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\ssmypics.scr
C:\WINDOWS\system32\ssmypics.scr
47104 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
**************************************************
13:54:38: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
Path: C:\WINDOWS\system32\ieudinit.exe
C:\WINDOWS\system32\ieudinit.exe
13824 bytes
Created: 07/11/2006
Modified: 06/12/2007
Company: Microsoft Corporation
----------
Key: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: C:\WINDOWS\inf\unregmp2.exe
C:\WINDOWS\inf\unregmp2.exe
318976 bytes
Created: 05/08/2004
Modified: 29/06/2007
Company: Microsoft Corporation
----------
Key: >{26923b43-4d38-484f-9b9e-de460746276c}
Path: C:\WINDOWS\system32\ie4uinit.exe
C:\WINDOWS\system32\ie4uinit.exe
70656 bytes
Created: 05/08/2004
Modified: 06/12/2007
Company: Microsoft Corporation
----------
Key: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
Path: %systemroot%\system32\shmgrate.exe
C:\WINDOWS\system32\shmgrate.exe
42496 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Path: %SystemRoot%\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
12288 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: %ProgramFiles%\Outlook Express\setup50.exe
C:\Program Files\Outlook Express\setup50.exe
73728 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: %ProgramFiles%\Outlook Express\setup50.exe
C:\Program Files\Outlook Express\setup50.exe
73728 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: {89820200-ECBD-11cf-8B85-00AA005B4340}
Path: regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
12288 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: C:\WINDOWS\system32\ie4uinit.exe
C:\WINDOWS\system32\ie4uinit.exe
70656 bytes
Created: 05/08/2004
Modified: 06/12/2007
Company: Microsoft Corporation
----------
**************************************************
13:54:39: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: Alerter
Path: %SystemRoot%\system32\alrsvc.dll
C:\WINDOWS\system32\alrsvc.dll
17408 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: AppMgmt
Path: %SystemRoot%\System32\appmgmts.dll
C:\WINDOWS\System32\appmgmts.dll
176640 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: AudioSrv
Path: %SystemRoot%\System32\audiosrv.dll
C:\WINDOWS\System32\audiosrv.dll
42496 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: BITS
Path: C:\WINDOWS\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: Browser
Path: %SystemRoot%\System32\browser.dll
C:\WINDOWS\System32\browser.dll
77312 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: CryptSvc
Path: %SystemRoot%\System32\cryptsvc.dll
C:\WINDOWS\System32\cryptsvc.dll
60416 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: DcomLaunch
Path: %SystemRoot%\system32\rpcss.dll
C:\WINDOWS\system32\rpcss.dll
397824 bytes
Created: 05/08/2004
Modified: 26/07/2005
Company: Microsoft Corporation
--------------------
Key: Dhcp
Path: %SystemRoot%\System32\dhcpcsvc.dll
C:\WINDOWS\System32\dhcpcsvc.dll
112128 bytes
Created: 05/08/2004
Modified: 19/05/2006
Company: Microsoft Corporation
--------------------
Key: dmserver
Path: %SystemRoot%\System32\dmserver.dll
C:\WINDOWS\System32\dmserver.dll
24576 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corp.
--------------------
Key: Dnscache
Path: %SystemRoot%\System32\dnsrslvr.dll
C:\WINDOWS\System32\dnsrslvr.dll
45568 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: ERSvc
Path: %SystemRoot%\System32\ersvc.dll
C:\WINDOWS\System32\ersvc.dll
23040 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: EventSystem
Path: C:\WINDOWS\system32\es.dll
C:\WINDOWS\system32\es.dll
243200 bytes
Created: 05/08/2004
Modified: 26/07/2005
Company: Microsoft Corporation
--------------------
Key: FastUserSwitchingCompatibility
Path: %SystemRoot%\System32\shsvcs.dll
C:\WINDOWS\System32\shsvcs.dll
135168 bytes
Created: 05/08/2004
Modified: 19/12/2006
Company: Microsoft Corporation
--------------------
Key: helpsvc
Path: %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
38912 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: HTTPFilter
Path: %SystemRoot%\System32\w3ssl.dll
C:\WINDOWS\System32\w3ssl.dll
15872 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: lanmanserver
Path: %SystemRoot%\System32\srvsvc.dll
C:\WINDOWS\System32\srvsvc.dll
96768 bytes
Created: 05/08/2004
Modified: 07/12/2004
Company: Microsoft Corporation
--------------------
Key: lanmanworkstation
Path: %SystemRoot%\System32\wkssvc.dll
C:\WINDOWS\System32\wkssvc.dll
132096 bytes
Created: 05/08/2004
Modified: 17/08/2006
Company: Microsoft Corporation
--------------------
Key: LmHosts
Path: %SystemRoot%\System32\lmhsvc.dll
C:\WINDOWS\System32\lmhsvc.dll
13824 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: Messenger
Path: %SystemRoot%\System32\msgsvc.dll
C:\WINDOWS\System32\msgsvc.dll
33792 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: Netman
Path: %SystemRoot%\System32\netman.dll
C:\WINDOWS\System32\netman.dll
197632 bytes
Created: 05/08/2004
Modified: 22/08/2005
Company: Microsoft Corporation
--------------------
Key: Nla
Path: %SystemRoot%\System32\mswsock.dll
C:\WINDOWS\System32\mswsock.dll
247808 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: NtmsSvc
Path: %SystemRoot%\system32\ntmssvc.dll
C:\WINDOWS\system32\ntmssvc.dll
438272 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: RasAuto
Path: %SystemRoot%\System32\rasauto.dll
C:\WINDOWS\System32\rasauto.dll
89088 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: RasMan
Path: %SystemRoot%\System32\rasmans.dll
C:\WINDOWS\System32\rasmans.dll
181248 bytes
Created: 05/08/2004
Modified: 22/06/2006
Company: Microsoft Corporation
--------------------
Key: RemoteAccess
Path: %SystemRoot%\System32\mprdim.dll
C:\WINDOWS\System32\mprdim.dll
49152 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: RemoteRegistry
Path: %SystemRoot%\system32\regsvc.dll
C:\WINDOWS\system32\regsvc.dll
59904 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: RpcSs
Path: %SystemRoot%\system32\rpcss.dll
C:\WINDOWS\system32\rpcss.dll
397824 bytes
Created: 05/08/2004
Modified: 26/07/2005
Company: Microsoft Corporation
--------------------
Key: Schedule
Path: %SystemRoot%\system32\schedsvc.dll
C:\WINDOWS\system32\schedsvc.dll
193024 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: seclogon
Path: %SystemRoot%\System32\seclogon.dll
C:\WINDOWS\System32\seclogon.dll
18944 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: SENS
Path: %SystemRoot%\system32\sens.dll
C:\WINDOWS\system32\sens.dll
38912 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: SharedAccess
Path: %SystemRoot%\System32\ipnathlp.dll
C:\WINDOWS\System32\ipnathlp.dll
332800 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: ShellHWDetection
Path: %SystemRoot%\System32\shsvcs.dll
C:\WINDOWS\System32\shsvcs.dll
135168 bytes
Created: 05/08/2004
Modified: 19/12/2006
Company: Microsoft Corporation
--------------------
Key: srservice
Path: C:\WINDOWS\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171008 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: SSDPSRV
Path: %SystemRoot%\System32\ssdpsrv.dll
C:\WINDOWS\System32\ssdpsrv.dll
71680 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: stisvc
Path: %SystemRoot%\system32\wiaservc.dll
C:\WINDOWS\system32\wiaservc.dll
334336 bytes
Created: 05/08/2004
Modified: 19/12/2006
Company: Microsoft Corporation
--------------------
Key: TapiSrv
Path: %SystemRoot%\System32\tapisrv.dll
C:\WINDOWS\System32\tapisrv.dll
249344 bytes
Created: 05/08/2004
Modified: 08/07/2005
Company: Microsoft Corporation
--------------------
Key: TermService
Path: %SystemRoot%\System32\termsrv.dll
C:\WINDOWS\System32\termsrv.dll
297984 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: Themes
Path: %SystemRoot%\System32\shsvcs.dll
C:\WINDOWS\System32\shsvcs.dll
135168 bytes
Created: 05/08/2004
Modified: 19/12/2006
Company: Microsoft Corporation
--------------------
Key: TrkWks
Path: %SystemRoot%\system32\trkwks.dll
C:\WINDOWS\system32\trkwks.dll
90624 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: upnphost
Path: %SystemRoot%\System32\upnphost.dll
C:\WINDOWS\System32\upnphost.dll
185344 bytes
Created: 05/08/2004
Modified: 05/02/2007
Company: Microsoft Corporation
--------------------
Key: W32Time
Path: C:\WINDOWS\system32\w32time.dll
C:\WINDOWS\system32\w32time.dll
177664 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: WebClient
Path: %SystemRoot%\System32\webclnt.dll
C:\WINDOWS\System32\webclnt.dll
68096 bytes
Created: 05/08/2004
Modified: 04/01/2006
Company: Microsoft Corporation
--------------------
Key: winmgmt
Path: %SystemRoot%\system32\wbem\WMIsvc.dll
C:\WINDOWS\system32\wbem\WMIsvc.dll
145408 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: WmdmPmSN
Path: C:\WINDOWS\system32\MsPMSNSv.dll
C:\WINDOWS\system32\MsPMSNSv.dll
27136 bytes
Created: 05/08/2004
Modified: 18/10/2006
Company: Microsoft Corporation
--------------------
Key: Wmi
Path: %SystemRoot%\System32\advapi32.dll
C:\WINDOWS\System32\advapi32.dll
685056 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: wscsvc
Path: %SYSTEMROOT%\system32\wscsvc.dll
C:\WINDOWS\system32\wscsvc.dll
81408 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: wuauserv
Path: C:\WINDOWS\system32\wuauserv.dll
C:\WINDOWS\system32\wuauserv.dll
6656 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: WudfSvc
Path: %SystemRoot%\System32\WUDFSvc.dll
C:\WINDOWS\System32\WUDFSvc.dll
55808 bytes
Created: 28/09/2006
Modified: 28/09/2006
Company: Microsoft Corporation
--------------------
Key: WZCSVC
Path: %SystemRoot%\System32\wzcsvc.dll
C:\WINDOWS\System32\wzcsvc.dll
359936 bytes
Created: 04/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: xmlprov
Path: %SystemRoot%\System32\xmlprov.dll
C:\WINDOWS\System32\xmlprov.dll
129536 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
**************************************************
13:54:42: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ACPI
ImagePath: system32\DRIVERS\ACPI.sys
C:\WINDOWS\system32\DRIVERS\ACPI.sys
188672 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Adobe LM Service
ImagePath: "C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
69632 bytes
Created: 30/11/2006
Modified: 30/11/2006
Company: Adobe Systems
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
4816 bytes
Created: 30/11/2006
Modified: 01/04/2002
Company: Andrea Electronics Corporation
----------
Key: aec
ImagePath: system32\drivers\aec.sys
C:\WINDOWS\system32\drivers\aec.sys
142464 bytes
Created: 30/11/2006
Modified: 15/02/2006
Company: Microsoft Corporation
----------
Key: AFD
ImagePath: \SystemRoot\System32\drivers\afd.sys
C:\WINDOWS\System32\drivers\afd.sys
138496 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: ALG
ImagePath: %SystemRoot%\System32\alg.exe
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
32768 bytes
Created: 15/07/2004
Modified: 15/07/2004
Company: Microsoft Corporation
----------
Key: AsyncMac
ImagePath: system32\DRIVERS\asyncmac.sys
C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14336 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
95360 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Atmarpc
ImagePath: system32\DRIVERS\atmarpc.sys
C:\WINDOWS\system32\DRIVERS\atmarpc.sys
59904 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: audstub
ImagePath: system32\DRIVERS\audstub.sys
C:\WINDOWS\system32\DRIVERS\audstub.sys
3072 bytes
Created: 29/11/2006
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: Avg7Alrt
ImagePath: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
418816 bytes
Created: 30/11/2006
Modified: 25/10/2007
Company: GRISOFT, s.r.o.
