Sujet Précédent Sujet Suivant

Trojan : TR/Crypt.XPACK.Gen ... à l'aide !

lanic Messages postés 1 Statut Membre -
varfendell Messages postés 3259 Date d'inscription Statut Membre Dernière intervention - 14 août 2008 à 09:37

Bonjour,

Mon Antivirus (Antivir) me détecte régulièrement le trojan suivant : TR/Crypt.XPACK.Gen
il est localisé la plupart du temps dans les fichiers suivants :
C:\program.exe
C:\Documents and Settings\A-DREAU\systems.exe
C:\Documents and Settings\A-DREAU\Local settings\Temporary Internet Files\Content.IE5\GMO7H3MC\nadz[2].exe

J'ai remarqué que la détection ne s'opère que lorsque que ma connexion réseau s'active, avant cela les fichiers cités ci dessus ne sont pas visibles dans les répertoires en question.

Dès la détection par Antivir, je les efface systématiquement, mais rien n'y fait.
J'ai bien essayé d'effacer le "System Volume Information", sans résultat...

Voici les outils dont je dispose :
- HijackThis
- Malwarebytes' Anti-Malware
- SDFix
- ComboFix
- OTMoveIt2

Je ne maitrise pas trop ces logiciels en particulier ComboFix, je ne voudrais pas faire d'erreur de manip...
et suis près à en installer d'autres au besoin, pour me débarrasser de cette saleté !
J'aurai bien besoin d'un coup de main.

Merci d'avance.
Lanic.

Afficher la suite

A voir également:

Trojan : TR/Crypt.XPACK.Gen ... à l'aide !
Trojan remover - Télécharger - Antivirus & Antimalwares
Anti trojan - Télécharger - Antivirus & Antimalwares
Virus trojan al11 ✓ - Forum Virus
Csrss.exe trojan fr ✓ - Forum Virus
Trojan win32 - Forum Virus

10 réponses

Réponse 1 / 10

^^Marie^^ Messages postés 126523 Date d'inscription Statut Membre Dernière intervention 3 279

Salut

PC mal protégé et pas à jour

A+

lanic

Merci Marie pour la remarque, mais pourrais-tu STP être plus "précise" :
Oui, je sais que le pare feu de Windows est pour le moins une passoire, mais je viens à peine de récupérer ce portable, alors un peu de tolérance. J'ai déjà installé Antivir, c'est un bon début, je crois, non ?!

As-tu des conseils à me donner pour ce qui est des pare-feu ? Et existe-t-il une protection permanente contre les spyware et autres... ?

Peux-tu me dire précisément ce qui n'est pas à jour ?

Merci.

varfendell Messages postés 3259 Date d'inscription Statut Membre Dernière intervention 707 > lanic

Laisse tomber, je sait pas ce qu'elle a ^^marie^^ mais elle est pas très sympa:
Pour ton par feu, tu as le choix.
Voici une liste avec des avis, choisi en un.

Réponse 2 / 10

varfendell Messages postés 3259 Date d'inscription Statut Membre Dernière intervention 707

Bonjour,

commence par poster un rapport hijacktest

ensuite exécute un scan avec malware et post le rapport

puis refait un rapport hijackthis

lanic

Merci pour ta réponse rapide !
J'ai bien suivi le protocole, à savoir passé avant mon PC à la moulinette avec CCleaner + Spybot.

Voici donc le rapport Hijackthis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:18, on 2008-08-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\tgbstarter.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\TheGreenBow\TheGreenBow VPN\VpnConf.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\TheGreenBow\TheGreenBow VPN\tgbike.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avcenter.exe
C:\Program Files\Office\Office12\OUTLOOK.EXE
C:\Program Files\Adobe\Acrobat 7.0\Distillr\AcroDist.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TgbVpn] C:\Program Files\TheGreenBow\TheGreenBow VPN\VpnConf.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = idra.local
O17 - HKLM\Software\..\Telephony: DomainName = idra.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = idra.local
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Update Service (gupdate1c8eb3c71e69a84) (gupdate1c8eb3c71e69a84) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TgbIke Starter (TgbIKE Starter) - Sistech - C:\WINDOWS\system32\tgbstarter.exe
O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

Réponse 3 / 10

varfendell Messages postés 3259 Date d'inscription Statut Membre Dernière intervention 707

Bon, désinstalle google (C:\Program Files\Google\Update\GoogleUpdate.exe)

ensuite passe un coup de balais avec ccleaner

puis démarre en mode sans echec et relance un scan avec malware. Post le rapport

repost un rapport hijackthis.

Réponse 4 / 10

varfendell Messages postés 3259 Date d'inscription Statut Membre Dernière intervention 707

Pour supprimer ce trojans ont va faire autrement:
http://www.commentcamarche.net/telecharger/telecharger 34055042 trojan remover
attention!!!
=>
Cette version de démonstration mise à disposition par l'éditeur n'est valable que durant une période de 30 jours.

fait un scann avec ce logiciel, et dit moi ce qu'il en ai.
Le cas échéant, post le rapport.

lanic

Trojan remover n'a semble-t-il rien trouvé.
Je veux bien enlever "Google update" mais :
1°) il n'apparait pas dans le panneau de config Ajout/suppression de programmes..
2°) il n'apparaît pas dans le menu démarrer dans le dossier Google...
3°) idem Programmes de désinstallation dans CCleaner : il n'y figure pas...
A défaut j'ai désinstaller Google Earth et une extension de Google pour Firefox.
Puis j'ai lancé RegCleaner et l'ai enlevé du menu Software, résultat : il ne semble plus chargé au démarrage (absent du gestionnaire des tâches) mais Trojan remover le détecte toujours...

14:49:10: Scanning ----- SCHEDULED TASKS -----
Taskname: GoogleUpdateTask.job
File: C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
119280 bytes
Created: 2008-07-22
Modified: 2008-07-22
Company: Google Inc.
Parameters: /c
Next Run Time: Never
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: Google Update Task

Que faire ??! Enlever directement l'exécutable du dossier Program Files, cela suffit-il ?

