Sujet Précédent Sujet Suivant

Pb virus srosa.sys et autres

Résolu/Fermé
vincolo Messages postés 108 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 20 décembre 2008 - 22 août 2008 à 16:45
 afideg - 27 août 2008 à 15:30
Bonjour,

je suis assez novice en terme de suppression de virus...
Je vous explique mon problème.
A ce que j'ai lu dans les différents forums, j'aurais téléchargé un fichier emule infecté hier sur mon pc portable.

Depuis,avast ne se lance plus,mon pc est très lent et je ne peux plus me connecter à internet(Windows ne peut pas configurer cette connexion sans fil)

J'ai testé différents logiciels comme
elibagle : il m'a trouvé et supprimé deux bagle
Anti spyware....
Depuis j'arrive à lancer Avast et ccleaner même si avast ne se lance pas automatiquement à l'ouverture de mon pc.Mon pc est un peu plus rapide mais je ne peux toujours pas me connecter à internet.
J'ai donc installé et exécuté combofix qui me détecte divers problèmes mais je ne comprends pas tout.
J'ai lu qu'il ne fallait pas poster dès le premier post un rapport donc je ne le fais pas.
Quelqu'un pourrait-il m'aider s'il vous plait?
Je vous en serais très reconnaissant.
Merci d'avance
Cordialement
Vince
A voir également:

211 réponses

Précédent
Réponse 61 / 211
vincolo Messages postés 108 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 20 décembre 2008
22 août 2008 à 22:45
Désolé de revenir à la charge
Bon,bilan mon pc est beaucoup plus rapide qu'il y a quelques heures et je pense qu'on a déjà fait du ménage

Par pur acquis de conscience je viens quand même d'effectuer un MalwareBytes et il me détecte C:\Windows\system32\drivers\downld

alors je le supprime et il me dit qu'il l'efface avec succès mais manque de bol quand je redémarre et que je relance il redetecte le même trojan
Je ne sais pas comment faire pour qu'il disparaisse
0
Réponse 62 / 211
Utilisateur anonyme
22 août 2008 à 22:47
disons que c'est une solution efficace mais pas la meilleure mais c'est tres bien comme ca! sinon en pare-feu tu a comodo!

Spybot-->

http://download.betanews.com/download/1043809773-1/spybotsd-2.7.64.0.exe

-->Avec son tuto--> https://www.malekal.com/spybot-search-destroy-proteger-desinfecter-pc-virus/

comodo--> https://www.malekal.com/tutorial-comodo-firewall/ <-- le lien de telechargement est sur la page
0
Réponse 63 / 211
vincolo Messages postés 108 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 20 décembre 2008
22 août 2008 à 23:02
Merci beaucoup pour les liens cool!!!

peux tu me répondre sur mon problème qui revient à chaque démarrage (présence du trojan downld) car j'ai l'impression que l'infection n'est pas finie

MErci encore
0
Réponse 64 / 211
Utilisateur anonyme
23 août 2008 à 09:22
bonjour,

Non tu as raison c'est un reste a eliminer avec combofix laisse moi te preparer un ptit truc
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 65 / 211
vincolo Messages postés 108 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 20 décembre 2008
23 août 2008 à 09:52
Bonjour à toi,

donc il faut que je refasse un combofix?

Merci encore pour toute ton aide
0
Réponse 66 / 211
Utilisateur anonyme
23 août 2008 à 10:01
Oui stp repasse combofix comme tu la fait precedemment et normalement il detectera cette infection!
0
Réponse 67 / 211
vincolo Messages postés 108 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 20 décembre 2008
23 août 2008 à 10:17
Yes il l'a détecté
mais comment m'assurer qu'il l'a réellement supprimé car à chaque démarrage il revient?

ComboFix 08-08-21.02 - Administrateur 2008-08-23 10:09:00.7 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1012 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\Combo-Fix.exe
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\InfoSat.txt
C:\WINDOWS\system32\drivers\downld
G:\InfoSat.txt

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))))))))
.