----------
Key: Avg7Core
ImagePath: \SystemRoot\System32\Drivers\avg7core.sys
C:\WINDOWS\System32\Drivers\avg7core.sys
821856 bytes
Created: 30/11/2006
Modified: 25/10/2007
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsW
ImagePath: \SystemRoot\System32\Drivers\avg7rsw.sys
C:\WINDOWS\System32\Drivers\avg7rsw.sys
4224 bytes
Created: 30/11/2006
Modified: 30/11/2006
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsXP
ImagePath: \SystemRoot\System32\Drivers\avg7rsxp.sys
C:\WINDOWS\System32\Drivers\avg7rsxp.sys
27776 bytes
Created: 30/11/2006
Modified: 24/02/2007
Company: GRISOFT, s.r.o.
----------
Key: Avg7UpdSvc
ImagePath: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
49664 bytes
Created: 30/11/2006
Modified: 30/11/2006
Company: GRISOFT, s.r.o.
----------
Key: AvgClean
ImagePath: \SystemRoot\System32\Drivers\avgclean.sys
C:\WINDOWS\System32\Drivers\avgclean.sys
10760 bytes
Created: 30/11/2006
Modified: 21/12/2007
Company: GRISOFT, s.r.o.
----------
Key: AVGEMS
ImagePath: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
406528 bytes
Created: 30/11/2006
Modified: 21/12/2007
Company: GRISOFT, s.r.o.
----------
Key: AvgTdi
ImagePath: \SystemRoot\System32\Drivers\avgtdi.sys
C:\WINDOWS\System32\Drivers\avgtdi.sys
4960 bytes
Created: 30/11/2006
Modified: 30/11/2006
Company: GRISOFT, s.r.o.
----------
Key: bdfdll
ImagePath: \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys
C:\Program Files\Softwin\BitDefender10\bdfdll.sys
8704 bytes
Created: 04/12/2006
Modified: 04/12/2006
Company:
----------
Key: BDRsDrv
ImagePath: \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys
C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys - this registry value has been removed [file not found to scan]
ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
----------
Key: bdss
ImagePath: "C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
81920 bytes
Created: 19/01/2007
Modified: 19/01/2007
Company:
----------
Key: Cdrom
ImagePath: system32\DRIVERS\cdrom.sys
C:\WINDOWS\system32\DRIVERS\cdrom.sys
49536 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: CiSvc
ImagePath: %SystemRoot%\system32\cisvc.exe
C:\WINDOWS\system32\cisvc.exe
5632 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: ClipSrv
ImagePath: %SystemRoot%\system32\clipsrv.exe
C:\WINDOWS\system32\clipsrv.exe
33280 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: COMSysApp
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: diperto5c29-39cf
ImagePath: \??\C:\WINDOWS\system32\diperto5c29-39cf.sys
C:\WINDOWS\system32\diperto5c29-39cf.sys - this registry value has been removed [file not found to scan]
ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
----------
Key: Disk
ImagePath: system32\DRIVERS\disk.sys
C:\WINDOWS\system32\DRIVERS\disk.sys
36352 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: dmadmin
ImagePath: %SystemRoot%\System32\dmadmin.exe /com
C:\WINDOWS\System32\dmadmin.exe
225280 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corp., Veritas Software
----------
Key: dmboot
ImagePath: System32\drivers\dmboot.sys
C:\WINDOWS\System32\drivers\dmboot.sys
800256 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corp., Veritas Software
----------
Key: dmio
ImagePath: System32\drivers\dmio.sys
C:\WINDOWS\System32\drivers\dmio.sys
154496 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corp., Veritas Software
----------
Key: dmload
ImagePath: System32\drivers\dmload.sys
C:\WINDOWS\System32\drivers\dmload.sys
5888 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corp., Veritas Software.
----------
Key: DMusic
ImagePath: system32\drivers\DMusic.sys
C:\WINDOWS\system32\drivers\DMusic.sys
52864 bytes
Created: 30/11/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: drmkaud
ImagePath: system32\drivers\drmkaud.sys
C:\WINDOWS\system32\drivers\drmkaud.sys
2944 bytes
Created: 30/11/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: Esdpdx01
ImagePath: \??\C:\WINDOWS\system32\Drivers\ESDPDX01.SYS
C:\WINDOWS\system32\Drivers\ESDPDX01.SYS
58314 bytes
Created: 28/11/2002
Modified: 28/11/2002
Company: MK Systems CO., LTD.
----------
Key: Eventlog
ImagePath: %SystemRoot%\system32\services.exe
C:\WINDOWS\system32\services.exe
108544 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Fdc
ImagePath: system32\DRIVERS\fdc.sys
C:\WINDOWS\system32\DRIVERS\fdc.sys
27392 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Flpydisk
ImagePath: system32\DRIVERS\flpydisk.sys
C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20480 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: FltMgr
ImagePath: system32\DRIVERS\fltMgr.sys
C:\WINDOWS\system32\DRIVERS\fltMgr.sys
128896 bytes
Created: 29/11/2006
Modified: 21/08/2006
Company: Microsoft Corporation
----------
Key: Ftdisk
ImagePath: system32\DRIVERS\ftdisk.sys
C:\WINDOWS\system32\DRIVERS\ftdisk.sys
126080 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: gagp30kx
ImagePath: system32\DRIVERS\gagp30kx.sys
C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
46464 bytes
Created: 29/11/2006
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: Gpc
ImagePath: system32\DRIVERS\msgpc.sys
C:\WINDOWS\system32\DRIVERS\msgpc.sys
35072 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: HidUsb
ImagePath: system32\DRIVERS\hidusb.sys
C:\WINDOWS\system32\DRIVERS\hidusb.sys
9600 bytes
Created: 01/12/2006
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: HTTP
ImagePath: System32\Drivers\HTTP.sys
C:\WINDOWS\System32\Drivers\HTTP.sys
262784 bytes
Created: 05/08/2004
Modified: 17/03/2006
Company: Microsoft Corporation
----------
Key: i8042prt
ImagePath: system32\DRIVERS\i8042prt.sys
C:\WINDOWS\system32\DRIVERS\i8042prt.sys
54400 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Imapi
ImagePath: system32\DRIVERS\imapi.sys
C:\WINDOWS\system32\DRIVERS\imapi.sys
41856 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: ImapiService
ImagePath: C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Ip6Fw
ImagePath: system32\DRIVERS\Ip6Fw.sys
C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
29056 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: IpFilterDriver
ImagePath: system32\DRIVERS\ipfltdrv.sys
C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
32896 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: IpInIp
ImagePath: system32\DRIVERS\ipinip.sys
C:\WINDOWS\system32\DRIVERS\ipinip.sys
20992 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: IpNat
ImagePath: system32\DRIVERS\ipnat.sys
C:\WINDOWS\system32\DRIVERS\ipnat.sys
134912 bytes
Created: 05/08/2004
Modified: 29/09/2004
Company: Microsoft Corporation
----------
Key: iPod Service
ImagePath: "C:\Program Files\iPod\bin\iPodService.exe"
C:\Program Files\iPod\bin\iPodService.exe - this registry value has been removed [file not found to scan]
ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
----------
Key: IPSec
ImagePath: system32\DRIVERS\ipsec.sys
C:\WINDOWS\system32\DRIVERS\ipsec.sys
74752 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: IRENUM
ImagePath: system32\DRIVERS\irenum.sys
C:\WINDOWS\system32\DRIVERS\irenum.sys
11264 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: isapnp
ImagePath: system32\DRIVERS\isapnp.sys
C:\WINDOWS\system32\DRIVERS\isapnp.sys
36224 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Kbdclass
ImagePath: system32\DRIVERS\kbdclass.sys
C:\WINDOWS\system32\DRIVERS\kbdclass.sys
25216 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: kmixer
ImagePath: system32\drivers\kmixer.sys
C:\WINDOWS\system32\drivers\kmixer.sys
172416 bytes
Created: 30/11/2006
Modified: 14/06/2006
Company: Microsoft Corporation
----------
Key: LIVESRV
ImagePath: "C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
237568 bytes
Created: 22/10/2007
Modified: 22/10/2007
Company: SOFTWIN S.R.L.
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/06/2003
Modified: 19/06/2003
Company: Microsoft Corporation
----------
Key: mnmsrvc
ImagePath: C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\mnmsrvc.exe
32768 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Mouclass
ImagePath: system32\DRIVERS\mouclass.sys
C:\WINDOWS\system32\DRIVERS\mouclass.sys
23680 bytes
Created: 04/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: mouhid
ImagePath: system32\DRIVERS\mouhid.sys
C:\WINDOWS\system32\DRIVERS\mouhid.sys
12288 bytes
Created: 01/12/2006
Modified: 23/08/2001
Company: Microsoft Corporation
----------
Key: MRxDAV
ImagePath: system32\DRIVERS\mrxdav.sys
C:\WINDOWS\system32\DRIVERS\mrxdav.sys
179584 bytes
Created: 05/08/2004
Modified: 18/12/2007
Company: Microsoft Corporation
----------
Key: MRxSmb
ImagePath: system32\DRIVERS\mrxsmb.sys
C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
453120 bytes
Created: 05/08/2004
Modified: 05/05/2006
Company: Microsoft Corporation
----------
Key: MSDTC
ImagePath: C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\msdtc.exe
6144 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: MSIServer
ImagePath: C:\WINDOWS\system32\msiexec.exe /V
C:\WINDOWS\system32\msiexec.exe
78848 bytes
Created: 05/08/2004
Modified: 04/05/2005
Company: Microsoft Corporation
----------
Key: MSKSSRV
ImagePath: system32\drivers\MSKSSRV.sys
C:\WINDOWS\system32\drivers\MSKSSRV.sys
7552 bytes
Created: 30/11/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: MSPCLOCK
ImagePath: system32\drivers\MSPCLOCK.sys
C:\WINDOWS\system32\drivers\MSPCLOCK.sys
5376 bytes
Created: 30/11/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: MSPQM
ImagePath: system32\drivers\MSPQM.sys
C:\WINDOWS\system32\drivers\MSPQM.sys
4992 bytes
Created: 30/11/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: mssmbios
ImagePath: system32\DRIVERS\mssmbios.sys
C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15488 bytes
Created: 04/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: MSSQL$MICROSOFTSMLBIZ
ImagePath: "C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
9150464 bytes
Created: 04/05/2005
Modified: 04/05/2005
Company: Microsoft Corporation
----------
Key: MSSQLServerADHelper
ImagePath: "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe"
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
73728 bytes
Created: 03/05/2005
Modified: 03/05/2005
Company: Microsoft Corporation
----------
Key: msupdate
ImagePath: c:\windows\system32\msvcrtd.exe
c:\windows\system32\msvcrtd.exe
35840 bytes
Created: 12/02/2008
Modified: 12/02/2008
Company:
c:\windows\system32\msvcrtd.exe appears to be in-use/locked
c:\windows\system32\msvcrtd.exe - this registry value has been removed
ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
c:\windows\system32\msvcrtd.exe - process is either not running or could not be terminated
c:\windows\system32\msvcrtd.exe - file ownership assigned to: PC-VTE-2\VAUDAUX SA
c:\windows\system32\msvcrtd.exe - process is either not running or could not be terminated
ERROR: Unhandled Exception calling TFileStream.Create/Free in procedure MainForm.ExtractFileFromResource
[File Utility could not be created]
[Error initialising File Utility]
c:\windows\system32\msvcrtd.exe - marked for renaming when the PC is restarted
----------
Key: NdisTapi
ImagePath: system32\DRIVERS\ndistapi.sys
C:\WINDOWS\system32\DRIVERS\ndistapi.sys
9600 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Ndisuio
ImagePath: system32\DRIVERS\ndisuio.sys
C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12928 bytes
Created: 04/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NdisWan
ImagePath: system32\DRIVERS\ndiswan.sys
C:\WINDOWS\system32\DRIVERS\ndiswan.sys
91776 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NetBIOS
ImagePath: system32\DRIVERS\netbios.sys
C:\WINDOWS\system32\DRIVERS\netbios.sys
34560 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NetBT
ImagePath: system32\DRIVERS\netbt.sys
C:\WINDOWS\system32\DRIVERS\netbt.sys
162816 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NetDDE
ImagePath: %SystemRoot%\system32\netdde.exe
C:\WINDOWS\system32\netdde.exe
114176 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NetDDEdsdm
ImagePath: %SystemRoot%\system32\netdde.exe
C:\WINDOWS\system32\netdde.exe
114176 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Netlogon
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NtLmSsp
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: nv
ImagePath: system32\DRIVERS\nv4_mini.sys
C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
1897408 bytes
Created: 29/11/2006
Modified: 03/08/2004
Company: NVIDIA Corporation
----------
Key: NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys
C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12416 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys
C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
32512 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003
Modified: 28/07/2003
Company: Microsoft Corporation
----------
Key: Parport
ImagePath: system32\DRIVERS\parport.sys
C:\WINDOWS\system32\DRIVERS\parport.sys
80384 bytes
Created: 04/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: PCI
ImagePath: system32\DRIVERS\pci.sys
C:\WINDOWS\system32\DRIVERS\pci.sys
68608 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: PlugPlay
ImagePath: %SystemRoot%\system32\services.exe
C:\WINDOWS\system32\services.exe
108544 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: PolicyAgent
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: PptpMiniport
ImagePath: system32\DRIVERS\raspptp.sys
C:\WINDOWS\system32\DRIVERS\raspptp.sys
48384 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Processor
ImagePath: system32\DRIVERS\processr.sys
C:\WINDOWS\system32\DRIVERS\processr.sys
39552 bytes
Created: 04/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Profos
ImagePath: \??\C:\PROGRA~1\Softwin\BITDEF~1\profos.sys
C:\PROGRA~1\Softwin\BITDEF~1\profos.sys
13568 bytes
Created: 19/08/2006
Modified: 19/08/2006
Company:
----------
Key: ProtectedStorage
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: PSched
ImagePath: system32\DRIVERS\psched.sys
C:\WINDOWS\system32\DRIVERS\psched.sys
69120 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Ptilink
ImagePath: system32\DRIVERS\ptilink.sys
C:\WINDOWS\system32\DRIVERS\ptilink.sys
17792 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Parallel Technologies, Inc.