Voici le rapport complet de Trojan remover :
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.7.1.2538. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 14:51:00 13 août 2008
Using Database v7099
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\A-DREAU\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\A-DREAU\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Avira AntiVir

************************************************************

Carrying out scan on C:\
(including subdirectories)
Archive files will be EXCLUDED.
------------------------------
C:\Documents and Settings\All Users\Application Data\Microsoft\Search\Data\Temp\usgthrsvc\Perflib_Perfdata_200.dat appears to be in-use/locked
C:\Program Files\DAEMON Tools Lite\uninst.exe appears to contain: Downloader
C:\Program Files\DAEMON Tools Lite\uninst.exe - file has been excluded from future scans.
C:\WINDOWS\system32\drivers\sptd.sys appears to be in-use/locked
------------------------------
54475 files scanned
1 Malware file detected
Scan completed at: 15:54:18 13 août 2008
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.1.2538. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 14:49:42 13 août 2008
Using Database v7099
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\A-DREAU\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\A-DREAU\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
Avira AntiVir

************************************************************

************************************************************
14:49:42: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
14:49:42: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
14:49:42: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
14:49:42: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 2007-07-27
Modified: 2007-06-13
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinVNC
Value Data: "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
C:\Program Files\UltraVNC\WinVNC.exe
364544 bytes
Created: 2008-02-11
Modified: 2006-07-17
Company: www.ultravnc.fr
--------------------
Value Name: SynTPEnh
Value Data: C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
815104 bytes
Created: 2008-02-11
Modified: 2006-10-23
Company: Synaptics, Inc.
--------------------
Value Name: HotkeyApp
Value Data: "C:\Program Files\Launch Manager\HotkeyApp.exe"
C:\Program Files\Launch Manager\HotkeyApp.exe
192512 bytes
Created: 2008-02-11
Modified: 2007-04-26
Company: Wistron
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
142104 bytes
Created: 2008-02-11
Modified: 2007-04-20
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
162584 bytes
Created: 2008-02-11
Modified: 2007-04-20
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
138008 bytes
Created: 2008-02-11
Modified: 2007-04-20
Company: Intel Corporation
--------------------
Value Name: TgbVpn
Value Data: C:\Program Files\TheGreenBow\TheGreenBow VPN\VpnConf.exe
C:\Program Files\TheGreenBow\TheGreenBow VPN\VpnConf.exe
447488 bytes
Created: 2008-03-11
Modified: 2008-02-15
Company: TheGreenBow
--------------------
Value Name: HPDJ Taskbar Utility
Value Data: C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
196608 bytes
Created: 2008-05-05
Modified: 2001-11-29
Company: HP
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 2008-07-21
Modified: 2008-06-10
Company: Sun Microsystems, Inc.
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
266497 bytes
Created: 2008-06-11
Modified: 2008-07-21
Company: Avira GmbH
--------------------
Value Name: BluetoothAuthenticationAgent
Value Data: rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
C:\WINDOWS\system32\bthprops.cpl
110592 bytes
Created: 2004-08-04
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Value Name: CtrlVol
Value Data: C:\Program Files\Launch Manager\CtrlVol.exe
C:\Program Files\Launch Manager\CtrlVol.exe [file not found to scan]
--------------------
Value Name: LaunchAp
Value Data: C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\LaunchAp.exe [file not found to scan]
--------------------
Value Name: Wbutton
Value Data: C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Launch Manager\WButton.exe [file not found to scan]
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
909904 bytes
Created: 2008-08-13
Modified: 2008-08-13
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: IDMan
Value Data: C:\Program Files\Internet Download Manager\IDMan.exe /onboot
C:\Program Files\Internet Download Manager\IDMan.exe
931760 bytes
Created: 2007-12-20
Modified: 2007-12-29
Company: Tonec Inc.
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created: 2008-07-04
Modified: 2008-07-04
Company: DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
14:49:43: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {56F9679E-7826-4C84-81F3-532071A8BCC5}
File: C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll
294400 bytes
Created: 2007-02-05
Modified: 2007-02-05
Company: Microsoft Corporation
----------

************************************************************
14:49:43: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
14:49:43: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
14:49:43: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
Path: C:\WINDOWS\system32\ieudinit.exe
C:\WINDOWS\system32\ieudinit.exe
13824 bytes
Created: 2007-08-13
Modified: 2008-04-22
Company: Microsoft Corporation
----------
Key: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
Path: C:\WINDOWS\inf\unregmp2.exe /ShowWMP
C:\WINDOWS\inf\unregmp2.exe
208896 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: >{26923b43-4d38-484f-9b9e-de460746276c}
Path: C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
C:\WINDOWS\system32\ie4uinit.exe
70656 bytes
Created: 2007-07-27
Modified: 2008-04-22
Company: Microsoft Corporation
----------
Key: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}
Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
C:\WINDOWS\system32\IEDKCS32.DLL
384512 bytes
Created: 2007-07-27
Modified: 2008-04-23
Company: Microsoft Corporation
----------
Key: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS
Path: RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
C:\WINDOWS\system32\IEDKCS32.DLL - file already scanned
----------
Key: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
Path: %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
C:\WINDOWS\system32\shmgrate.exe
42496 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: {2C7339CF-2B09-4501-B3F3-F3508C9228ED}
Path: %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
C:\WINDOWS\system32\themeui.dll
391168 bytes
Created: 2007-07-27
Modified: 2005-11-23
Company: Microsoft Corporation
----------
Key: {44BBA840-CC51-11CF-AAFA-00AA00B6015C}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
C:\Program Files\Outlook Express\setup50.exe
73728 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: {44BBA842-CC51-11CF-AAFA-00AA00B6015B}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
C:\WINDOWS\system32\advpack.dll
124928 bytes
Created: 2007-07-27
Modified: 2008-04-23
Company: Microsoft Corporation
----------
Key: {5945c046-1e7d-11d1-bc44-00c04fd912be}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
C:\WINDOWS\system32\advpack.dll - file already scanned
----------
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp.inf,PerUserStub
C:\WINDOWS\system32\advpack.dll - file already scanned
----------
Key: {7790769C-0471-11d2-AF11-00C04FA35D02}
Path: "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
C:\Program Files\Outlook Express\setup50.exe
73728 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: {89820200-ECBD-11cf-8B85-00AA005B4340}
Path: regsvr32.exe /s /n /i:U shell32.dll
C:\WINDOWS\system32\shell32.dll
8516608 bytes
Created: 2007-07-27
Modified: 2007-10-25
Company: Microsoft Corporation
----------
Key: {89820200-ECBD-11cf-8B85-00AA005B4383}
Path: C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
C:\WINDOWS\system32\ie4uinit.exe
70656 bytes
Created: 2007-07-27
Modified: 2008-04-22
Company: Microsoft Corporation
----------
Key: {89B4C1CD-B018-4511-B0A1-5476DBF70820}
Path: C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
C:\WINDOWS\system32\mscories.dll
74240 bytes
Created: 2005-09-23
Modified: 2005-09-23
Company: Microsoft Corporation
----------