2008-08-22 23:50 . 2008-08-22 23:50 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-22 23:05 . 2008-08-22 23:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-22 23:05 . 2008-08-22 23:32 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-22 21:42 . 2008-08-22 21:42 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-22 21:42 . 2008-08-22 21:42 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-22 21:42 . 2008-08-22 21:42 <REP> d----c--- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-08-22 21:42 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-22 21:42 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-22 21:11 . 2008-08-22 21:11 987 --a--c--- C:\FindB.txt)
2008-08-22 16:04 . 2008-08-22 16:04 <REP> d-------- C:\Program Files\ESET
2008-08-22 16:04 . 2008-08-22 16:04 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-22 13:17 . 2008-08-22 13:17 <REP> d----c--- C:\logs
2008-08-21 11:23 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-21 11:23 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-21 11:23 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-21 11:23 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2008-08-21 11:23 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-20 15:06 . 2008-08-20 15:06 <REP> d-------- C:\Program Files\Fichiers communs\Lenovo
2008-08-15 12:18 . 2008-08-15 12:18 <REP> d----c--- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-08-14 07:40 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 19:17 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-21 08:49 --------- d-----w C:\Program Files\eMule
2008-08-20 17:35 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
2008-08-20 13:06 --------- d-----w C:\Program Files\Lenovo
2008-08-18 11:31 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\ZoomBrowser EX
2008-08-18 11:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\CameraWindowDC
2008-08-16 06:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-12 07:34 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\dvdcss
2008-07-25 21:54 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\BSplayer PRO
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-03 09:18 --------- d-----w C:\Program Files\Soulseek
2008-07-02 20:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-07-02 20:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\GRETECH
2008-07-02 20:29 --------- d-----w C:\Program Files\GRETECH
2008-07-01 07:04 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-07-01 06:57 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-07-01 06:56 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-28 21:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-02-08 22:40 3,960,680 -c--a-w C:\Documents and Settings\Administrateur\TRACE_BOOT+DRIVERS_1_1.BIN
2007-03-31 14:06 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-03-29 14:01 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-21_23.43.22.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-22 14:05:15 10,134 ----a-r C:\WINDOWS\Installer\{6229EFBA-A122-490C-B660-A5409FA15A31}\callmsi.exe
+ 2008-08-22 14:05:15 136,448 ----a-r C:\WINDOWS\Installer\{6229EFBA-A122-490C-B660-A5409FA15A31}\egui.exe
+ 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-04-13 19:16:41 64,706 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-22 17:09:30 64,706 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-13 19:16:41 78,354 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-08-22 17:09:30 78,354 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-04-13 19:16:41 409,566 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-22 17:09:30 409,566 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-13 19:16:41 477,728 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-08-22 17:09:30 477,728 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-08-23 07:53:47 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_728.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 18:20 380928]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-06-25 09:02 716808]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 14:33 271936]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 23:00 856064]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19 94208]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 02:13 151552]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 10:47 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 10:47 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 10:46 135168]
"TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 10:34 487424]
"LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-23 00:05 102400]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 09:01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Post-it© Software Notes.lnk - C:\Program Files\3M\PSNotes2\Psn2.exe [2002-12-23 12:24:04 659456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 00:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 21:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.l3codec"= l3codecp.acm
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
--a------ 2006-12-25 11:34 409600 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
--a------ 2006-12-25 11:29 110592 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
--a------ 2006-05-26 02:13 208896 C:\PROGRA~1\ThinkPad\UTILIT~1\BATLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
--a------ 2006-11-29 03:30 243248 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
--a------ 2004-08-06 03:10 442368 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2007-01-13 10:47 163840 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2007-01-13 10:46 135168 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2007-01-13 10:47 131072 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 10:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-02-14 15:16 512000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2006-02-14 15:17 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKBDLED]
--a------ 2002-10-08 23:28 40960 C:\WINDOWS\system32\TpScrLk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2005-10-17 02:11 65536 C:\WINDOWS\system32\TP4EX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
--a------ 2006-12-25 22:15 181808 C:\WINDOWS\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"C:\\WINDOWS\\system32\\lxddcoms.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18]
R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2006-12-25 23:05]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2006-12-25 23:03]
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 15:13]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 09:04]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\Drivers\IBMBLDID.sys [2006-01-13 01:33]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-26 02:13]
R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 01:59]
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 15:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df0-cf27-11dc-bfe8-0014a4334df6}]
\Shell\AutoRun\command - G:\ntde1ect.com
\Shell\explore\Command - G:\ntde1ect.com
\Shell\open\Command - G:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df2-cf27-11dc-bfe8-0014a4334df6}]
\Shell\AutoRun\command - H:\ntde1ect.com
\Shell\explore\Command - H:\ntde1ect.com
\Shell\open\Command - H:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24c6baa3-c609-11dc-a9b3-0014a4334df6}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4855-ca71-11dc-8f62-0014a4334df6}]
\Shell\AutoRun\command - I:\ntde1ect.com
\Shell\explore\Command - I:\ntde1ect.com
\Shell\open\Command - I:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4857-ca71-11dc-8f62-0014a4334df6}]
\Shell\AutoRun\command - J:\ntde1ect.com
\Shell\explore\Command - J:\ntde1ect.com
\Shell\open\Command - J:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9caa018a-f680-11dc-824c-0014a4334df6}]
\Shell\AutoRun\command - G:\ReadMe.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6228a95-dbc1-11dc-8211-0014a4334df6}]
\Shell\AutoRun\command - G:\
\Shell\explore\Command - RECYCLED\INFO.exe
\Shell\open\Command - RECYCLED\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c7354b-dde7-11db-a670-0014a41d8fea}]
\Shell\Auto\command - I:\sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da92fc4c-c9a5-11dc-814d-0014a4334df6}]
\Shell\AutoRun\command - G:\nideiect.com
\Shell\explore\Command - G:\nideiect.com
\Shell\open\Command - G:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4c507aa-f296-11dc-8243-0014a4334df6}]
\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db4077-e469-11dc-8225-ecac405be524}]
\Shell\AutoRun\command - .\MigWiz\migsetup.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ff9lrx0z.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 10:10:39
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
Temps d'accomplissement: 2008-08-23 10:11:41
ComboFix-quarantined-files.txt 2008-08-23 08:11:28
ComboFix2.txt 2008-08-22 16:59:21
ComboFix3.txt 2008-08-22 13:52:54
ComboFix4.txt 2008-08-21 22:13:21
ComboFix5.txt 2008-08-23 08:08:46