----------
Key: RasAcd
ImagePath: system32\DRIVERS\rasacd.sys
C:\WINDOWS\system32\DRIVERS\rasacd.sys
8832 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Rasl2tp
ImagePath: system32\DRIVERS\rasl2tp.sys
C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
51328 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: RasPppoe
ImagePath: system32\DRIVERS\raspppoe.sys
C:\WINDOWS\system32\DRIVERS\raspppoe.sys
41472 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Raspti
ImagePath: system32\DRIVERS\raspti.sys
C:\WINDOWS\system32\DRIVERS\raspti.sys
16512 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Rdbss
ImagePath: system32\DRIVERS\rdbss.sys
C:\WINDOWS\system32\DRIVERS\rdbss.sys
174592 bytes
Created: 05/08/2004
Modified: 05/05/2006
Company: Microsoft Corporation
----------
Key: RDPCDD
ImagePath: System32\DRIVERS\RDPCDD.sys
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
4224 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: rdpdr
ImagePath: system32\DRIVERS\rdpdr.sys
C:\WINDOWS\system32\DRIVERS\rdpdr.sys
196864 bytes
Created: 29/11/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: RDSessMgr
ImagePath: C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\sessmgr.exe
142336 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: redbook
ImagePath: system32\DRIVERS\redbook.sys
C:\WINDOWS\system32\DRIVERS\redbook.sys
58496 bytes
Created: 29/11/2006
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: RpcLocator
ImagePath: %SystemRoot%\system32\locator.exe
C:\WINDOWS\system32\locator.exe
75264 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: RSVP
ImagePath: %SystemRoot%\system32\rsvp.exe
C:\WINDOWS\system32\rsvp.exe
132608 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: SamSs
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: SCardSvr
ImagePath: %SystemRoot%\System32\SCardSvr.exe
C:\WINDOWS\System32\SCardSvr.exe
100352 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Secdrv
ImagePath: system32\DRIVERS\secdrv.sys
C:\WINDOWS\system32\DRIVERS\secdrv.sys
20480 bytes
Created: 05/08/2004
Modified: 13/11/2007
Company: Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
----------
Key: serenum
ImagePath: system32\DRIVERS\serenum.sys
C:\WINDOWS\system32\DRIVERS\serenum.sys
15488 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: system32\DRIVERS\serial.sys
C:\WINDOWS\system32\DRIVERS\serial.sys
66560 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
578368 bytes
Created: 30/11/2006
Modified: 15/07/2003
Company: Analog Devices, Inc.
----------
Key: SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created: 30/11/2006
Modified: 20/09/2002
Company: Analog Devices, Inc.
----------
Key: splitter
ImagePath: system32\drivers\splitter.sys
C:\WINDOWS\system32\drivers\splitter.sys
6400 bytes
Created: 30/11/2006
Modified: 14/06/2006
Company: Microsoft Corporation
----------
Key: Spooler
ImagePath: %SystemRoot%\system32\spoolsv.exe
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 05/08/2004
Modified: 11/06/2005
Company: Microsoft Corporation
----------
Key: SQLAgent$MICROSOFTSMLBIZ
ImagePath: "C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE
323584 bytes
Created: 03/05/2005
Modified: 03/05/2005
Company: Microsoft Corporation
----------
Key: sr
ImagePath: system32\DRIVERS\sr.sys
C:\WINDOWS\system32\DRIVERS\sr.sys
73600 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Srv
ImagePath: system32\DRIVERS\srv.sys
C:\WINDOWS\system32\DRIVERS\srv.sys
332928 bytes
Created: 05/08/2004
Modified: 14/08/2006
Company: Microsoft Corporation
----------
Key: swenum
ImagePath: system32\DRIVERS\swenum.sys
C:\WINDOWS\system32\DRIVERS\swenum.sys
4352 bytes
Created: 03/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: swmidi
ImagePath: system32\drivers\swmidi.sys
C:\WINDOWS\system32\drivers\swmidi.sys
54272 bytes
Created: 30/11/2006
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{84950551-B26F-4BD6-A8AB-57AF48EC1149}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: sysaudio
ImagePath: system32\drivers\sysaudio.sys
C:\WINDOWS\system32\drivers\sysaudio.sys
60800 bytes
Created: 30/11/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: SysLibrary
ImagePath: \??\C:\WINDOWS\system32\DefLib.sys
C:\WINDOWS\system32\DefLib.sys - this registry value has been removed [file not found to scan]
ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
----------
Key: SysmonLog
ImagePath: %SystemRoot%\system32\smlogsvc.exe
C:\WINDOWS\system32\smlogsvc.exe
93184 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Tcpip
ImagePath: system32\DRIVERS\tcpip.sys
C:\WINDOWS\system32\DRIVERS\tcpip.sys
360064 bytes
Created: 05/08/2004
Modified: 30/10/2007
Company: Microsoft Corporation
----------
Key: TermDD
ImagePath: system32\DRIVERS\termdd.sys
C:\WINDOWS\system32\DRIVERS\termdd.sys
40840 bytes
Created: 29/11/2006
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: TlntSvr
ImagePath: C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\tlntsvr.exe
75264 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Trufos
ImagePath: \??\C:\PROGRA~1\Softwin\BITDEF~1\trufos.sys
C:\PROGRA~1\Softwin\BITDEF~1\trufos.sys
22656 bytes
Created: 16/08/2006
Modified: 16/08/2006
Company:
----------
Key: Update
ImagePath: system32\DRIVERS\update.sys
C:\WINDOWS\system32\DRIVERS\update.sys
209408 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: UPS
ImagePath: %SystemRoot%\System32\ups.exe
C:\WINDOWS\System32\ups.exe
18432 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: usbehci
ImagePath: system32\DRIVERS\usbehci.sys
C:\WINDOWS\system32\DRIVERS\usbehci.sys
26624 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: usbhub
ImagePath: system32\DRIVERS\usbhub.sys
C:\WINDOWS\system32\DRIVERS\usbhub.sys
57600 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: usbscan
ImagePath: system32\DRIVERS\usbscan.sys
C:\WINDOWS\system32\DRIVERS\usbscan.sys
15104 bytes
Created: 01/12/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: USBSTOR
ImagePath: system32\DRIVERS\USBSTOR.SYS
C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
26496 bytes
Created: 30/11/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: usbuhci
ImagePath: system32\DRIVERS\usbuhci.sys
C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20480 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 19/01/2007
Modified: 19/01/2007
Company: Microsoft Corporation
----------
Key: VgaSave
ImagePath: \SystemRoot\System32\drivers\vga.sys
C:\WINDOWS\System32\drivers\vga.sys
20992 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: ViaIde
ImagePath: system32\DRIVERS\viaide.sys
C:\WINDOWS\system32\DRIVERS\viaide.sys
5376 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: viasraid
ImagePath: system32\DRIVERS\viasraid.sys
C:\WINDOWS\system32\DRIVERS\viasraid.sys
-R- 77312 bytes
Created: 30/11/2006
Modified: 31/10/2003
Company: VIA Technologies inc,.ltd
----------
Key: VSS
ImagePath: %SystemRoot%\System32\vssvc.exe
C:\WINDOWS\System32\vssvc.exe
295424 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: VSSERV
ImagePath: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
C:\Program Files\Softwin\BitDefender10\vsserv.exe
462848 bytes
Created: 24/10/2007
Modified: 24/10/2007
Company: SOFTWIN S.R.L.
----------
Key: Wanarp
ImagePath: system32\DRIVERS\wanarp.sys
C:\WINDOWS\system32\DRIVERS\wanarp.sys
34560 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: wdmaud
ImagePath: system32\drivers\wdmaud.sys
C:\WINDOWS\system32\drivers\wdmaud.sys
82944 bytes
Created: 30/11/2006
Modified: 14/06/2006
Company: Microsoft Corporation
----------
Key: wer32
ImagePath: \??\C:\WINDOWS\system32\jkghje.dll
C:\WINDOWS\system32\jkghje.dll
54762 bytes
Created: 12/02/2008
Modified: 12/02/2008
Company:
C:\WINDOWS\system32\jkghje.dll appears to be in-use/locked
C:\WINDOWS\system32\jkghje.dll - this registry value has been removed
ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
C:\WINDOWS\system32\jkghje.dll - unable to take ownership/change permissions (file may not exist)
ERROR: Unhandled Exception calling TFileStream.Create/Free in procedure MainForm.ExtractFileFromResource
[File Utility could not be created]
[Error initialising File Utility]
C:\WINDOWS\system32\jkghje.dll - marked for renaming when the PC is restarted
----------
Key: WinDefend
ImagePath: "C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Program Files\Windows Defender\MsMpEng.exe
13592 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
Key: WmiApSrv
ImagePath: C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
126464 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: WMPNetworkSvc
ImagePath: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
C:\Program Files\Windows Media Player\WMPNetwk.exe
918016 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
Key: WudfPf
ImagePath: system32\DRIVERS\WudfPf.sys
C:\WINDOWS\s
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.7.2515. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 21/02/2008 13:54:36
Using Database v6939
Operating System: Windows XP SP2
File System: NTFS
Data directory: C:\Documents and Settings\VAUDAUX SA\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\VAUDAUX SA\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
**************************************************
The following Anti-Malware program(s) are loaded:
[AV Warnings are suppressed]
AVG Anti-Virus
Microsoft Windows Defender
**************************************************
**************************************************
13:54:36: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
**************************************************
13:54:36: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
**************************************************
13:54:36: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
**************************************************
13:54:37: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 05/08/2004
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: AVG7_CC
Value Data: C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
579072 bytes
Created: 30/11/2006
Modified: 21/12/2007
Company: GRISOFT, s.r.o.
--------------------
Value Name: Acrobat Assistant 7.0
Value Data: "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
483328 bytes
Created: 24/09/2005
Modified: 12/01/2006
Company: Adobe Systems Inc.
--------------------
Value Name:
Value Data:
The Value Data for this entry appears to be blank
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
132496 bytes
Created: 14/11/2007
Modified: 25/09/2007
Company: Sun Microsystems, Inc.