************************************************************
14:49:44: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: Alerter
Path: %SystemRoot%\system32\alrsvc.dll
C:\WINDOWS\system32\alrsvc.dll
17408 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: AppMgmt
Path: %SystemRoot%\System32\appmgmts.dll
C:\WINDOWS\System32\appmgmts.dll
176640 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: AudioSrv
Path: %SystemRoot%\System32\audiosrv.dll
C:\WINDOWS\System32\audiosrv.dll
42496 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: Browser
Path: %SystemRoot%\System32\browser.dll
C:\WINDOWS\System32\browser.dll
77312 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: BthServ
Path: %SystemRoot%\System32\bthserv.dll
C:\WINDOWS\System32\bthserv.dll
30208 bytes
Created: 2004-08-04
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: CryptSvc
Path: %SystemRoot%\System32\cryptsvc.dll
C:\WINDOWS\System32\cryptsvc.dll
60416 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: DcomLaunch
Path: %SystemRoot%\system32\rpcss.dll
C:\WINDOWS\system32\rpcss.dll
397824 bytes
Created: 2007-07-27
Modified: 2005-07-26
Company: Microsoft Corporation
--------------------
Key: Dhcp
Path: %SystemRoot%\System32\dhcpcsvc.dll
C:\WINDOWS\System32\dhcpcsvc.dll
112128 bytes
Created: 2007-07-27
Modified: 2006-05-19
Company: Microsoft Corporation
--------------------
Key: dmserver
Path: %SystemRoot%\System32\dmserver.dll
C:\WINDOWS\System32\dmserver.dll
24576 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corp.
--------------------
Key: Dnscache
Path: %SystemRoot%\System32\dnsrslvr.dll
C:\WINDOWS\System32\dnsrslvr.dll
45568 bytes
Created: 2007-07-27
Modified: 2008-02-20
Company: Microsoft Corporation
--------------------
Key: ERSvc
Path: %SystemRoot%\System32\ersvc.dll
C:\WINDOWS\System32\ersvc.dll
23040 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: EventSystem
Path: C:\WINDOWS\system32\es.dll
C:\WINDOWS\system32\es.dll
243200 bytes
Created: 2007-07-27
Modified: 2005-07-26
Company: Microsoft Corporation
--------------------
Key: FastUserSwitchingCompatibility
Path: %SystemRoot%\System32\shsvcs.dll
C:\WINDOWS\System32\shsvcs.dll
135168 bytes
Created: 2007-07-27
Modified: 2006-12-19
Company: Microsoft Corporation
--------------------
Key: helpsvc
Path: %WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll
C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll
38912 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: HTTPFilter
Path: %SystemRoot%\System32\w3ssl.dll
C:\WINDOWS\System32\w3ssl.dll
15872 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: lanmanserver
Path: %SystemRoot%\System32\srvsvc.dll
C:\WINDOWS\System32\srvsvc.dll
96768 bytes
Created: 2007-07-27
Modified: 2004-12-07
Company: Microsoft Corporation
--------------------
Key: lanmanworkstation
Path: %SystemRoot%\System32\wkssvc.dll
C:\WINDOWS\System32\wkssvc.dll
132096 bytes
Created: 2007-07-27
Modified: 2006-08-17
Company: Microsoft Corporation
--------------------
Key: LmHosts
Path: %SystemRoot%\System32\lmhsvc.dll
C:\WINDOWS\System32\lmhsvc.dll
13824 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: Messenger
Path: %SystemRoot%\System32\msgsvc.dll
C:\WINDOWS\System32\msgsvc.dll
33792 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: Netman
Path: %SystemRoot%\System32\netman.dll
C:\WINDOWS\System32\netman.dll
197632 bytes
Created: 2007-07-27
Modified: 2005-08-22
Company: Microsoft Corporation
--------------------
Key: Nla
Path: %SystemRoot%\System32\mswsock.dll
C:\WINDOWS\System32\mswsock.dll
247808 bytes
Created: 2007-07-27
Modified: 2008-06-20
Company: Microsoft Corporation
--------------------
Key: NtmsSvc
Path: %SystemRoot%\system32\ntmssvc.dll
C:\WINDOWS\system32\ntmssvc.dll
438272 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: RasAuto
Path: %SystemRoot%\System32\rasauto.dll
C:\WINDOWS\System32\rasauto.dll
89088 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: RasMan
Path: %SystemRoot%\System32\rasmans.dll
C:\WINDOWS\System32\rasmans.dll
181248 bytes
Created: 2007-07-27
Modified: 2006-06-22
Company: Microsoft Corporation
--------------------
Key: RemoteAccess
Path: %SystemRoot%\System32\mprdim.dll
C:\WINDOWS\System32\mprdim.dll
49152 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: RemoteRegistry
Path: %SystemRoot%\system32\regsvc.dll
C:\WINDOWS\system32\regsvc.dll
59904 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: RpcSs
Path: %SystemRoot%\System32\rpcss.dll
C:\WINDOWS\System32\rpcss.dll
397824 bytes
Created: 2007-07-27
Modified: 2005-07-26
Company: Microsoft Corporation
--------------------
Key: Schedule
Path: %SystemRoot%\system32\schedsvc.dll
C:\WINDOWS\system32\schedsvc.dll
193024 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: seclogon
Path: %SystemRoot%\System32\seclogon.dll
C:\WINDOWS\System32\seclogon.dll
18944 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: SENS
Path: %SystemRoot%\system32\sens.dll
C:\WINDOWS\system32\sens.dll
38912 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: SharedAccess
Path: %SystemRoot%\System32\ipnathlp.dll
C:\WINDOWS\System32\ipnathlp.dll
332800 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: ShellHWDetection
Path: %SystemRoot%\System32\shsvcs.dll
C:\WINDOWS\System32\shsvcs.dll
135168 bytes
Created: 2007-07-27
Modified: 2006-12-19
Company: Microsoft Corporation
--------------------
Key: srservice
Path: C:\WINDOWS\system32\srsvc.dll
C:\WINDOWS\system32\srsvc.dll
171008 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: SSDPSRV
Path: %SystemRoot%\System32\ssdpsrv.dll
C:\WINDOWS\System32\ssdpsrv.dll
71680 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: stisvc
Path: %SystemRoot%\system32\wiaservc.dll
C:\WINDOWS\system32\wiaservc.dll
334336 bytes
Created: 2007-07-27
Modified: 2006-12-19
Company: Microsoft Corporation
--------------------
Key: TapiSrv
Path: %SystemRoot%\System32\tapisrv.dll
C:\WINDOWS\System32\tapisrv.dll
249344 bytes
Created: 2007-07-27
Modified: 2005-07-08
Company: Microsoft Corporation
--------------------
Key: TermService
Path: %SystemRoot%\System32\termsrv.dll
C:\WINDOWS\System32\termsrv.dll
297984 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: Themes
Path: %SystemRoot%\System32\shsvcs.dll
C:\WINDOWS\System32\shsvcs.dll
135168 bytes
Created: 2007-07-27
Modified: 2006-12-19
Company: Microsoft Corporation
--------------------
Key: TrkWks
Path: %SystemRoot%\system32\trkwks.dll
C:\WINDOWS\system32\trkwks.dll
90624 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: upnphost
Path: %SystemRoot%\System32\upnphost.dll
C:\WINDOWS\System32\upnphost.dll
185344 bytes
Created: 2007-07-27
Modified: 2007-02-05
Company: Microsoft Corporation
--------------------
Key: W32Time
Path: %systemroot%\system32\w32time.dll
C:\WINDOWS\system32\w32time.dll
177664 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: WebClient
Path: %SystemRoot%\System32\webclnt.dll
C:\WINDOWS\System32\webclnt.dll
68096 bytes
Created: 2007-07-27
Modified: 2006-01-04
Company: Microsoft Corporation
--------------------
Key: winmgmt
Path: %SystemRoot%\system32\wbem\WMIsvc.dll
C:\WINDOWS\system32\wbem\WMIsvc.dll
145408 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: WmdmPmSN
Path: C:\WINDOWS\system32\mspmsnsv.dll
C:\WINDOWS\system32\mspmsnsv.dll
52736 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: Wmi
Path: %SystemRoot%\System32\advapi32.dll
C:\WINDOWS\System32\advapi32.dll
685056 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: wscsvc
Path: %SYSTEMROOT%\system32\wscsvc.dll
C:\WINDOWS\system32\wscsvc.dll
81408 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: wuauserv
Path: C:\WINDOWS\system32\wuauserv.dll
C:\WINDOWS\system32\wuauserv.dll
6656 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------
Key: WZCSVC
Path: %SystemRoot%\System32\wzcsvc.dll
C:\WINDOWS\System32\wzcsvc.dll
474624 bytes
Created: 2004-08-04
Modified: 2005-04-20
Company: Microsoft Corporation
--------------------
Key: xmlprov
Path: %SystemRoot%\System32\xmlprov.dll
C:\WINDOWS\System32\xmlprov.dll
129536 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
--------------------