Pre-Run: 2,123,583,488 octets libres
Post-Run: 2,108,133,376 octets libres

285 --- E O F --- 2008-08-16 06:46:02


Merci encore de ton aide
0
Réponse 68 / 211
Utilisateur anonyme
23 août 2008 à 10:38
Bon alors la je coince =/ il ne reste plus que ca mais il ne veut pas etre supprimer,je suis a cours d'idee aarrgghh!

Il n'y a que ca qui pouvait le virer
0
Réponse 69 / 211
vincolo Messages postés 108 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 20 décembre 2008
23 août 2008 à 11:03
pour preuve je viens de redémarrer et de rééxécuter combofix et voici le rapport il m'a encore trouvé downld

ComboFix 08-08-21.02 - Administrateur 2008-08-23 10:57:22.8 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.1011 [GMT 2:00]
Endroit: C:\Documents and Settings\Administrateur\Bureau\Combo-Fix.exe
* Resident AV is active


[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\drivers\downld

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-23 to 2008-08-23 ))))))))))))))))))))))))))))))))))))
.

2008-08-22 23:50 . 2008-08-22 23:50 <REP> d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-08-22 23:05 . 2008-08-22 23:08 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2008-08-22 23:05 . 2008-08-22 23:32 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-22 21:42 . 2008-08-22 21:42 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-22 21:42 . 2008-08-22 21:42 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-22 21:42 . 2008-08-22 21:42 <REP> d----c--- C:\Documents and Settings\Administrateur\Application Data\Malwarebytes
2008-08-22 21:42 . 2008-08-17 15:01 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-22 21:42 . 2008-08-17 15:01 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-22 21:11 . 2008-08-22 21:11 987 --a--c--- C:\FindB.txt)
2008-08-22 16:04 . 2008-08-22 16:04 <REP> d-------- C:\Program Files\ESET
2008-08-22 16:04 . 2008-08-22 16:04 <REP> d----c--- C:\Documents and Settings\All Users\Application Data\ESET
2008-08-22 13:17 . 2008-08-22 13:17 <REP> d----c--- C:\logs
2008-08-21 11:23 . 2007-04-19 15:18 83,536 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-08-21 11:23 . 2007-04-19 15:18 59,984 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-08-21 11:23 . 2007-04-19 15:18 52,304 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-08-21 11:23 . 2007-04-19 15:18 39,248 --a------ C:\WINDOWS\system32\drivers\ikfileflt.sys
2008-08-21 11:23 . 2007-04-19 15:18 26,064 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-08-20 15:06 . 2008-08-20 15:06 <REP> d-------- C:\Program Files\Fichiers communs\Lenovo
2008-08-15 12:18 . 2008-08-15 12:18 <REP> d----c--- C:\Documents and Settings\Administrateur\Application Data\Media Player Classic
2008-08-14 07:40 . 2008-05-01 16:31 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-21 21:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-08-21 19:17 --------- dc--a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-08-21 08:49 --------- d-----w C:\Program Files\eMule
2008-08-20 17:35 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
2008-08-20 13:06 --------- d-----w C:\Program Files\Lenovo
2008-08-18 11:31 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\ZoomBrowser EX
2008-08-18 11:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\CameraWindowDC
2008-08-16 06:45 --------- dc----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-08-12 07:34 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\dvdcss
2008-07-25 21:54 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\BSplayer PRO
2008-07-07 20:31 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-03 09:18 --------- d-----w C:\Program Files\Soulseek
2008-07-02 20:30 --------- dc----w C:\Documents and Settings\All Users\Application Data\GRETECH