--------------------
Value Name: Windows Defender
Value Data: "C:\Program Files\Windows Defender\MSASCui.exe" -hide
C:\Program Files\Windows Defender\MSASCui.exe
866584 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
--------------------
Value Name: TkBellExe
Value Data: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
185896 bytes
Created: 18/01/2007
Modified: 18/01/2007
Company: RealNetworks, Inc.
--------------------
Value Name: ISUSPM
Value Data: "C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" -scheduler
C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe [file not found to scan]
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\qttask.exe" -atboottime
C:\Program Files\QuickTime\qttask.exe
282624 bytes
Created: 01/09/2006
Modified: 01/09/2006
Company: Apple Computer, Inc.
--------------------
Value Name: NeroFilterCheck
Value Data: C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe
153136 bytes
Created: 01/03/2007
Modified: 01/03/2007
Company: Nero AG
--------------------
Value Name: NBKeyScan
Value Data: "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
2213160 bytes
Created: 03/12/2007
Modified: 03/12/2007
Company: Nero AG
--------------------
Value Name: 986fac69
Value Data: rundll32.exe "C:\WINDOWS\system32\fefmorpb.dll",b
C:\WINDOWS\system32\fefmorpb.dll [file not found to scan]
--------------------
Value Name: BDMCon
Value Data: C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdmcon.exe
290816 bytes
Created: 02/04/2007
Modified: 02/04/2007
Company: SOFTWIN S.R.L.
--------------------
Value Name: BDAgent
Value Data: "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
C:\Program Files\Softwin\BitDefender10\bdagent.exe
69632 bytes
Created: 26/03/2007
Modified: 26/03/2007
Company: SOFTWIN S.R.L.
--------------------
Value Name: spa_start
Value Data: C:\WINDOWS\System32\Rundll32.exe "C:\WINDOWS\system32\sprt_ads.dll" DllStart
C:\WINDOWS\system32\sprt_ads.dll
60928 bytes
Created: 20/02/2008
Modified: 20/02/2008
Company:
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
863824 bytes
Created: 21/02/2008
Modified: 21/02/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Value Name: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
Value Data: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe
1688872 bytes
Created: 13/12/2007
Modified: 13/12/2007
Company: Nero AG
--------------------
Value Name: Firewall auto setup
Value Data: C:\DOCUME~1\VAUDAU~1\LOCALS~1\Temp\winlogon.exe
C:\DOCUME~1\VAUDAU~1\LOCALS~1\Temp\winlogon.exe [file not found to scan]
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
**************************************************
13:54:38: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WINDOW~4\MpShHook.dll
C:\PROGRA~1\WINDOW~4\MpShHook.dll
83224 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
**************************************************
13:54:38: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
**************************************************
13:54:38: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\ssmypics.scr
C:\WINDOWS\system32\ssmypics.scr
47104 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
**************************************************
13:54:38: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
Path: C:\WINDOWS\system32\ieudinit.exe
C:\WINDOWS\system32\ieudinit.exe
13824 bytes
Created: 07/11/2006
Modified: 06/12/2007
Company: Microsoft Corporation
----------
Key: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: C:\WINDOWS\inf\unregmp2.exe
C:\WINDOWS\inf\unregmp2.exe
318976 bytes
Created: 05/08/2004
Modified: 29/06/2007
Company: Microsoft Corporation
----------
Key: >{26923b43-4d38-484f-9b9e-de460746276c}
Path: C:\WINDOWS\system32\ie4uinit.exe
C:\WINDOWS\system32\ie4uinit.exe
70656 bytes
Created: 05/08/2004
Modified: 06/12/2007
Company: Microsoft Corporation
----------
Key: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
Path: %systemroot%\system32\shmgrate.exe
C:\WINDOWS\system32\shmgrate.exe
42496 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Path: %SystemRoot%\system32\regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
12288 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: %ProgramFiles%\Outlook Express\setup50.exe
C:\Program Files\Outlook Express\setup50.exe
73728 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: %ProgramFiles%\Outlook Express\setup50.exe
C:\Program Files\Outlook Express\setup50.exe
73728 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: {89820200-ECBD-11cf-8B85-00AA005B4340}
Path: regsvr32.exe
C:\WINDOWS\system32\regsvr32.exe
12288 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: C:\WINDOWS\system32\ie4uinit.exe
C:\WINDOWS\system32\ie4uinit.exe
70656 bytes
Created: 05/08/2004
Modified: 06/12/2007
Company: Microsoft Corporation
----------
**************************************************
13:54:39: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: Alerter
Path: %SystemRoot%\system32\alrsvc.dll
C:\WINDOWS\system32\alrsvc.dll
17408 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: AppMgmt
Path: %SystemRoot%\System32\appmgmts.dll
C:\WINDOWS\System32\appmgmts.dll
176640 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: AudioSrv
Path: %SystemRoot%\System32\audiosrv.dll
C:\WINDOWS\System32\audiosrv.dll
42496 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: BITS
Path: C:\WINDOWS\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: Browser
Path: %SystemRoot%\System32\browser.dll
C:\WINDOWS\System32\browser.dll
77312 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: CryptSvc
Path: %SystemRoot%\System32\cryptsvc.dll
C:\WINDOWS\System32\cryptsvc.dll
60416 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: DcomLaunch
Path: %SystemRoot%\system32\rpcss.dll
C:\WINDOWS\system32\rpcss.dll
397824 bytes
Created: 05/08/2004
Modified: 26/07/2005
Company: Microsoft Corporation
--------------------
Key: Dhcp
Path: %SystemRoot%\System32\dhcpcsvc.dll
C:\WINDOWS\System32\dhcpcsvc.dll
112128 bytes
Created: 05/08/2004
Modified: 19/05/2006
Company: Microsoft Corporation
--------------------
Key: dmserver
Path: %SystemRoot%\System32\dmserver.dll
C:\WINDOWS\System32\dmserver.dll
24576 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corp.
--------------------
Key: Dnscache
Path: %SystemRoot%\System32\dnsrslvr.dll
C:\WINDOWS\System32\dnsrslvr.dll
45568 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: ERSvc
Path: %SystemRoot%\System32\ersvc.dll
C:\WINDOWS\System32\ersvc.dll
23040 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: EventSystem
Path: C:\WINDOWS\system32\es.dll
C:\WINDOWS\system32\es.dll
243200 bytes
Created: 05/08/2004
Modified: 26/07/2005
Company: Microsoft Corporation
--------------------
Key: FastUserSwitchingCompatibility
Path: %SystemRoot%\System32\shsvcs.dll
C:\WINDOWS\System32\shsvcs.dll
135168 bytes
Created: 05/08/2004
Modified: 19/12/2006
Company: Microsoft Corporation
--------------------
Key: helpsvc
Path: %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
38912 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: HTTPFilter
Path: %SystemRoot%\System32\w3ssl.dll
C:\WINDOWS\System32\w3ssl.dll
15872 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: lanmanserver
Path: %SystemRoot%\System32\srvsvc.dll
C:\WINDOWS\System32\srvsvc.dll
96768 bytes
Created: 05/08/2004
Modified: 07/12/2004
Company: Microsoft Corporation
--------------------
Key: lanmanworkstation
Path: %SystemRoot%\System32\wkssvc.dll
C:\WINDOWS\System32\wkssvc.dll
132096 bytes
Created: 05/08/2004
Modified: 17/08/2006
Company: Microsoft Corporation
--------------------
Key: LmHosts
Path: %SystemRoot%\System32\lmhsvc.dll
C:\WINDOWS\System32\lmhsvc.dll
13824 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: Messenger
Path: %SystemRoot%\System32\msgsvc.dll
C:\WINDOWS\System32\msgsvc.dll
33792 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: Netman
Path: %SystemRoot%\System32\netman.dll
C:\WINDOWS\System32\netman.dll
197632 bytes
Created: 05/08/2004
Modified: 22/08/2005
Company: Microsoft Corporation
--------------------
Key: Nla
Path: %SystemRoot%\System32\mswsock.dll
C:\WINDOWS\System32\mswsock.dll
247808 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: NtmsSvc
Path: %SystemRoot%\system32\ntmssvc.dll
C:\WINDOWS\system32\ntmssvc.dll
438272 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: RasAuto
Path: %SystemRoot%\System32\rasauto.dll
C:\WINDOWS\System32\rasauto.dll
89088 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: RasMan
Path: %SystemRoot%\System32\rasmans.dll
C:\WINDOWS\System32\rasmans.dll
181248 bytes
Created: 05/08/2004
Modified: 22/06/2006
Company: Microsoft Corporation
--------------------
Key: RemoteAccess
Path: %SystemRoot%\System32\mprdim.dll
C:\WINDOWS\System32\mprdim.dll
49152 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: RemoteRegistry
Path: %SystemRoot%\system32\regsvc.dll
C:\WINDOWS\system32\regsvc.dll
59904 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: RpcSs
Path: %SystemRoot%\system32\rpcss.dll
C:\WINDOWS\system32\rpcss.dll
397824 bytes
Created: 05/08/2004
Modified: 26/07/2005
Company: Microsoft Corporation
--------------------
Key: Schedule
Path: %SystemRoot%\system32\schedsvc.dll
C:\WINDOWS\system32\schedsvc.dll
193024 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: seclogon
Path: %SystemRoot%\System32\seclogon.dll
C:\WINDOWS\System32\seclogon.dll
18944 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: SENS
Path: %SystemRoot%\system32\sens.dll
C:\WINDOWS\system32\sens.dll
38912 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: SharedAccess
Path: %SystemRoot%\System32\ipnathlp.dll
C:\WINDOWS\System32\ipnathlp.dll
332800 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: ShellHWDetection
Path: %SystemRoot%\System32\shsvcs.dll
C:\WINDOWS\System32\shsvcs.dll
135168 bytes
Created: 05/08/2004
Modified: 19/12/2006
Company: Microsoft Corporation
--------------------
Key: srservice
Path: C:\WINDOWS\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171008 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: SSDPSRV
Path: %SystemRoot%\System32\ssdpsrv.dll
C:\WINDOWS\System32\ssdpsrv.dll
71680 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: stisvc
Path: %SystemRoot%\system32\wiaservc.dll
C:\WINDOWS\system32\wiaservc.dll
334336 bytes
Created: 05/08/2004
Modified: 19/12/2006
Company: Microsoft Corporation
--------------------
Key: TapiSrv
Path: %SystemRoot%\System32\tapisrv.dll
C:\WINDOWS\System32\tapisrv.dll
249344 bytes
Created: 05/08/2004
Modified: 08/07/2005
Company: Microsoft Corporation
--------------------
Key: TermService
Path: %SystemRoot%\System32\termsrv.dll
C:\WINDOWS\System32\termsrv.dll
297984 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: Themes
Path: %SystemRoot%\System32\shsvcs.dll
C:\WINDOWS\System32\shsvcs.dll
135168 bytes
Created: 05/08/2004
Modified: 19/12/2006
Company: Microsoft Corporation
--------------------
Key: TrkWks
Path: %SystemRoot%\system32\trkwks.dll
C:\WINDOWS\system32\trkwks.dll
90624 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: upnphost
Path: %SystemRoot%\System32\upnphost.dll
C:\WINDOWS\System32\upnphost.dll
185344 bytes
Created: 05/08/2004
Modified: 05/02/2007
Company: Microsoft Corporation
--------------------
Key: W32Time
Path: C:\WINDOWS\system32\w32time.dll
C:\WINDOWS\system32\w32time.dll
177664 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: WebClient
Path: %SystemRoot%\System32\webclnt.dll
C:\WINDOWS\System32\webclnt.dll
68096 bytes
Created: 05/08/2004
Modified: 04/01/2006
Company: Microsoft Corporation
--------------------
Key: winmgmt
Path: %SystemRoot%\system32\wbem\WMIsvc.dll
C:\WINDOWS\system32\wbem\WMIsvc.dll
145408 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: WmdmPmSN
Path: C:\WINDOWS\system32\MsPMSNSv.dll
C:\WINDOWS\system32\MsPMSNSv.dll
27136 bytes
Created: 05/08/2004
Modified: 18/10/2006
Company: Microsoft Corporation
--------------------
Key: Wmi
Path: %SystemRoot%\System32\advapi32.dll
C:\WINDOWS\System32\advapi32.dll
685056 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: wscsvc
Path: %SYSTEMROOT%\system32\wscsvc.dll
C:\WINDOWS\system32\wscsvc.dll
81408 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: wuauserv
Path: C:\WINDOWS\system32\wuauserv.dll
C:\WINDOWS\system32\wuauserv.dll
6656 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: WudfSvc
Path: %SystemRoot%\System32\WUDFSvc.dll
C:\WINDOWS\System32\WUDFSvc.dll
55808 bytes
Created: 28/09/2006
Modified: 28/09/2006
Company: Microsoft Corporation
--------------------
Key: WZCSVC
Path: %SystemRoot%\System32\wzcsvc.dll
C:\WINDOWS\System32\wzcsvc.dll
359936 bytes
Created: 04/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
Key: xmlprov
Path: %SystemRoot%\System32\xmlprov.dll
C:\WINDOWS\System32\xmlprov.dll
129536 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
--------------------
**************************************************
13:54:42: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ACPI
ImagePath: system32\DRIVERS\ACPI.sys
C:\WINDOWS\system32\DRIVERS\ACPI.sys
188672 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Adobe LM Service
ImagePath: "C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
69632 bytes
Created: 30/11/2006
Modified: 30/11/2006
Company: Adobe Systems
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
4816 bytes
Created: 30/11/2006
Modified: 01/04/2002
Company: Andrea Electronics Corporation
----------
Key: aec
ImagePath: system32\drivers\aec.sys
C:\WINDOWS\system32\drivers\aec.sys
142464 bytes
Created: 30/11/2006
Modified: 15/02/2006
Company: Microsoft Corporation
----------
Key: AFD
ImagePath: \SystemRoot\System32\drivers\afd.sys
C:\WINDOWS\System32\drivers\afd.sys
138496 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: ALG
ImagePath: %SystemRoot%\System32\alg.exe
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
32768 bytes
Created: 15/07/2004
Modified: 15/07/2004
Company: Microsoft Corporation
----------
Key: AsyncMac
ImagePath: system32\DRIVERS\asyncmac.sys
C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14336 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
95360 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Atmarpc
ImagePath: system32\DRIVERS\atmarpc.sys
C:\WINDOWS\system32\DRIVERS\atmarpc.sys
59904 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: audstub
ImagePath: system32\DRIVERS\audstub.sys
C:\WINDOWS\system32\DRIVERS\audstub.sys
3072 bytes
Created: 29/11/2006
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: Avg7Alrt
ImagePath: C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
418816 bytes
Created: 30/11/2006
Modified: 25/10/2007
Company: GRISOFT, s.r.o.