************************************************************
14:49:46: Scanning ----- SERVICES REGISTRY KEYS -----
Key: abp480n5
ImagePath: \SystemRoot\system32\DRIVERS\ABP480N5.SYS
C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
23552 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: ACPI
ImagePath: system32\DRIVERS\ACPI.sys
C:\WINDOWS\system32\DRIVERS\ACPI.sys
188672 bytes
Created: 2004-08-04
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: ACPIEC
ImagePath: system32\DRIVERS\ACPIEC.sys
C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
12032 bytes
Created: 2001-08-23
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: Adobe LM Service
ImagePath: "C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe"
C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
69632 bytes
Created: 2008-02-29
Modified: 2008-02-29
Company: Adobe Systems
----------
Key: adpu160m
ImagePath: \SystemRoot\system32\DRIVERS\adpu160m.sys
C:\WINDOWS\system32\DRIVERS\adpu160m.sys
101888 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: aec
ImagePath: system32\drivers\aec.sys
C:\WINDOWS\system32\drivers\aec.sys
142464 bytes
Created: 2008-02-11
Modified: 2006-02-15
Company: Microsoft Corporation
----------
Key: AFD
ImagePath: \SystemRoot\System32\drivers\afd.sys
C:\WINDOWS\System32\drivers\afd.sys
138368 bytes
Created: 2007-07-27
Modified: 2008-06-20
Company: Microsoft Corporation
----------
Key: agp440
ImagePath: \SystemRoot\system32\DRIVERS\agp440.sys
C:\WINDOWS\system32\DRIVERS\agp440.sys
42368 bytes
Created: 2007-07-27
Modified: 2004-08-03
Company: Microsoft Corporation
----------
Key: agpCPQ
ImagePath: \SystemRoot\system32\DRIVERS\agpCPQ.sys
C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
44928 bytes
Created: 2007-07-27
Modified: 2004-08-03
Company: Microsoft Corporation
----------
Key: Aha154x
ImagePath: \SystemRoot\system32\DRIVERS\aha154x.sys
C:\WINDOWS\system32\DRIVERS\aha154x.sys
12800 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: aic78u2
ImagePath: \SystemRoot\system32\DRIVERS\aic78u2.sys
C:\WINDOWS\system32\DRIVERS\aic78u2.sys
55168 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: aic78xx
ImagePath: \SystemRoot\system32\DRIVERS\aic78xx.sys
C:\WINDOWS\system32\DRIVERS\aic78xx.sys
56960 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: ALG
ImagePath: %SystemRoot%\System32\alg.exe
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: AliIde
ImagePath: \SystemRoot\system32\DRIVERS\aliide.sys
C:\WINDOWS\system32\DRIVERS\aliide.sys
5248 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Acer Laboratories Inc.
----------
Key: alim1541
ImagePath: \SystemRoot\system32\DRIVERS\alim1541.sys
C:\WINDOWS\system32\DRIVERS\alim1541.sys
42752 bytes
Created: 2007-07-27
Modified: 2004-08-03
Company: Microsoft Corporation
----------
Key: amdagp
ImagePath: \SystemRoot\system32\DRIVERS\amdagp.sys
C:\WINDOWS\system32\DRIVERS\amdagp.sys
43008 bytes
Created: 2007-07-27
Modified: 2004-08-03
Company: Advanced Micro Devices, Inc.
----------
Key: AmdK7
ImagePath: system32\DRIVERS\amdk7.sys
C:\WINDOWS\system32\DRIVERS\amdk7.sys
41600 bytes
Created: 2004-08-04
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: amsint
ImagePath: \SystemRoot\system32\DRIVERS\amsint.sys
C:\WINDOWS\system32\DRIVERS\amsint.sys
12032 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
68865 bytes
Created: 2008-06-11
Modified: 2008-07-21
Company: Avira GmbH
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
149761 bytes
Created: 2008-06-11
Modified: 2008-07-21
Company: Avira GmbH
----------
Key: asc
ImagePath: \SystemRoot\system32\DRIVERS\asc.sys
C:\WINDOWS\system32\DRIVERS\asc.sys
26496 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Advanced System Products, Inc.
----------
Key: asc3350p
ImagePath: \SystemRoot\system32\DRIVERS\asc3350p.sys
C:\WINDOWS\system32\DRIVERS\asc3350p.sys
22400 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: asc3550
ImagePath: \SystemRoot\system32\DRIVERS\asc3550.sys
C:\WINDOWS\system32\DRIVERS\asc3550.sys
14848 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Advanced System Products, Inc.
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
29896 bytes
Created: 2005-09-23
Modified: 2005-09-23
Company: Microsoft Corporation
----------
Key: AsyncMac
ImagePath: system32\DRIVERS\asyncmac.sys
C:\WINDOWS\system32\DRIVERS\asyncmac.sys
14336 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
95360 bytes
Created: 2004-08-04
Modified: 2004-08-03
Company: Microsoft Corporation
----------
Key: Atmarpc
ImagePath: system32\DRIVERS\atmarpc.sys
C:\WINDOWS\system32\DRIVERS\atmarpc.sys
59904 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: audstub
ImagePath: system32\DRIVERS\audstub.sys
C:\WINDOWS\system32\DRIVERS\audstub.sys
3072 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: avgio
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
11840 bytes
Created: 2008-06-11
Modified: 2007-02-27
Company: Avira GmbH
----------
Key: avgntflt
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
52032 bytes
Created: 2008-06-11
Modified: 2008-06-12
Company: Avira GmbH
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\WINDOWS\system32\DRIVERS\avipbb.sys
75072 bytes
Created: 2008-06-11
Modified: 2008-07-21
Company: Avira GmbH
----------
Key: BthEnum
ImagePath: system32\DRIVERS\BthEnum.sys
C:\WINDOWS\system32\DRIVERS\BthEnum.sys
17024 bytes
Created: 2008-02-11
Modified: 2004-08-04
Company: Microsoft Corporation
----------
Key: BthPan
ImagePath: system32\DRIVERS\bthpan.sys
C:\WINDOWS\system32\DRIVERS\bthpan.sys
100992 bytes
Created: 2008-02-11