2008-07-02 20:30 --------- dc----w C:\Documents and Settings\Administrateur\Application Data\GRETECH
2008-07-02 20:29 --------- d-----w C:\Program Files\GRETECH
2008-07-01 07:04 34,312 ----a-w C:\WINDOWS\system32\drivers\epfwtdir.sys
2008-07-01 06:57 53,256 ----a-w C:\WINDOWS\system32\drivers\easdrv.sys
2008-07-01 06:56 39,944 ----a-w C:\WINDOWS\system32\drivers\eamon.sys
2008-06-28 21:27 --------- dc----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-06-24 16:23 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:28 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:41 247,808 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-02-08 22:40 3,960,680 -c--a-w C:\Documents and Settings\Administrateur\TRACE_BOOT+DRIVERS_1_1.BIN
2007-03-31 14:06 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Cookies\index.dat
2007-03-29 14:01 16,384 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat
.

((((((((((((((((((((((((((((( snapshot@2008-08-21_23.43.22.01 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-08-22 14:05:15 10,134 ----a-r C:\WINDOWS\Installer\{6229EFBA-A122-490C-B660-A5409FA15A31}\callmsi.exe
+ 2008-08-22 14:05:15 136,448 ----a-r C:\WINDOWS\Installer\{6229EFBA-A122-490C-B660-A5409FA15A31}\egui.exe
+ 2005-05-16 17:34:48 213,048 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavss.dll
+ 2008-08-13 13:03:26 65,536 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavuninstall.exe
+ 2008-08-13 13:03:26 798,720 ----a-w C:\WINDOWS\system32\Kaspersky Lab\Kaspersky Online Scanner\kavwebscan.dll
- 2008-04-13 19:16:41 64,706 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-08-22 17:09:30 64,706 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-04-13 19:16:41 78,354 ----a-w C:\WINDOWS\system32\perfc00C.dat
+ 2008-08-22 17:09:30 78,354 ----a-w C:\WINDOWS\system32\perfc00C.dat
- 2008-04-13 19:16:41 409,566 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-08-22 17:09:30 409,566 ----a-w C:\WINDOWS\system32\perfh009.dat
- 2008-04-13 19:16:41 477,728 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-08-22 17:09:30 477,728 ----a-w C:\WINDOWS\system32\perfh00C.dat
+ 2008-08-23 08:53:45 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_72c.dat
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"pdfSaver3"="C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe" [2004-09-05 18:20 380928]
"SuperCopier2.exe"="C:\Program Files\SuperCopier2\SuperCopier2.exe" [2006-06-25 09:02 716808]
"DAEMON Tools Lite"="C:\Program Files\DAEMON Tools Lite\daemon.exe" [2008-04-01 11:39 486856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-20 01:09 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-08-18 18:41 1832272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe" [2007-04-19 14:33 271936]
"TPKMAPHELPER"="C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe" [2006-06-02 23:00 856064]
"TPHOTKEY"="C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe" [2006-10-02 11:19 94208]
"PWRMGRTR"="C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL" [2006-05-26 02:13 151552]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 08:00 33648]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2007-01-13 10:47 131072]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2007-01-13 10:47 163840]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2007-01-13 10:46 135168]
"TVT Scheduler Proxy"="C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe" [2008-03-04 10:34 487424]
"LXDDCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll" [2007-01-23 00:05 102400]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 09:01 1447168]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="C:\PROGRA~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-08-24 04:18 437160]