----------
Key: Avg7Core
ImagePath: \SystemRoot\System32\Drivers\avg7core.sys
C:\WINDOWS\System32\Drivers\avg7core.sys
821856 bytes
Created: 30/11/2006
Modified: 25/10/2007
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsW
ImagePath: \SystemRoot\System32\Drivers\avg7rsw.sys
C:\WINDOWS\System32\Drivers\avg7rsw.sys
4224 bytes
Created: 30/11/2006
Modified: 30/11/2006
Company: GRISOFT, s.r.o.
----------
Key: Avg7RsXP
ImagePath: \SystemRoot\System32\Drivers\avg7rsxp.sys
C:\WINDOWS\System32\Drivers\avg7rsxp.sys
27776 bytes
Created: 30/11/2006
Modified: 24/02/2007
Company: GRISOFT, s.r.o.
----------
Key: Avg7UpdSvc
ImagePath: C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
49664 bytes
Created: 30/11/2006
Modified: 30/11/2006
Company: GRISOFT, s.r.o.
----------
Key: AvgClean
ImagePath: \SystemRoot\System32\Drivers\avgclean.sys
C:\WINDOWS\System32\Drivers\avgclean.sys
10760 bytes
Created: 30/11/2006
Modified: 21/12/2007
Company: GRISOFT, s.r.o.
----------
Key: AVGEMS
ImagePath: C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
406528 bytes
Created: 30/11/2006
Modified: 21/12/2007
Company: GRISOFT, s.r.o.
----------
Key: AvgTdi
ImagePath: \SystemRoot\System32\Drivers\avgtdi.sys
C:\WINDOWS\System32\Drivers\avgtdi.sys
4960 bytes
Created: 30/11/2006
Modified: 30/11/2006
Company: GRISOFT, s.r.o.
----------
Key: bdfdll
ImagePath: \??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys
C:\Program Files\Softwin\BitDefender10\bdfdll.sys
8704 bytes
Created: 04/12/2006
Modified: 04/12/2006
Company:
----------
Key: BDRsDrv
ImagePath: \??\C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys
C:\Program Files\Softwin\BitDefender10\bdrsdrv.sys - this registry value has been removed [file not found to scan]
ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
----------
Key: bdss
ImagePath: "C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
81920 bytes
Created: 19/01/2007
Modified: 19/01/2007
Company:
----------
Key: Cdrom
ImagePath: system32\DRIVERS\cdrom.sys
C:\WINDOWS\system32\DRIVERS\cdrom.sys
49536 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: CiSvc
ImagePath: %SystemRoot%\system32\cisvc.exe
C:\WINDOWS\system32\cisvc.exe
5632 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: ClipSrv
ImagePath: %SystemRoot%\system32\clipsrv.exe
C:\WINDOWS\system32\clipsrv.exe
33280 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: COMSysApp
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: diperto5c29-39cf
ImagePath: \??\C:\WINDOWS\system32\diperto5c29-39cf.sys
C:\WINDOWS\system32\diperto5c29-39cf.sys - this registry value has been removed [file not found to scan]
ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
----------
Key: Disk
ImagePath: system32\DRIVERS\disk.sys
C:\WINDOWS\system32\DRIVERS\disk.sys
36352 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: dmadmin
ImagePath: %SystemRoot%\System32\dmadmin.exe /com
C:\WINDOWS\System32\dmadmin.exe
225280 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corp., Veritas Software
----------
Key: dmboot
ImagePath: System32\drivers\dmboot.sys
C:\WINDOWS\System32\drivers\dmboot.sys
800256 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corp., Veritas Software
----------
Key: dmio
ImagePath: System32\drivers\dmio.sys
C:\WINDOWS\System32\drivers\dmio.sys
154496 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corp., Veritas Software
----------
Key: dmload
ImagePath: System32\drivers\dmload.sys
C:\WINDOWS\System32\drivers\dmload.sys
5888 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corp., Veritas Software.
----------
Key: DMusic
ImagePath: system32\drivers\DMusic.sys
C:\WINDOWS\system32\drivers\DMusic.sys
52864 bytes
Created: 30/11/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: drmkaud
ImagePath: system32\drivers\drmkaud.sys
C:\WINDOWS\system32\drivers\drmkaud.sys
2944 bytes
Created: 30/11/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: Esdpdx01
ImagePath: \??\C:\WINDOWS\system32\Drivers\ESDPDX01.SYS
C:\WINDOWS\system32\Drivers\ESDPDX01.SYS
58314 bytes
Created: 28/11/2002
Modified: 28/11/2002
Company: MK Systems CO., LTD.
----------
Key: Eventlog
ImagePath: %SystemRoot%\system32\services.exe
C:\WINDOWS\system32\services.exe
108544 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Fdc
ImagePath: system32\DRIVERS\fdc.sys
C:\WINDOWS\system32\DRIVERS\fdc.sys
27392 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Flpydisk
ImagePath: system32\DRIVERS\flpydisk.sys
C:\WINDOWS\system32\DRIVERS\flpydisk.sys
20480 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: FltMgr
ImagePath: system32\DRIVERS\fltMgr.sys
C:\WINDOWS\system32\DRIVERS\fltMgr.sys
128896 bytes
Created: 29/11/2006
Modified: 21/08/2006
Company: Microsoft Corporation
----------
Key: Ftdisk
ImagePath: system32\DRIVERS\ftdisk.sys
C:\WINDOWS\system32\DRIVERS\ftdisk.sys
126080 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: gagp30kx
ImagePath: system32\DRIVERS\gagp30kx.sys
C:\WINDOWS\system32\DRIVERS\gagp30kx.sys
46464 bytes
Created: 29/11/2006
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: Gpc
ImagePath: system32\DRIVERS\msgpc.sys
C:\WINDOWS\system32\DRIVERS\msgpc.sys
35072 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: HidUsb
ImagePath: system32\DRIVERS\hidusb.sys
C:\WINDOWS\system32\DRIVERS\hidusb.sys
9600 bytes
Created: 01/12/2006
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: HTTP
ImagePath: System32\Drivers\HTTP.sys
C:\WINDOWS\System32\Drivers\HTTP.sys
262784 bytes
Created: 05/08/2004
Modified: 17/03/2006
Company: Microsoft Corporation
----------
Key: i8042prt
ImagePath: system32\DRIVERS\i8042prt.sys
C:\WINDOWS\system32\DRIVERS\i8042prt.sys
54400 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Imapi
ImagePath: system32\DRIVERS\imapi.sys
C:\WINDOWS\system32\DRIVERS\imapi.sys
41856 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: ImapiService
ImagePath: C:\WINDOWS\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Ip6Fw
ImagePath: system32\DRIVERS\Ip6Fw.sys
C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
29056 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: IpFilterDriver
ImagePath: system32\DRIVERS\ipfltdrv.sys
C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
32896 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: IpInIp
ImagePath: system32\DRIVERS\ipinip.sys
C:\WINDOWS\system32\DRIVERS\ipinip.sys
20992 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: IpNat
ImagePath: system32\DRIVERS\ipnat.sys
C:\WINDOWS\system32\DRIVERS\ipnat.sys
134912 bytes
Created: 05/08/2004
Modified: 29/09/2004
Company: Microsoft Corporation
----------
Key: iPod Service
ImagePath: "C:\Program Files\iPod\bin\iPodService.exe"
C:\Program Files\iPod\bin\iPodService.exe - this registry value has been removed [file not found to scan]
ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
----------
Key: IPSec
ImagePath: system32\DRIVERS\ipsec.sys
C:\WINDOWS\system32\DRIVERS\ipsec.sys
74752 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: IRENUM
ImagePath: system32\DRIVERS\irenum.sys
C:\WINDOWS\system32\DRIVERS\irenum.sys
11264 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: isapnp
ImagePath: system32\DRIVERS\isapnp.sys
C:\WINDOWS\system32\DRIVERS\isapnp.sys
36224 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Kbdclass
ImagePath: system32\DRIVERS\kbdclass.sys
C:\WINDOWS\system32\DRIVERS\kbdclass.sys
25216 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: kmixer
ImagePath: system32\drivers\kmixer.sys
C:\WINDOWS\system32\drivers\kmixer.sys
172416 bytes
Created: 30/11/2006
Modified: 14/06/2006
Company: Microsoft Corporation
----------
Key: LIVESRV
ImagePath: "C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
237568 bytes
Created: 22/10/2007
Modified: 22/10/2007
Company: SOFTWIN S.R.L.