Modified: 2004-08-03
Company: Microsoft Corporation
----------
Key: BTHPORT
ImagePath: System32\Drivers\BTHport.sys
C:\WINDOWS\System32\Drivers\BTHport.sys
272768 bytes
Created: 2008-02-11
Modified: 2008-06-14
Company: Microsoft Corporation
----------
Key: BTHUSB
ImagePath: System32\Drivers\BTHUSB.sys
C:\WINDOWS\System32\Drivers\BTHUSB.sys
18944 bytes
Created: 2008-02-11
Modified: 2004-08-04
Company: Microsoft Corporation
----------
Key: cbidf
ImagePath: \SystemRoot\system32\DRIVERS\cbidf2k.sys
C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
13952 bytes
Created: 2001-08-17
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: cd20xrnt
ImagePath: \SystemRoot\system32\DRIVERS\cd20xrnt.sys
C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
7680 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: Cdrom
ImagePath: system32\DRIVERS\cdrom.sys
C:\WINDOWS\system32\DRIVERS\cdrom.sys
49536 bytes
Created: 2004-08-04
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: CiSvc
ImagePath: %SystemRoot%\system32\cisvc.exe
C:\WINDOWS\system32\cisvc.exe
5632 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: ClipSrv
ImagePath: %SystemRoot%\system32\clipsrv.exe
C:\WINDOWS\system32\clipsrv.exe
33280 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: clr_optimization_v2.0.50727_32
ImagePath: C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
66240 bytes
Created: 2005-09-23
Modified: 2005-09-23
Company: Microsoft Corporation
----------
Key: CmBatt
ImagePath: system32\DRIVERS\CmBatt.sys
C:\WINDOWS\system32\DRIVERS\CmBatt.sys
14080 bytes
Created: 2007-07-27
Modified: 2004-08-04
Company: Microsoft Corporation
----------
Key: CmdIde
ImagePath: \SystemRoot\system32\DRIVERS\cmdide.sys
C:\WINDOWS\system32\DRIVERS\cmdide.sys
6656 bytes
Created: 2007-07-27
Modified: 2001-08-23
Company: CMD Technology, Inc.
----------
Key: Compbatt
ImagePath: system32\DRIVERS\compbatt.sys
C:\WINDOWS\system32\DRIVERS\compbatt.sys
9344 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: COMSysApp
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: Cpqarray
ImagePath: \SystemRoot\system32\DRIVERS\cpqarray.sys
C:\WINDOWS\system32\DRIVERS\cpqarray.sys
14976 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: dac2w2k
ImagePath: \SystemRoot\system32\DRIVERS\dac2w2k.sys
C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
179584 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Mylex Corporation
----------
Key: dac960nt
ImagePath: \SystemRoot\system32\DRIVERS\dac960nt.sys
C:\WINDOWS\system32\DRIVERS\dac960nt.sys
14720 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: Disk
ImagePath: system32\DRIVERS\disk.sys
C:\WINDOWS\system32\DRIVERS\disk.sys
36352 bytes
Created: 2004-08-04
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: dmadmin
ImagePath: %SystemRoot%\System32\dmadmin.exe /com
C:\WINDOWS\System32\dmadmin.exe
225280 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corp., Veritas Software
----------
Key: dmboot
ImagePath: System32\drivers\dmboot.sys
C:\WINDOWS\System32\drivers\dmboot.sys
800256 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corp., Veritas Software
----------
Key: dmio
ImagePath: System32\drivers\dmio.sys
C:\WINDOWS\System32\drivers\dmio.sys
154496 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corp., Veritas Software
----------
Key: dmload
ImagePath: System32\drivers\dmload.sys
C:\WINDOWS\System32\drivers\dmload.sys
5888 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corp., Veritas Software.
----------
Key: DMusic
ImagePath: system32\drivers\DMusic.sys
C:\WINDOWS\system32\drivers\DMusic.sys
52864 bytes
Created: 2008-02-11
Modified: 2004-08-04
Company: Microsoft Corporation
----------
Key: dpti2o
ImagePath: \SystemRoot\system32\DRIVERS\dpti2o.sys
C:\WINDOWS\system32\DRIVERS\dpti2o.sys
20192 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: drmkaud
ImagePath: system32\drivers\drmkaud.sys
C:\WINDOWS\system32\drivers\drmkaud.sys
2944 bytes
Created: 2008-02-11
Modified: 2004-08-04
Company: Microsoft Corporation
----------
Key: Eventlog
ImagePath: %SystemRoot%\system32\services.exe
C:\WINDOWS\system32\services.exe
108544 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: FETNDIS
ImagePath: system32\DRIVERS\fetnd5.sys
C:\WINDOWS\system32\DRIVERS\fetnd5.sys
27165 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: VIA Technologies, Inc.
----------
Key: FltMgr
ImagePath: system32\DRIVERS\fltMgr.sys
C:\WINDOWS\system32\DRIVERS\fltMgr.sys
128896 bytes
Created: 2007-07-27
Modified: 2006-08-21
Company: Microsoft Corporation
----------
Key: Ftdisk
ImagePath: system32\DRIVERS\ftdisk.sys
C:\WINDOWS\system32\DRIVERS\ftdisk.sys
126080 bytes
Created: 2001-08-23
Modified: 2001-08-23
Company: Microsoft Corporation
----------
Key: Gpc
ImagePath: system32\DRIVERS\msgpc.sys
C:\WINDOWS\system32\DRIVERS\msgpc.sys
35072 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: gupdate1c8eb3c71e69a84
ImagePath: "C:\Program Files\Google\Update\GoogleUpdate.exe" /svc
C:\Program Files\Google\Update\GoogleUpdate.exe
119280 bytes
Created: 2008-07-22
Modified: 2008-07-22
Company: Google Inc.
----------
Key: HdAudAddService
ImagePath: system32\drivers\CHDAud.sys
C:\WINDOWS\system32\drivers\CHDAud.sys
630272 bytes
Created: 2008-02-11
Modified: 2007-05-01
Company: Conexant Systems Inc.
----------
Key: HDAudBus
ImagePath: system32\DRIVERS\HDAudBus.sys
C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
138752 bytes
Created: 2005-01-07
Modified: 2005-01-07
Company: Windows (R) Server 2003 DDK provider
----------
Key: HidUsb
ImagePath: system32\DRIVERS\hidusb.sys