C:\Documents and Settings\Administrateur\Menu D‚marrer\Programmes\D‚marrage\
Post-it© Software Notes.lnk - C:\Program Files\3M\PSNotes2\Psn2.exe [2002-12-23 12:24:04 659456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpfnf2]
2005-07-06 00:45 28672 C:\WINDOWS\system32\notifyf2.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tphotkey]
2005-11-30 21:16 24576 C:\WINDOWS\system32\tphklock.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ACDV"= ACDV.dll
"msacm.l3codec"= l3codecp.acm
"msacm.divxa32"= msaud32_divx.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dllschannel.dlldigest.dllmsnsspc.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sacsvr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sglfb.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\tga.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wd.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^Administrateur^Menu Démarrer^Programmes^Démarrage^OpenOffice.org 2.1.lnk]
path=C:\Documents and Settings\Administrateur\Menu Démarrer\Programmes\Démarrage\OpenOffice.org 2.1.lnk
backup=C:\WINDOWS\pss\OpenOffice.org 2.1.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTray]
--a------ 2006-12-25 11:34 409600 C:\Program Files\ThinkPad\ConnectUtilities\ACTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACWLIcon]
--a------ 2006-12-25 11:29 110592 C:\Program Files\ThinkPad\ConnectUtilities\ACWLIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BLOG]
--a------ 2006-05-26 02:13 208896 C:\PROGRA~1\ThinkPad\UTILIT~1\BATLOGEX.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
--a------ 2004-08-20 01:09 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EZEJMNAP]
--a------ 2006-11-29 03:30 243248 C:\PROGRA~1\ThinkPad\UTILIT~1\EZEJMNAP.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ibmmessages]
--a------ 2004-08-06 03:10 442368 C:\Program Files\IBM\Messages By IBM\ibmmessages.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
--a------ 2007-01-13 10:47 163840 C:\WINDOWS\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
--a------ 2007-01-13 10:46 135168 C:\WINDOWS\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
--a------ 2007-01-13 10:47 131072 C:\WINDOWS\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--a------ 2004-10-13 18:24 1694208 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
--a------ 2004-08-06 08:27 860160 C:\Program Files\Analog Devices\SoundMAX\SMax4.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAXPnP]
--a------ 2004-10-14 10:11 1388544 C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPEnh]
--a------ 2006-02-14 15:16 512000 C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SynTPLpr]
--a------ 2006-02-14 15:17 110592 C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TPKBDLED]
--a------ 2002-10-08 23:28 40960 C:\WINDOWS\system32\TpScrLk.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2005-10-17 02:11 65536 C:\WINDOWS\system32\TP4EX.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TpShocks]
--a------ 2006-12-25 22:15 181808 C:\WINDOWS\system32\TpShocks.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\lxddamon.exe"=
"C:\\Program Files\\Lexmark 2500 Series\\App4R.exe"=
"C:\\WINDOWS\\system32\\lxddcoms.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"C:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\uTorrent\\uTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135
"5000:TCP"= 5000:TCP:TCP Port 5000
"5001:TCP"= 5001:TCP:TCP Port 5001
"5002:TCP"= 5002:TCP:TCP Port 5002
"5003:TCP"= 5003:TCP:TCP Port 5003
"5004:TCP"= 5004:TCP:TCP Port 5004
"5005:TCP"= 5005:TCP:TCP Port 5005
"5006:TCP"= 5006:TCP:TCP Port 5006
"5007:TCP"= 5007:TCP:TCP Port 5007
"5008:TCP"= 5008:TCP:TCP Port 5008
"5009:TCP"= 5009:TCP:TCP Port 5009
"5010:TCP"= 5010:TCP:TCP Port 5010
"5011:TCP"= 5011:TCP:TCP Port 5011
"5012:TCP"= 5012:TCP:TCP Port 5012
"5013:TCP"= 5013:TCP:TCP Port 5013
"5014:TCP"= 5014:TCP:TCP Port 5014
"5015:TCP"= 5015:TCP:TCP Port 5015
"5016:TCP"= 5016:TCP:TCP Port 5016
"5017:TCP"= 5017:TCP:TCP Port 5017
"5018:TCP"= 5018:TCP:TCP Port 5018
"5019:TCP"= 5019:TCP:TCP Port 5019
"5020:TCP"= 5020:TCP:TCP Port 5020