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/06/2003
Modified: 19/06/2003
Company: Microsoft Corporation
----------
Key: mnmsrvc
ImagePath: C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\mnmsrvc.exe
32768 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Mouclass
ImagePath: system32\DRIVERS\mouclass.sys
C:\WINDOWS\system32\DRIVERS\mouclass.sys
23680 bytes
Created: 04/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: mouhid
ImagePath: system32\DRIVERS\mouhid.sys
C:\WINDOWS\system32\DRIVERS\mouhid.sys
12288 bytes
Created: 01/12/2006
Modified: 23/08/2001
Company: Microsoft Corporation
----------
Key: MRxDAV
ImagePath: system32\DRIVERS\mrxdav.sys
C:\WINDOWS\system32\DRIVERS\mrxdav.sys
179584 bytes
Created: 05/08/2004
Modified: 18/12/2007
Company: Microsoft Corporation
----------
Key: MRxSmb
ImagePath: system32\DRIVERS\mrxsmb.sys
C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
453120 bytes
Created: 05/08/2004
Modified: 05/05/2006
Company: Microsoft Corporation
----------
Key: MSDTC
ImagePath: C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\msdtc.exe
6144 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: MSIServer
ImagePath: C:\WINDOWS\system32\msiexec.exe /V
C:\WINDOWS\system32\msiexec.exe
78848 bytes
Created: 05/08/2004
Modified: 04/05/2005
Company: Microsoft Corporation
----------
Key: MSKSSRV
ImagePath: system32\drivers\MSKSSRV.sys
C:\WINDOWS\system32\drivers\MSKSSRV.sys
7552 bytes
Created: 30/11/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: MSPCLOCK
ImagePath: system32\drivers\MSPCLOCK.sys
C:\WINDOWS\system32\drivers\MSPCLOCK.sys
5376 bytes
Created: 30/11/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: MSPQM
ImagePath: system32\drivers\MSPQM.sys
C:\WINDOWS\system32\drivers\MSPQM.sys
4992 bytes
Created: 30/11/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: mssmbios
ImagePath: system32\DRIVERS\mssmbios.sys
C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15488 bytes
Created: 04/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: MSSQL$MICROSOFTSMLBIZ
ImagePath: "C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe" -sMICROSOFTSMLBIZ
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
9150464 bytes
Created: 04/05/2005
Modified: 04/05/2005
Company: Microsoft Corporation
----------
Key: MSSQLServerADHelper
ImagePath: "C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe"
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe
73728 bytes
Created: 03/05/2005
Modified: 03/05/2005
Company: Microsoft Corporation
----------
Key: msupdate
ImagePath: c:\windows\system32\msvcrtd.exe
c:\windows\system32\msvcrtd.exe
35840 bytes
Created: 12/02/2008
Modified: 12/02/2008
Company:
c:\windows\system32\msvcrtd.exe appears to be in-use/locked
c:\windows\system32\msvcrtd.exe - this registry value has been removed
ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
c:\windows\system32\msvcrtd.exe - process is either not running or could not be terminated
c:\windows\system32\msvcrtd.exe - file ownership assigned to: PC-VTE-2\VAUDAUX SA
c:\windows\system32\msvcrtd.exe - process is either not running or could not be terminated
ERROR: Unhandled Exception calling TFileStream.Create/Free in procedure MainForm.ExtractFileFromResource
[File Utility could not be created]
[Error initialising File Utility]
c:\windows\system32\msvcrtd.exe - marked for renaming when the PC is restarted
----------
Key: NdisTapi
ImagePath: system32\DRIVERS\ndistapi.sys
C:\WINDOWS\system32\DRIVERS\ndistapi.sys
9600 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Ndisuio
ImagePath: system32\DRIVERS\ndisuio.sys
C:\WINDOWS\system32\DRIVERS\ndisuio.sys
12928 bytes
Created: 04/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NdisWan
ImagePath: system32\DRIVERS\ndiswan.sys
C:\WINDOWS\system32\DRIVERS\ndiswan.sys
91776 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NetBIOS
ImagePath: system32\DRIVERS\netbios.sys
C:\WINDOWS\system32\DRIVERS\netbios.sys
34560 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NetBT
ImagePath: system32\DRIVERS\netbt.sys
C:\WINDOWS\system32\DRIVERS\netbt.sys
162816 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NetDDE
ImagePath: %SystemRoot%\system32\netdde.exe
C:\WINDOWS\system32\netdde.exe
114176 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NetDDEdsdm
ImagePath: %SystemRoot%\system32\netdde.exe
C:\WINDOWS\system32\netdde.exe
114176 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Netlogon
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NtLmSsp
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: nv
ImagePath: system32\DRIVERS\nv4_mini.sys
C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
1897408 bytes
Created: 29/11/2006
Modified: 03/08/2004
Company: NVIDIA Corporation
----------
Key: NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys
C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12416 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys
C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
32512 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003
Modified: 28/07/2003
Company: Microsoft Corporation
----------
Key: Parport
ImagePath: system32\DRIVERS\parport.sys
C:\WINDOWS\system32\DRIVERS\parport.sys
80384 bytes
Created: 04/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: PCI
ImagePath: system32\DRIVERS\pci.sys
C:\WINDOWS\system32\DRIVERS\pci.sys
68608 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: PlugPlay
ImagePath: %SystemRoot%\system32\services.exe
C:\WINDOWS\system32\services.exe
108544 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: PolicyAgent
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: PptpMiniport
ImagePath: system32\DRIVERS\raspptp.sys
C:\WINDOWS\system32\DRIVERS\raspptp.sys
48384 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Processor
ImagePath: system32\DRIVERS\processr.sys
C:\WINDOWS\system32\DRIVERS\processr.sys
39552 bytes
Created: 04/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Profos
ImagePath: \??\C:\PROGRA~1\Softwin\BITDEF~1\profos.sys
C:\PROGRA~1\Softwin\BITDEF~1\profos.sys
13568 bytes
Created: 19/08/2006
Modified: 19/08/2006
Company:
----------
Key: ProtectedStorage
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: PSched
ImagePath: system32\DRIVERS\psched.sys
C:\WINDOWS\system32\DRIVERS\psched.sys
69120 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Ptilink
ImagePath: system32\DRIVERS\ptilink.sys
C:\WINDOWS\system32\DRIVERS\ptilink.sys
17792 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Parallel Technologies, Inc.
----------
Key: RasAcd
ImagePath: system32\DRIVERS\rasacd.sys
C:\WINDOWS\system32\DRIVERS\rasacd.sys
8832 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Rasl2tp
ImagePath: system32\DRIVERS\rasl2tp.sys
C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
51328 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: RasPppoe
ImagePath: system32\DRIVERS\raspppoe.sys
C:\WINDOWS\system32\DRIVERS\raspppoe.sys
41472 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Raspti
ImagePath: system32\DRIVERS\raspti.sys
C:\WINDOWS\system32\DRIVERS\raspti.sys
16512 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Rdbss
ImagePath: system32\DRIVERS\rdbss.sys
C:\WINDOWS\system32\DRIVERS\rdbss.sys
174592 bytes
Created: 05/08/2004
Modified: 05/05/2006
Company: Microsoft Corporation
----------
Key: RDPCDD
ImagePath: System32\DRIVERS\RDPCDD.sys
C:\WINDOWS\System32\DRIVERS\RDPCDD.sys
4224 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: rdpdr
ImagePath: system32\DRIVERS\rdpdr.sys
C:\WINDOWS\system32\DRIVERS\rdpdr.sys
196864 bytes
Created: 29/11/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: RDSessMgr
ImagePath: C:\WINDOWS\system32\sessmgr.exe
C:\WINDOWS\system32\sessmgr.exe
142336 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: redbook
ImagePath: system32\DRIVERS\redbook.sys
C:\WINDOWS\system32\DRIVERS\redbook.sys
58496 bytes
Created: 29/11/2006
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: RpcLocator
ImagePath: %SystemRoot%\system32\locator.exe
C:\WINDOWS\system32\locator.exe
75264 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: RSVP
ImagePath: %SystemRoot%\system32\rsvp.exe
C:\WINDOWS\system32\rsvp.exe
132608 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: SamSs
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: SCardSvr
ImagePath: %SystemRoot%\System32\SCardSvr.exe
C:\WINDOWS\System32\SCardSvr.exe
100352 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Secdrv
ImagePath: system32\DRIVERS\secdrv.sys
C:\WINDOWS\system32\DRIVERS\secdrv.sys
20480 bytes
Created: 05/08/2004
Modified: 13/11/2007
Company: Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
----------
Key: serenum
ImagePath: system32\DRIVERS\serenum.sys
C:\WINDOWS\system32\DRIVERS\serenum.sys
15488 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Serial
ImagePath: system32\DRIVERS\serial.sys
C:\WINDOWS\system32\DRIVERS\serial.sys
66560 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
578368 bytes
Created: 30/11/2006
Modified: 15/07/2003
Company: Analog Devices, Inc.
----------
Key: SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created: 30/11/2006
Modified: 20/09/2002
Company: Analog Devices, Inc.
----------
Key: splitter
ImagePath: system32\drivers\splitter.sys
C:\WINDOWS\system32\drivers\splitter.sys
6400 bytes
Created: 30/11/2006
Modified: 14/06/2006
Company: Microsoft Corporation
----------
Key: Spooler
ImagePath: %SystemRoot%\system32\spoolsv.exe
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 05/08/2004
Modified: 11/06/2005
Company: Microsoft Corporation
----------
Key: SQLAgent$MICROSOFTSMLBIZ
ImagePath: "C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE" -i MICROSOFTSMLBIZ
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlagent.EXE
323584 bytes
Created: 03/05/2005
Modified: 03/05/2005
Company: Microsoft Corporation
----------
Key: sr
ImagePath: system32\DRIVERS\sr.sys
C:\WINDOWS\system32\DRIVERS\sr.sys
73600 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Srv
ImagePath: system32\DRIVERS\srv.sys
C:\WINDOWS\system32\DRIVERS\srv.sys
332928 bytes
Created: 05/08/2004
Modified: 14/08/2006
Company: Microsoft Corporation
----------
Key: swenum
ImagePath: system32\DRIVERS\swenum.sys
C:\WINDOWS\system32\DRIVERS\swenum.sys
4352 bytes
Created: 03/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: swmidi
ImagePath: system32\drivers\swmidi.sys
C:\WINDOWS\system32\drivers\swmidi.sys
54272 bytes
Created: 30/11/2006
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{84950551-B26F-4BD6-A8AB-57AF48EC1149}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: sysaudio
ImagePath: system32\drivers\sysaudio.sys
C:\WINDOWS\system32\drivers\sysaudio.sys
60800 bytes
Created: 30/11/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: SysLibrary
ImagePath: \??\C:\WINDOWS\system32\DefLib.sys
C:\WINDOWS\system32\DefLib.sys - this registry value has been removed [file not found to scan]
ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
----------
Key: SysmonLog
ImagePath: %SystemRoot%\system32\smlogsvc.exe
C:\WINDOWS\system32\smlogsvc.exe
93184 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Tcpip
ImagePath: system32\DRIVERS\tcpip.sys
C:\WINDOWS\system32\DRIVERS\tcpip.sys
360064 bytes
Created: 05/08/2004
Modified: 30/10/2007
Company: Microsoft Corporation
----------
Key: TermDD
ImagePath: system32\DRIVERS\termdd.sys
C:\WINDOWS\system32\DRIVERS\termdd.sys
40840 bytes
Created: 29/11/2006
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: TlntSvr
ImagePath: C:\WINDOWS\system32\tlntsvr.exe
C:\WINDOWS\system32\tlntsvr.exe
75264 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: Trufos
ImagePath: \??\C:\PROGRA~1\Softwin\BITDEF~1\trufos.sys
C:\PROGRA~1\Softwin\BITDEF~1\trufos.sys
22656 bytes
Created: 16/08/2006
Modified: 16/08/2006
Company:
----------
Key: Update
ImagePath: system32\DRIVERS\update.sys
C:\WINDOWS\system32\DRIVERS\update.sys
209408 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: UPS
ImagePath: %SystemRoot%\System32\ups.exe
C:\WINDOWS\System32\ups.exe
18432 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: usbehci
ImagePath: system32\DRIVERS\usbehci.sys
C:\WINDOWS\system32\DRIVERS\usbehci.sys
26624 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: usbhub
ImagePath: system32\DRIVERS\usbhub.sys
C:\WINDOWS\system32\DRIVERS\usbhub.sys
57600 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: usbscan
ImagePath: system32\DRIVERS\usbscan.sys
C:\WINDOWS\system32\DRIVERS\usbscan.sys
15104 bytes
Created: 01/12/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: USBSTOR
ImagePath: system32\DRIVERS\USBSTOR.SYS
C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
26496 bytes
Created: 30/11/2006
Modified: 03/08/2004
Company: Microsoft Corporation
----------
Key: usbuhci
ImagePath: system32\DRIVERS\usbuhci.sys
C:\WINDOWS\system32\DRIVERS\usbuhci.sys
20480 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 19/01/2007
Modified: 19/01/2007
Company: Microsoft Corporation
----------
Key: VgaSave
ImagePath: \SystemRoot\System32\drivers\vga.sys
C:\WINDOWS\System32\drivers\vga.sys
20992 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: ViaIde
ImagePath: system32\DRIVERS\viaide.sys
C:\WINDOWS\system32\DRIVERS\viaide.sys
5376 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: viasraid
ImagePath: system32\DRIVERS\viasraid.sys
C:\WINDOWS\system32\DRIVERS\viasraid.sys
-R- 77312 bytes
Created: 30/11/2006
Modified: 31/10/2003
Company: VIA Technologies inc,.ltd
----------
Key: VSS
ImagePath: %SystemRoot%\System32\vssvc.exe
C:\WINDOWS\System32\vssvc.exe
295424 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: VSSERV
ImagePath: "C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service
C:\Program Files\Softwin\BitDefender10\vsserv.exe
462848 bytes
Created: 24/10/2007
Modified: 24/10/2007
Company: SOFTWIN S.R.L.