C:\WINDOWS\system32\DRIVERS\hidusb.sys
9600 bytes
Created: 2008-02-29
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: hpn
ImagePath: \SystemRoot\system32\DRIVERS\hpn.sys
C:\WINDOWS\system32\DRIVERS\hpn.sys
25952 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: HTTP
ImagePath: System32\Drivers\HTTP.sys
C:\WINDOWS\System32\Drivers\HTTP.sys
262784 bytes
Created: 2004-08-04
Modified: 2006-03-17
Company: Microsoft Corporation
----------
Key: hwdatacard
ImagePath: system32\DRIVERS\ewusbmdm.sys
C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
-R- 100736 bytes
Created: 2008-07-08
Modified: 2007-05-21
Company: Huawei Technologies Co., Ltd.
----------
Key: i2omp
ImagePath: \SystemRoot\system32\DRIVERS\i2omp.sys
C:\WINDOWS\system32\DRIVERS\i2omp.sys
18560 bytes
Created: 2007-07-27
Modified: 2004-08-03
Company: Microsoft Corporation
----------
Key: i8042prt
ImagePath: system32\DRIVERS\i8042prt.sys
C:\WINDOWS\system32\DRIVERS\i8042prt.sys
54400 bytes
Created: 2004-08-04
Modified: 2004-08-04
Company: Microsoft Corporation
----------
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5760096 bytes
Created: 2008-02-11
Modified: 2007-04-16
Company: Intel Corporation
----------
Key: iaStor
ImagePath: system32\DRIVERS\iaStor.sys
C:\WINDOWS\system32\DRIVERS\iaStor.sys
277784 bytes
Created: 2007-07-27
Modified: 2007-02-12
Company: Intel Corporation
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
73728 bytes
Created: 2004-10-22
Modified: 2004-10-22
Company: Macrovision Corporation
----------
Key: Imapi
ImagePath: system32\DRIVERS\imapi.sys
C:\WINDOWS\system32\DRIVERS\imapi.sys
41856 bytes
Created: 2004-08-04
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: ini910u
ImagePath: \SystemRoot\system32\DRIVERS\ini910u.sys
C:\WINDOWS\system32\DRIVERS\ini910u.sys
16000 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: IntelIde
ImagePath: \SystemRoot\system32\DRIVERS\intelide.sys
C:\WINDOWS\system32\DRIVERS\intelide.sys
5504 bytes
Created: 2007-07-27
Modified: 2004-08-04
Company: Microsoft Corporation
----------
Key: intelppm
ImagePath: system32\DRIVERS\intelppm.sys
C:\WINDOWS\system32\DRIVERS\intelppm.sys
40320 bytes
Created: 2004-08-04
Modified: 2004-08-27
Company: Microsoft Corporation
----------
Key: Ip6Fw
ImagePath: system32\DRIVERS\Ip6Fw.sys
C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
29056 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: IpFilterDriver
ImagePath: system32\DRIVERS\ipfltdrv.sys
C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
32896 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: IpInIp
ImagePath: system32\DRIVERS\ipinip.sys
C:\WINDOWS\system32\DRIVERS\ipinip.sys
20992 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: IpNat
ImagePath: system32\DRIVERS\ipnat.sys
C:\WINDOWS\system32\DRIVERS\ipnat.sys
134912 bytes
Created: 2007-07-27
Modified: 2004-09-30
Company: Microsoft Corporation
----------
Key: IPSec
ImagePath: system32\DRIVERS\ipsec.sys
C:\WINDOWS\system32\DRIVERS\ipsec.sys
74752 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: IRENUM
ImagePath: system32\DRIVERS\irenum.sys
C:\WINDOWS\system32\DRIVERS\irenum.sys
11264 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: isapnp
ImagePath: system32\DRIVERS\isapnp.sys
C:\WINDOWS\system32\DRIVERS\isapnp.sys
36224 bytes
Created: 2001-08-23
Modified: 2001-08-23
Company: Microsoft Corporation
----------
Key: Kbdclass
ImagePath: system32\DRIVERS\kbdclass.sys
C:\WINDOWS\system32\DRIVERS\kbdclass.sys
25216 bytes
Created: 2004-08-04
Modified: 2004-08-04
Company: Microsoft Corporation
----------
Key: kmixer
ImagePath: system32\drivers\kmixer.sys
C:\WINDOWS\system32\drivers\kmixer.sys
172416 bytes
Created: 2007-07-27
Modified: 2006-06-14
Company: Microsoft Corporation
----------
Key: mnmsrvc
ImagePath: C:\WINDOWS\system32\mnmsrvc.exe
C:\WINDOWS\system32\mnmsrvc.exe
32768 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: Mouclass
ImagePath: system32\DRIVERS\mouclass.sys
C:\WINDOWS\system32\DRIVERS\mouclass.sys
23680 bytes
Created: 2004-08-04
Modified: 2004-08-04
Company: Microsoft Corporation
----------
Key: mouhid
ImagePath: system32\DRIVERS\mouhid.sys
C:\WINDOWS\system32\DRIVERS\mouhid.sys
12288 bytes
Created: 2008-02-29
Modified: 2001-08-23
Company: Microsoft Corporation
----------
Key: mraid35x
ImagePath: \SystemRoot\system32\DRIVERS\mraid35x.sys
C:\WINDOWS\system32\DRIVERS\mraid35x.sys
17280 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: American Megatrends Inc.
----------
Key: MRxDAV
ImagePath: system32\DRIVERS\mrxdav.sys
C:\WINDOWS\system32\DRIVERS\mrxdav.sys
179584 bytes
Created: 2007-07-27
Modified: 2007-12-18
Company: Microsoft Corporation
----------
Key: MRxSmb
ImagePath: system32\DRIVERS\mrxsmb.sys
C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
453120 bytes
Created: 2007-07-27
Modified: 2006-05-05
Company: Microsoft Corporation
----------
Key: MSDTC
ImagePath: C:\WINDOWS\system32\msdtc.exe
C:\WINDOWS\system32\msdtc.exe
6144 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: MSIServer
ImagePath: %systemroot%\system32\msiexec.exe /V
C:\WINDOWS\system32\msiexec.exe
78848 bytes
Created: 2007-07-27
Modified: 2005-05-04
Company: Microsoft Corporation
----------
Key: MSKSSRV
ImagePath: system32\drivers\MSKSSRV.sys
C:\WINDOWS\system32\drivers\MSKSSRV.sys
7552 bytes
Created: 2008-02-11
Modified: 2004-08-03
Company: Microsoft Corporation
----------
Key: MSPCLOCK
ImagePath: system32\drivers\MSPCLOCK.sys
C:\WINDOWS\system32\drivers\MSPCLOCK.sys
5376 bytes
Created: 2008-02-11
Modified: 2004-08-03
Company: Microsoft Corporation
----------
Key: MSPQM