R0 hotcore3;hotcore3;C:\WINDOWS\system32\drivers\hotcore3.sys [2007-09-20 15:18]
R0 Shockprf;Shockprf;C:\WINDOWS\system32\DRIVERS\Apsx86.sys [2006-12-25 23:05]
R0 TPDIGIMN;TPDIGIMN;C:\WINDOWS\system32\DRIVERS\ApsHM86.sys [2006-12-25 23:03]
R0 TPDiskPM;TPDiskPM;C:\WINDOWS\system32\drivers\TPDiskPM.sys [2006-09-26 15:13]
R1 ANC;ANC;C:\WINDOWS\system32\drivers\ANC.SYS [2005-11-08 10:27]
R1 epfwtdir;epfwtdir;C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 09:04]
R1 IBMTPCHK;IBMTPCHK;C:\WINDOWS\System32\Drivers\IBMBLDID.sys [2006-01-13 01:33]
R1 TPPWRIF;TPPWRIF;C:\WINDOWS\system32\drivers\Tppwrif.sys [2006-05-26 02:13]
R2 lxdd_device;lxdd_device;C:\WINDOWS\system32\lxddcoms.exe [2007-02-13 01:59]
R3 TPInput;TPInput;C:\WINDOWS\system32\DRIVERS\TPInput.sys [2006-09-26 15:13]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df0-cf27-11dc-bfe8-0014a4334df6}]
\Shell\AutoRun\command - G:\ntde1ect.com
\Shell\explore\Command - G:\ntde1ect.com
\Shell\open\Command - G:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{002e1df2-cf27-11dc-bfe8-0014a4334df6}]
\Shell\AutoRun\command - H:\ntde1ect.com
\Shell\explore\Command - H:\ntde1ect.com
\Shell\open\Command - H:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{24c6baa3-c609-11dc-a9b3-0014a4334df6}]
\Shell\AutoRun\command - ntde1ect.com
\Shell\explore\Command - ntde1ect.com
\Shell\open\Command - ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4855-ca71-11dc-8f62-0014a4334df6}]
\Shell\AutoRun\command - I:\ntde1ect.com
\Shell\explore\Command - I:\ntde1ect.com
\Shell\open\Command - I:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4857-ca71-11dc-8f62-0014a4334df6}]
\Shell\AutoRun\command - J:\ntde1ect.com
\Shell\explore\Command - J:\ntde1ect.com
\Shell\open\Command - J:\ntde1ect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{9caa018a-f680-11dc-824c-0014a4334df6}]
\Shell\AutoRun\command - G:\ReadMe.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6228a95-dbc1-11dc-8211-0014a4334df6}]
\Shell\AutoRun\command - G:\
\Shell\explore\Command - RECYCLED\INFO.exe
\Shell\open\Command - RECYCLED\INFO.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d6c7354b-dde7-11db-a670-0014a41d8fea}]
\Shell\Auto\command - I:\sxs.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL sxs.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{da92fc4c-c9a5-11dc-814d-0014a4334df6}]
\Shell\AutoRun\command - G:\nideiect.com
\Shell\explore\Command - G:\nideiect.com
\Shell\open\Command - G:\nideiect.com