----------
Key: Wanarp
ImagePath: system32\DRIVERS\wanarp.sys
C:\WINDOWS\system32\DRIVERS\wanarp.sys
34560 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: wdmaud
ImagePath: system32\drivers\wdmaud.sys
C:\WINDOWS\system32\drivers\wdmaud.sys
82944 bytes
Created: 30/11/2006
Modified: 14/06/2006
Company: Microsoft Corporation
----------
Key: wer32
ImagePath: \??\C:\WINDOWS\system32\jkghje.dll
C:\WINDOWS\system32\jkghje.dll
54762 bytes
Created: 12/02/2008
Modified: 12/02/2008
Company:
C:\WINDOWS\system32\jkghje.dll appears to be in-use/locked
C:\WINDOWS\system32\jkghje.dll - this registry value has been removed
ERROR: Unhandled Exception calling in procedure ScanForm.WriteToRegValRemoveFile
C:\WINDOWS\system32\jkghje.dll - unable to take ownership/change permissions (file may not exist)
ERROR: Unhandled Exception calling TFileStream.Create/Free in procedure MainForm.ExtractFileFromResource
[File Utility could not be created]
[Error initialising File Utility]
C:\WINDOWS\system32\jkghje.dll - marked for renaming when the PC is restarted
----------
Key: WinDefend
ImagePath: "C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Program Files\Windows Defender\MsMpEng.exe
13592 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
Key: WmiApSrv
ImagePath: C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
126464 bytes
Created: 29/11/2006
Modified: 05/08/2004
Company: Microsoft Corporation
----------
Key: WMPNetworkSvc
ImagePath: "C:\Program Files\Windows Media Player\WMPNetwk.exe"
C:\Program Files\Windows Media Player\WMPNetwk.exe
918016 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
Key: WudfPf
ImagePath: system32\DRIVERS\WudfPf.sys
C:\WINDOWS\s
rapport avec vundofix :
VundoFix V6.7.8
Checking Java version...
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 17:17:31 21/02/2008
Listing files found while scanning....
C:\windows\system32\gharuwsd.dllbox
C:\WINDOWS\system32\isxrjsws.dll
C:\windows\system32\isxrjsws.dllbox
Beginning removal...
Attempting to delete C:\windows\system32\gharuwsd.dllbox
C:\windows\system32\gharuwsd.dllbox Has been deleted!
Attempting to delete C:\WINDOWS\system32\isxrjsws.dll
C:\WINDOWS\system32\isxrjsws.dll Has been deleted!
Attempting to delete C:\windows\system32\isxrjsws.dllbox
C:\windows\system32\isxrjsws.dllbox Has been deleted!
Performing Repairs to the registry.
Done!
j'installe l'autre prog et lance l'applic
Merci
VundoFix V6.7.8
Checking Java version...
Java version is 1.5.0.10
Java version is 1.5.0.11
Scan started at 17:17:31 21/02/2008
Listing files found while scanning....
C:\windows\system32\gharuwsd.dllbox
C:\WINDOWS\system32\isxrjsws.dll
C:\windows\system32\isxrjsws.dllbox
Beginning removal...
Attempting to delete C:\windows\system32\gharuwsd.dllbox
C:\windows\system32\gharuwsd.dllbox Has been deleted!
Attempting to delete C:\WINDOWS\system32\isxrjsws.dll
C:\WINDOWS\system32\isxrjsws.dll Has been deleted!
Attempting to delete C:\windows\system32\isxrjsws.dllbox
C:\windows\system32\isxrjsws.dllbox Has been deleted!
Performing Repairs to the registry.
Done!
j'installe l'autre prog et lance l'applic
Merci
voici le rapport avec Combofix :
ComboFix 08-02-21 - VAUDAUX SA 2008-02-21 18:11:55.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.629 [GMT 1:00]
Endroit: C:\Documents and Settings\VAUDAUX SA\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Documents and Settings\VAUDAUX SA\Application Data\storageprotector
C:\Documents and Settings\VAUDAUX SA\Application Data\storageprotector\Logs\update.log
C:\Program Files\Helper
C:\Program Files\Helper\1202832920.dll
C:\WINDOWS\system32\bpromfef.ini
C:\WINDOWS\system32\msvcrtd.exe
C:\WINDOWS\system32\sprt_ads.dll
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\wycdd.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_MSUPDATE
-------\LEGACY_NTMLSVC
-------\LEGACY_SYSLIBRARY
-------\msupdate
-------\NtmlSvc
-------\SysLibrary
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))))))))
.
2008-02-21 17:52 . 2008-02-21 17:52 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-21 17:17 . 2008-02-21 18:06 <REP> d-------- C:\VundoFix Backups
2008-02-21 17:16 . 2008-02-21 17:16 <REP> d-------- C:\Program Files\Sunbelt Software
2008-02-21 13:53 . 2008-02-21 17:08 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-21 13:42 . 2008-02-21 14:04 <REP> d-------- C:\Program Files\Trojan Remover
2008-02-21 13:42 . 2008-02-21 13:42 <REP> d-------- C:\Program Files\Trend Micro
2008-02-21 13:42 . 2008-02-21 13:42 <REP> d-------- C:\Documents and Settings\VAUDAUX SA\Application Data\Simply Super Software
2008-02-21 13:42 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-02-21 13:42 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-02-15 09:43 . 2008-02-15 09:43 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-14 17:38 . 2008-02-14 17:38 <REP> d--h----- C:\WINDOWS\PIF
2008-02-14 12:31 . 2008-02-21 17:07 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-02-14 12:26 . 2008-02-21 17:08 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-02-13 13:35 . 2008-02-13 13:35 0 --a------ C:\WINDOWS\Irremote.ini
2008-02-13 13:17 . 2008-02-21 14:03 19,128 --ahs---- C:\WINDOWS\system32\isxrjsws.dllbox.vir
2008-02-13 13:13 . 2008-02-13 13:13 <REP> d-------- C:\Program Files\MaXimus DVD v1.2
2008-02-12 20:23 . 2008-02-12 20:23 <REP> d-------- C:\spoolerlogs
2008-02-12 17:13 . 2008-02-13 13:16 41,641 --a------ C:\WINDOWS\system32\diperto.ini
2008-02-12 17:12 . 2008-02-12 17:12 2 --a------ C:\-1737511738
2008-02-12 17:11 . 2008-02-12 17:11 54,762 --a------ C:\WINDOWS\system32\jkghje.dll
2008-02-08 15:52 . 2008-02-08 15:52 335,872 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll
2008-02-05 13:20 . 2008-02-05 13:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-05 13:20 . 2008-02-05 13:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-04 13:35 . 2008-02-04 13:36 1,905 --a------ C:\WINDOWS\diagwrn.xml
2008-02-04 13:35 . 2008-02-04 13:36 1,905 --a------ C:\WINDOWS\diagerr.xml
2008-02-01 14:05 . 2008-02-01 14:05 46,300 --a------ C:\WINDOWS\system32\DcadsSocial-uninstall.exe
2008-02-01 14:03 . 2008-02-12 15:46 84,729 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-02-01 14:03 . 2008-02-01 14:03 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2008-02-01 14:03 . 2008-02-20 17:12 40,730 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2008-02-01 10:08 . 2008-02-08 10:57 <REP> d-------- C:\Documents and Settings\VAUDAUX SA\Application Data\dvdcss
2008-01-31 14:01 . 2008-01-31 14:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-01-22 17:28 . 2008-02-07 11:03 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-22 15:29 . 2008-01-22 15:29 <REP> d-------- C:\Documents and Settings\VAUDAUX SA\Application Data\Nero
2008-01-22 15:25 . 2008-01-22 15:25 <REP> d-------- C:\Program Files\Nero
2008-01-22 15:25 . 2008-01-22 15:27 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-01-22 15:25 . 2008-01-22 15:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-22 14:19 . 2008-01-22 14:19 <REP> d-------- C:\Program Files\DVD Shrink
2008-01-22 14:19 . 2008-02-12 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-12 16:11 --------- d-----w C:\Program Files\BitTornado
2008-02-04 23:05 --------- d-----w C:\Documents and Settings\VAUDAUX SA\Application Data\LimeWire
2008-01-31 13:00 --------- d-----w C:\Program Files\SlySoft
2008-01-18 10:06 294,912 ----a-w C:\WINDOWS\system32\iebrowserc.dll
2008-01-09 10:11 --------- d-----w C:\Program Files\INFACO
2007-12-21 16:06 --------- d-----w C:\Documents and Settings\VAUDAUX SA\Application Data\vlc
2007-12-21 16:01 --------- d-----w C:\Program Files\VideoLAN
2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2008-02-08 15:52 335872 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}]
2008-01-18 11:06 294912 --a------ C:\WINDOWS\system32\iebrowserc.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 09:27 579072]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-18 16:27 185896]
"ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"986fac69"="C:\WINDOWS\system32\fefmorpb.dll" [ ]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-02-21 13:52 863824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 08:28 219136]
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 04:22]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 09:56]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 09:56]
R3 Esdpdx01;Esdpdx01;C:\WINDOWS\system32\Drivers\ESDPDX01.SYS [2002-11-28 23:00]
R3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\yukonx86.sys [2003-10-16 23:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##serv-vetraz#Partage]
\Shell\AutoRun\command - setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-21 13:21:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-21 17:20:30 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 18:23:38
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\WinRAR\rarext.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-21 18:26:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-21 17:26:00
.
2008-02-14 09:07:17 --- E O F ---
ComboFix 08-02-21 - VAUDAUX SA 2008-02-21 18:11:55.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.629 [GMT 1:00]
Endroit: C:\Documents and Settings\VAUDAUX SA\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Documents and Settings\All Users\Application Data\storageprotector
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\ac
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\em
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\oid
C:\Documents and Settings\All Users\Application Data\storageprotector\Data\user
C:\Documents and Settings\VAUDAUX SA\Application Data\storageprotector
C:\Documents and Settings\VAUDAUX SA\Application Data\storageprotector\Logs\update.log
C:\Program Files\Helper
C:\Program Files\Helper\1202832920.dll
C:\WINDOWS\system32\bpromfef.ini
C:\WINDOWS\system32\msvcrtd.exe
C:\WINDOWS\system32\sprt_ads.dll
C:\WINDOWS\system32\svcp.csv
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\winsub.xml
C:\WINDOWS\system32\wycdd.ini
C:\WINDOWS\system32\wycdd.ini2
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_MSUPDATE
-------\LEGACY_NTMLSVC
-------\LEGACY_SYSLIBRARY
-------\msupdate
-------\NtmlSvc
-------\SysLibrary
((((((((((((((((((((((((((((( Fichiers cr‚‚s 2008-01-21 to 2008-02-21 ))))))))))))))))))))))))))))))))))))
.