ImagePath: system32\drivers\MSPQM.sys
C:\WINDOWS\system32\drivers\MSPQM.sys
4992 bytes
Created: 2008-02-11
Modified: 2004-08-03
Company: Microsoft Corporation
----------
Key: mssmbios
ImagePath: system32\DRIVERS\mssmbios.sys
C:\WINDOWS\system32\DRIVERS\mssmbios.sys
15488 bytes
Created: 2004-08-04
Modified: 2004-08-03
Company: Microsoft Corporation
----------
Key: NdisTapi
ImagePath: system32\DRIVERS\ndistapi.sys
C:\WINDOWS\system32\DRIVERS\ndistapi.sys
9600 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: Ndisuio
ImagePath: system32\DRIVERS\ndisuio.sys
C:\WINDOWS\system32\DRIVERS\ndisuio.sys
14592 bytes
Created: 2004-08-04
Modified: 2005-04-20
Company: Microsoft Corporation
----------
Key: NdisWan
ImagePath: system32\DRIVERS\ndiswan.sys
C:\WINDOWS\system32\DRIVERS\ndiswan.sys
91776 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: NetBIOS
ImagePath: system32\DRIVERS\netbios.sys
C:\WINDOWS\system32\DRIVERS\netbios.sys
34560 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: NetBT
ImagePath: system32\DRIVERS\netbt.sys
C:\WINDOWS\system32\DRIVERS\netbt.sys
162816 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: NetDDE
ImagePath: %SystemRoot%\system32\netdde.exe
C:\WINDOWS\system32\netdde.exe
114176 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: NetDDEdsdm
ImagePath: %SystemRoot%\system32\netdde.exe
C:\WINDOWS\system32\netdde.exe
114176 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: Netlogon
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: NETw4x32
ImagePath: system32\DRIVERS\NETw4x32.sys
C:\WINDOWS\system32\DRIVERS\NETw4x32.sys
2203520 bytes
Created: 2008-02-11
Modified: 2007-02-25
Company: Intel Corporation
----------
Key: NtLmSsp
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: NwlnkFlt
ImagePath: system32\DRIVERS\nwlnkflt.sys
C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
12416 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: NwlnkFwd
ImagePath: system32\DRIVERS\nwlnkfwd.sys
C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
32512 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
441136 bytes
Created: 2006-10-26
Modified: 2006-10-26
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 2006-10-26
Modified: 2006-10-26
Company: Microsoft Corporation
----------
Key: PCI
ImagePath: system32\DRIVERS\pci.sys
C:\WINDOWS\system32\DRIVERS\pci.sys
68608 bytes
Created: 2004-08-04
Modified: 2004-08-04
Company: Microsoft Corporation
----------
Key: PCIIde
ImagePath: system32\DRIVERS\pciide.sys
C:\WINDOWS\system32\DRIVERS\pciide.sys
3328 bytes
Created: 2007-07-27
Modified: 2001-08-23
Company: Microsoft Corporation
----------
Key: Pcmcia
ImagePath: system32\DRIVERS\pcmcia.sys
C:\WINDOWS\system32\DRIVERS\pcmcia.sys
120320 bytes
Created: 2004-08-04
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: perc2
ImagePath: \SystemRoot\system32\DRIVERS\perc2.sys
C:\WINDOWS\system32\DRIVERS\perc2.sys
27296 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: perc2hib
ImagePath: \SystemRoot\system32\DRIVERS\perc2hib.sys
C:\WINDOWS\system32\DRIVERS\perc2hib.sys
5504 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: PlugPlay
ImagePath: %SystemRoot%\system32\services.exe
C:\WINDOWS\system32\services.exe
108544 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: PolicyAgent
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: PptpMiniport
ImagePath: system32\DRIVERS\raspptp.sys
C:\WINDOWS\system32\DRIVERS\raspptp.sys
48384 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: ProtectedStorage
ImagePath: %SystemRoot%\system32\lsass.exe
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: PSched
ImagePath: system32\DRIVERS\psched.sys
C:\WINDOWS\system32\DRIVERS\psched.sys
69120 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: Ptilink
ImagePath: system32\DRIVERS\ptilink.sys
C:\WINDOWS\system32\DRIVERS\ptilink.sys
17792 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Parallel Technologies, Inc.
----------
Key: ql1080
ImagePath: \SystemRoot\system32\DRIVERS\ql1080.sys
C:\WINDOWS\system32\DRIVERS\ql1080.sys
40320 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: QLogic Corporation
----------
Key: Ql10wnt
ImagePath: \SystemRoot\system32\DRIVERS\ql10wnt.sys
C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
33152 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: ql12160
ImagePath: \SystemRoot\system32\DRIVERS\ql12160.sys
C:\WINDOWS\system32\DRIVERS\ql12160.sys
45312 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: QLogic Corporation
----------
Key: ql1240
ImagePath: \SystemRoot\system32\DRIVERS\ql1240.sys
C:\WINDOWS\system32\DRIVERS\ql1240.sys
40448 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: Microsoft Corporation
----------
Key: ql1280
ImagePath: \SystemRoot\system32\DRIVERS\ql1280.sys
C:\WINDOWS\system32\DRIVERS\ql1280.sys
49024 bytes
Created: 2007-07-27
Modified: 2001-08-17
Company: QLogic Corporation
----------
Key: RasAcd
ImagePath: system32\DRIVERS\rasacd.sys
C:\WINDOWS\system32\DRIVERS\rasacd.sys
8832 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: Rasl2tp
ImagePath: system32\DRIVERS\rasl2tp.sys
C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
51328 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: RasPppoe
ImagePath: system32\DRIVERS\raspppoe.sys
C:\WINDOWS\system32\DRIVERS\raspppoe.sys
41472 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: Raspti
ImagePath: system32\DRIVERS\raspti.sys
C:\WINDOWS\system32\DRIVERS\raspti.sys
16512 bytes
Created: 2007-07-27
Modified: 2004-08-05
Company: Microsoft Corporation
----------
Key: Rdbss
ImagePath: system32\DRIVE