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e4c507aa-f296-11dc-8243-0014a4334df6}]
\Shell\AutoRun\command - G:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f7db4077-e469-11dc-8225-ecac405be524}]
\Shell\AutoRun\command - .\MigWiz\migsetup.exe
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-23 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 20:20]
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\ff9lrx0z.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr/
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-23 10:59:07
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
--------------------- DLLs a chargé sous des processus courants ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\tphklock.dll
.
Temps d'accomplissement: 2008-08-23 11:00:23
ComboFix-quarantined-files.txt 2008-08-23 08:59:58
ComboFix2.txt 2008-08-23 08:11:42
ComboFix3.txt 2008-08-22 16:59:21
ComboFix4.txt 2008-08-22 13:52:54
ComboFix5.txt 2008-08-23 08:57:08

Pre-Run: 2,103,881,728 octets libres
Post-Run: 2,081,673,216 octets libres

283 --- E O F --- 2008-08-16 06:46:02


Je ne sais pas comment faire pour le supprimer à jamais
Quelqu'un aurait il une idée
Merci d'avance
0
Réponse 70 / 211
Utilisateur anonyme
23 août 2008 à 11:06
ALalal c'est un peu galere la essaye peut etre de voir sur google si tu trouves des choses sionon le pc ne vas pa trop mal?
0
Réponse 71 / 211
vincolo Messages postés 108 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 20 décembre 2008
23 août 2008 à 11:10
le pc va mieux
mais bon j'aimerais bien réussir à supprimer à jamais ce downld
je recherhce sur google mais je retombe sur les m^memes manip que tu m'as fait exécuter
Cela pourrait-il venir du fait qu'un programme infecté s'exécute à chaque démarrage et ramène donc ce downld????
J'aimerais arriver a supprimer ce dernier pb pour pouvoir enfin dire que mon pc est réparé!!!!

merci beaucoup pour ton aide
0
Réponse 72 / 211
Utilisateur anonyme
23 août 2008 à 11:16
Ba oui j'aimerais egalement le supprimer!

Malwarebytes te le detecte mais essaye de me refaire un scan sans protections et en mode sans echec ce coup-ci envoi moi le rapport!
0
Réponse 73 / 211
vincolo Messages postés 108 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 20 décembre 2008
23 août 2008 à 11:41
voici l'analyse malware réalisée en mode sans échec:
incroyable en mode sans échec il ne détecte plus rien:

Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 5.1.2600 Service Pack 2

11:38:38 23/08/2008
mbam-log-08-23-2008 (11-38-38).txt

Type de recherche: Examen rapide
Eléments examinés: 45307
Temps écoulé: 6 minute(s), 35 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


et finddb en mode sans échec aussi:


+- FindB mis a jours le 21/08/08 par Chiquitine29



+- Recherche de fichier bagle :




+- Recherche dans : C:\WINDOWS\Prefetch :


C:\WINDOWS\Prefetch\WINTEMS.EXE Absent
C:\WINDOWS\Prefetch\MDELK.EXE Absent
C:\WINDOWS\Prefetch\HLDRRR.EXE Absent
C:\WINDOWS\Prefetch\FLEC006.EXE Absent


+- Recherche dans : C:\WINDOWS\system32 :


C:\WINDOWS\system32\hldrrr.exe Absent
C:\WINDOWS\system32\mdelk.exe Absent
C:\WINDOWS\system32\wintems.exe Absent
C:\WINDOWS\system32\ban_list.txt Absent


+- Recherche dans : C:\WINDOWS\system32\drivers :


C:\WINDOWS\system32\drivers\mdelk.exe Absent
C:\WINDOWS\system32\drivers\srosa.sys Absent
C:\WINDOWS\system32\drivers\hldrrr.exe Absent
C:\WINDOWS\system32\drivers\downld Absent


+- Recherche dans : C:\Documents and Settings\Administrateur\Application Data :




+- Registre :


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
WinPatrol REG_SZ C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
TPKMAPHELPER REG_SZ C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
TPHOTKEY REG_SZ C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PWRMGRTR REG_SZ rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
GrooveMonitor REG_SZ "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
TVT Scheduler Proxy REG_SZ C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
LXDDCATS REG_SZ rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
egui REG_SZ "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
pdfSaver3 REG_SZ "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
SuperCopier2.exe REG_SZ C:\Program Files\SuperCopier2\SuperCopier2.exe
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

+- Recherche terminee !