2008-02-21 17:52 . 2008-02-21 17:52 24,576 --a------ C:\WINDOWS\system32\VundoFixSVC.exe
2008-02-21 17:17 . 2008-02-21 18:06 <REP> d-------- C:\VundoFix Backups
2008-02-21 17:16 . 2008-02-21 17:16 <REP> d-------- C:\Program Files\Sunbelt Software
2008-02-21 13:53 . 2008-02-21 17:08 <REP> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-02-21 13:42 . 2008-02-21 14:04 <REP> d-------- C:\Program Files\Trojan Remover
2008-02-21 13:42 . 2008-02-21 13:42 <REP> d-------- C:\Program Files\Trend Micro
2008-02-21 13:42 . 2008-02-21 13:42 <REP> d-------- C:\Documents and Settings\VAUDAUX SA\Application Data\Simply Super Software
2008-02-21 13:42 . 2003-02-02 19:06 153,088 --a------ C:\WINDOWS\system32\UNRAR3.dll
2008-02-21 13:42 . 2002-03-06 00:00 75,264 --a------ C:\WINDOWS\system32\unacev2.dll
2008-02-15 09:43 . 2008-02-15 09:43 <REP> dr------- C:\Documents and Settings\All Users\Application Data\SalesMon
2008-02-14 17:38 . 2008-02-14 17:38 <REP> d--h----- C:\WINDOWS\PIF
2008-02-14 12:31 . 2008-02-21 17:07 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-02-14 12:26 . 2008-02-21 17:08 <REP> d-------- C:\Program Files\Fichiers communs\Softwin
2008-02-13 13:35 . 2008-02-13 13:35 0 --a------ C:\WINDOWS\Irremote.ini
2008-02-13 13:17 . 2008-02-21 14:03 19,128 --ahs---- C:\WINDOWS\system32\isxrjsws.dllbox.vir
2008-02-13 13:13 . 2008-02-13 13:13 <REP> d-------- C:\Program Files\MaXimus DVD v1.2
2008-02-12 20:23 . 2008-02-12 20:23 <REP> d-------- C:\spoolerlogs
2008-02-12 17:13 . 2008-02-13 13:16 41,641 --a------ C:\WINDOWS\system32\diperto.ini
2008-02-12 17:12 . 2008-02-12 17:12 2 --a------ C:\-1737511738
2008-02-12 17:11 . 2008-02-12 17:11 54,762 --a------ C:\WINDOWS\system32\jkghje.dll
2008-02-08 15:52 . 2008-02-08 15:52 335,872 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll
2008-02-05 13:20 . 2008-02-05 13:20 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-05 13:20 . 2008-02-05 13:20 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-04 13:35 . 2008-02-04 13:36 1,905 --a------ C:\WINDOWS\diagwrn.xml
2008-02-04 13:35 . 2008-02-04 13:36 1,905 --a------ C:\WINDOWS\diagerr.xml
2008-02-01 14:05 . 2008-02-01 14:05 46,300 --a------ C:\WINDOWS\system32\DcadsSocial-uninstall.exe
2008-02-01 14:03 . 2008-02-12 15:46 84,729 --a------ C:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe
2008-02-01 14:03 . 2008-02-01 14:03 80,097 --a------ C:\WINDOWS\system32\dcads-remove.exe
2008-02-01 14:03 . 2008-02-20 17:12 40,730 --a------ C:\WINDOWS\system32\superiorads-uninst.exe
2008-02-01 10:08 . 2008-02-08 10:57 <REP> d-------- C:\Documents and Settings\VAUDAUX SA\Application Data\dvdcss
2008-01-31 14:01 . 2008-01-31 14:01 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SlySoft
2008-01-22 17:28 . 2008-02-07 11:03 69 --a------ C:\WINDOWS\NeroDigital.ini
2008-01-22 15:29 . 2008-01-22 15:29 <REP> d-------- C:\Documents and Settings\VAUDAUX SA\Application Data\Nero
2008-01-22 15:25 . 2008-01-22 15:25 <REP> d-------- C:\Program Files\Nero
2008-01-22 15:25 . 2008-01-22 15:27 <REP> d-------- C:\Program Files\Fichiers communs\Nero
2008-01-22 15:25 . 2008-01-22 15:25 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-22 14:19 . 2008-01-22 14:19 <REP> d-------- C:\Program Files\DVD Shrink
2008-01-22 14:19 . 2008-02-12 16:38 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DVD Shrink
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-21 16:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2008-02-12 16:11 --------- d-----w C:\Program Files\BitTornado
2008-02-04 23:05 --------- d-----w C:\Documents and Settings\VAUDAUX SA\Application Data\LimeWire
2008-01-31 13:00 --------- d-----w C:\Program Files\SlySoft
2008-01-18 10:06 294,912 ----a-w C:\WINDOWS\system32\iebrowserc.dll
2008-01-09 10:11 --------- d-----w C:\Program Files\INFACO
2007-12-21 16:06 --------- d-----w C:\Documents and Settings\VAUDAUX SA\Application Data\vlc
2007-12-21 16:01 --------- d-----w C:\Program Files\VideoLAN
2007-12-13 18:09 972,072 ----a-w C:\WINDOWS\UNNeroMediaHome.exe
2007-12-07 02:08 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:41 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-12-04 08:59 972,072 ----a-w C:\WINDOWS\UNRecode.exe
2007-12-03 17:04 95,600 ----a-w C:\WINDOWS\system32\NeroCo.dll
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les ‚l‚ments vides & les ‚l‚ments initiaux l‚gitimes ne sont pas list‚s
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1648E328-3E5A-4EA5-A9C6-E5F09EE272DA}]
2008-02-08 15:52 335872 --a------ C:\WINDOWS\system32\mysidesearch_sidebar.dll
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1D8282E6-BC4F-469B-AAED-7E4FF077AD93}]
2008-01-18 11:06 294912 --a------ C:\WINDOWS\system32\iebrowserc.dll
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 13:00 15360]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Fichiers communs\Nero\Lib\NMIndexStoreSvr.exe" [2007-12-13 19:10 1688872]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe" [2007-12-21 09:27 579072]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2006-01-12 20:52 483328]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20 866584]
"TkBellExe"="C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-18 16:27 185896]
"ISUSPM"="C:\Program Files\Fichiers communs\InstallShield\UpdateService\ISUSPM.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 14:57 282624]
"NeroFilterCheck"="C:\Program Files\Fichiers communs\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"986fac69"="C:\WINDOWS\system32\fefmorpb.dll" [ ]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-02-21 13:52 863824]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 13:00 15360]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe" [2007-10-25 08:28 219136]
R0 viasraid;viasraid;C:\WINDOWS\system32\DRIVERS\viasraid.sys [2003-10-31 04:22]
R1 fwdrv;Firewall Driver;C:\WINDOWS\system32\drivers\fwdrv.sys [2007-03-16 09:56]
R1 khips;Kerio HIPS Driver;C:\WINDOWS\system32\drivers\khips.sys [2007-03-16 09:56]
R3 Esdpdx01;Esdpdx01;C:\WINDOWS\system32\Drivers\ESDPDX01.SYS [2002-11-28 23:00]
R3 yukonx86;NDIS5.1 Miniport Driver for Marvell Yukon Gigabit Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\yukonx86.sys [2003-10-16 23:27]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##serv-vetraz#Partage]
\Shell\AutoRun\command - setup.exe
.
Contenu du dossier 'Scheduled Tasks/Tƒches planifi‚es'
"2008-02-21 13:21:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-21 17:20:30 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************
catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-21 18:23:38
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cach‚s ...
Balayage cach‚ autostart entries ...
Balayage des fichiers cach‚s ...
Scan termin‚ avec succŠs
Les fichiers cach‚s: 0
**************************************************************************
.
--------------------- DLLs a charg‚ sous des processus courants ---------------------
PROCESS: C:\WINDOWS\explorer.exe [6.00.2900.3156]
-> C:\Program Files\WinRAR\rarext.dll
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
.
**************************************************************************
.
Temps d'accomplissement: 2008-02-21 18:26:08 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-21 17:26:00
.
2008-02-14 09:07:17 --- E O F ---
rapport avec Smitfraudfix.
SmitFraudFix v2.292
Rapport fait à 8:46:55,12, 22/02/2008
Executé à partir de C:\Documents and Settings\VAUDAUX SA\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\VAUDAUX SA
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\VAUDAUX SA\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\VAUDAU~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 193.252.19.3
DNS Server Search Order: 193.252.19.4
HKLM\SYSTEM\CCS\Services\Tcpip\..\{28DBFA54-1A7D-4E4D-B64C-573B0A3EC3C3}: NameServer=193.252.19.3,193.252.19.4
HKLM\SYSTEM\CS1\Services\Tcpip\..\{28DBFA54-1A7D-4E4D-B64C-573B0A3EC3C3}: NameServer=193.252.19.3,193.252.19.4
HKLM\SYSTEM\CS2\Services\Tcpip\..\{28DBFA54-1A7D-4E4D-B64C-573B0A3EC3C3}: NameServer=193.252.19.3,193.252.19.4
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Merci
SmitFraudFix v2.292
Rapport fait à 8:46:55,12, 22/02/2008
Executé à partir de C:\Documents and Settings\VAUDAUX SA\Bureau\SmitfraudFix\SmitfraudFix
OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT
Le type du système de fichiers est NTFS
Fix executé en mode normal
»»»»»»»»»»»»»»»»»»»»»»»» Process
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\cmd.exe
»»»»»»»»»»»»»»»»»»»»»»»» hosts
»»»»»»»»»»»»»»»»»»»»»»»» C:\
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32
»»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\VAUDAUX SA
»»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\VAUDAUX SA\Application Data
»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer
»»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\VAUDAU~1\Favoris
»»»»»»»»»»»»»»»»»»»»»»»» Bureau
»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files
»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues
»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Rustock
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Marvell Yukon Gigabit Ethernet 10/100/1000Base-T Adapter, Copper RJ-45 - Miniport d'ordonnancement de paquets
DNS Server Search Order: 193.252.19.3
DNS Server Search Order: 193.252.19.4
HKLM\SYSTEM\CCS\Services\Tcpip\..\{28DBFA54-1A7D-4E4D-B64C-573B0A3EC3C3}: NameServer=193.252.19.3,193.252.19.4
HKLM\SYSTEM\CS1\Services\Tcpip\..\{28DBFA54-1A7D-4E4D-B64C-573B0A3EC3C3}: NameServer=193.252.19.3,193.252.19.4
HKLM\SYSTEM\CS2\Services\Tcpip\..\{28DBFA54-1A7D-4E4D-B64C-573B0A3EC3C3}: NameServer=193.252.19.3,193.252.19.4
»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll
»»»»»»»»»»»»»»»»»»»»»»»» Fin
Merci
ok, on a avancé ;o)
Poste un nouveau rapport HiJack stp
@+
Poste un nouveau rapport HiJack stp
@+
Oui en effet, j'ai bossé toute la matine sur mon PC sans a avoir a le redemarrer donc c'est super cool....
voici le rapport.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:06, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FTP Utility.lnk = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe
O4 - Global Startup: Indago Updater.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28DBFA54-1A7D-4E4D-B64C-573B0A3EC3C3}: NameServer = 193.252.19.3,193.252.19.4
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
voici le rapport.
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:58:06, on 27/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\3M\PSNLite\PsnLite.exe
C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
C:\PROGRA~1\3M\PSNLite\PSNGive.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroTray.exe
C:\Program Files\Grisoft\AVG Free\avgcc.exe
C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\Program Files\BitTornado\btdownloadgui.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.update.microsoft.com/windowsupdate/v6/default.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: MySidesearch Search Assistant - {1648E328-3E5A-4EA5-A9C6-E5F09EE272DA} - C:\WINDOWS\system32\mysidesearch_sidebar.dll
O2 - BHO: BrowserCmp - {1D8282E6-BC4F-469B-AAED-7E4FF077AD93} - C:\WINDOWS\system32\iebrowserc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVGFRE~1\avgw.exe /RUNONCE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: FTP Utility.lnk = C:\Program Files\KONICA MINOLTA\FTP Utility\KMFtp.exe
O4 - Global Startup: Indago Updater.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Acrobat.lnk = ?
O4 - Global Startup: Post-it® Software Notes Lite.lnk = C:\Program Files\3M\PSNLite\PsnLite.exe
O4 - Global Startup: Service Manager.lnk = C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqlmangr.exe
O8 - Extra context menu item: Convertir en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la cible du lien en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la cible du lien en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir la sélection en Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convertir la sélection en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convertir les liens sélectionnés en fichier Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convertir les liens sélectionnés en un fichier PDF existant - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://charon777.free.fr/plugins/hardwaredetection.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{28DBFA54-1A7D-4E4D-B64C-573B0A3EC3C3}: NameServer = 193.252.19.3,193.252.19.4
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