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question

Réponse 5 / 10

varfendell Messages postés 3259 Date d'inscription Statut Membre Dernière intervention 707

Bon, démarre en mode sans échecs pour essayé de le supprimer, soit par toi même, soit en relancer un scann avec trojan remover ou malware.

lanic

Oui, je l'ai fait. Il n'a rien détecté de plus...
Désolé pour le log de Trojan Remover, il était trop long pour passer d'un seul tenant....

Curieux, cela fait 3 fois que j'ai relancé la session windows et qu'à la reconnexion internet, il n'y a plus d'alerte virus...
je te tiens au courant.

Réponse 6 / 10

varfendell Messages postés 3259 Date d'inscription Statut Membre Dernière intervention 707

Ok, normalement ton infection est nettoyé.
Pour en être sur tu peut toujours reposter un rapport hijackthis.

Sinon n'oublie pas de mettre le topic en résolu

lanic

Voici le dernier rapport HijackThis :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:28, on 2008-08-13
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\system32\tgbstarter.exe
C:\Program Files\UltraVNC\WinVNC.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Program Files\TheGreenBow\TheGreenBow VPN\VpnConf.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Internet Download Manager\IDMan.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
C:\Program Files\Internet Download Manager\IEMonitor.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\TheGreenBow\TheGreenBow VPN\tgbike.exe
C:\Program Files\Office\Office12\WINWORD.EXE
C:\Program Files\Office\Office12\EXCEL.EXE
G:\Thunderbird\PortableThunderbird.exe
C:\Program Files\Mozilla Firefox\firefox.exe
G:\Thunderbird\App\Thunderbird\Thunderbird.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://runonce.msn.com/runonce3.aspx
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [WinVNC] "C:\Program Files\UltraVNC\WinVNC.exe" -servicehelper
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [TgbVpn] C:\Program Files\TheGreenBow\TheGreenBow VPN\VpnConf.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKLM\..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe
O4 - HKLM\..\Run: [Wbutton] C:\Program Files\Launch Manager\WButton.exe
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [IDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDock\ObjectDock.exe
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Download all links with IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Download FLV video content with IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm
O8 - Extra context menu item: Download with IDM - C:\Program Files\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\Office\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = idra.local
O17 - HKLM\Software\..\Telephony: DomainName = idra.local
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = idra.local
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Google Update Service (gupdate1c8eb3c71e69a84) (gupdate1c8eb3c71e69a84) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: TgbIke Starter (TgbIKE Starter) - Sistech - C:\WINDOWS\system32\tgbstarter.exe
O23 - Service: VNC Server (winvnc) - www.ultravnc.fr - C:\Program Files\UltraVNC\WinVNC.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe

Réponse 7 / 10

varfendell Messages postés 3259 Date d'inscription Statut Membre Dernière intervention 707

Le rapport est clean.

Il n'y avait pas que ce logiciel, tu avait aussi attrapé un trojan que malware a supprimé. tu peut mettre ton topic comme résolu

lanic

Où dois-je indiquer qu'il est "Résolu", dans le corps du message ?
J'ai la même procédure à réaliser son mon poste fixe, je vous tiens au courant si j'ai un soucis ;-).

Merci.

Réponse 8 / 10

varfendell Messages postés 3259 Date d'inscription Statut Membre Dernière intervention 707

normalement c'est en haut du topic.

Réponse 9 / 10

^^Marie^^ Messages postés 126523 Date d'inscription Statut Membre Dernière intervention 3 279

Salut

mais elle est pas très sympa:
La prochaine fois je ne dirai rien et l'internaute partira dans la m ***

JAVA est-il à jour ?
Recommandé Version 6 Update 7

Adobe\Acrobat 7.0 est-il à jour ?

Réponse 10 / 10

varfendell Messages postés 3259 Date d'inscription Statut Membre Dernière intervention 707

La prochaine fois je ne dirai rien et l'internaute partira dans la m ***
je ne sait pas ce que tu en pense, mais tes "intervention " pourrait être un peu plus amicale et encourageante (pas comme ça)

^^Marie^^ Messages postés 126523 Date d'inscription Statut Membre Dernière intervention 3 279

Tu as toutes les réponses sur le forum.
C'est la BASE de la désinfection.
En prenant le Toro par les cornes, tu aurais trouvé tout seul.
Pour ce qui est de la réponse amicale ou pas, relis toi aussi.

+++++

varfendell Messages postés 3259 Date d'inscription Statut Membre Dernière intervention 707 > ^^Marie^^ Messages postés 126523 Date d'inscription Statut Membre Dernière intervention

ok, je prend bonne note.

C'est vrai que j'oublie de vérifier si l'internaute est à jour dans ses logiciel de protection...je ferais plus attention dorénavant.

Merci, @++

Discussions similaires

Menace détectée TrojanSMS-PA sur Google Huawei/Android

Comment supprimer le virus Trojan

Comment enlever mon virus trojan:win32/si...

qu'est ce qu'un "trojan agent/gen" ? svp

cheval de troie trojan

Forum Virus

Trouvez des solutions pour détecter et éliminer les menaces, des astuces pour prévenir les infections, et discutez des dernières menaces en ligne

Newsletters

Newsletters

Actu du jour

Voir un exemple