+- Execute le : 23/08/2008 a 11:38:56,32


Je ne comprends plus tout:j'ai rien en mode sans échec mais le virus apparait uniquement en mode normal.
Sais tu ce que je dois faire?

Merci encore
0
Réponse 74 / 211
vincolo Messages postés 108 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 20 décembre 2008
23 août 2008 à 11:52
Et voici les deux mêmes analyses réalisées en mode normal:

malware:
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1062
Windows 5.1.2600 Service Pack 2

11:50:10 23/08/2008
mbam-log-08-23-2008 (11-49-46).txt

Type de recherche: Examen rapide
Eléments examinés: 47143
Temps écoulé: 3 minute(s), 6 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> No action taken.

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)


Findb:

+- FindB mis a jours le 21/08/08 par Chiquitine29



+- Recherche de fichier bagle :




+- Recherche dans : C:\WINDOWS\Prefetch :


C:\WINDOWS\Prefetch\WINTEMS.EXE Absent
C:\WINDOWS\Prefetch\MDELK.EXE Absent
C:\WINDOWS\Prefetch\HLDRRR.EXE Absent
C:\WINDOWS\Prefetch\FLEC006.EXE Absent


+- Recherche dans : C:\WINDOWS\system32 :


C:\WINDOWS\system32\hldrrr.exe Absent
C:\WINDOWS\system32\mdelk.exe Absent
C:\WINDOWS\system32\wintems.exe Absent
C:\WINDOWS\system32\ban_list.txt Absent


+- Recherche dans : C:\WINDOWS\system32\drivers :


C:\WINDOWS\system32\drivers\mdelk.exe Absent
C:\WINDOWS\system32\drivers\srosa.sys Absent
C:\WINDOWS\system32\drivers\hldrrr.exe Absent
C:\WINDOWS\system32\drivers\downld Présent!!


+- Recherche dans : C:\Documents and Settings\Administrateur\Application Data :




+- Registre :


! REG.EXE VERSION 3.0

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
WinPatrol REG_SZ C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
TPKMAPHELPER REG_SZ C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
TPHOTKEY REG_SZ C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PWRMGRTR REG_SZ rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
GrooveMonitor REG_SZ "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
TVT Scheduler Proxy REG_SZ C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
LXDDCATS REG_SZ rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
egui REG_SZ "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents

! REG.EXE VERSION 3.0

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
pdfSaver3 REG_SZ "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
SuperCopier2.exe REG_SZ C:\Program Files\SuperCopier2\SuperCopier2.exe
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe

+- Recherche terminee !



+- Execute le : 23/08/2008 a 11:50:20,39


Voili
je ne sais pas trop comment interpréter cela
Y aurait-il un logiciel en mode normal qui exécuterait ce virus downld??????

Merci encore de ton aide
0
Réponse 75 / 211
Utilisateur anonyme
23 août 2008 à 11:53
Nn c'est ok ton pc est clean,MBAM ne detecte rien et plus aucune presence de bagle au vu du rapport de FindB.

Voila si tu penses que ton pc est en bon eta de marche,met resolu stp!

As-tu des questions?


PS:c'est combofix qui le detecte mais ne tkt pas,un virus ne peut pas ne pas etre repere en mode sans echec!
0
Réponse 76 / 211
Utilisateur anonyme
23 août 2008 à 11:55
Ah je navais pas vu le 2eme post!

je cherche ca la je vais miammiam ^^ a+ tard
0
Réponse 77 / 211
vincolo Messages postés 108 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 20 décembre 2008
23 août 2008 à 11:56
ce ki m'inkiete c'est le dernier message que je viens de t'envoyer:

mode sans échec : malware et finddb ne détectent rien

alors que là je viens de redémarrer en mode normal et malware et finddb me le détecte

Tu ne trouves pas ca bizarre.

Pour toi tout est résolu????Pourquoi alors doxnld apparaît en mode normal avec ces deux logiciels???
Excuse si je peux paraitre lours mais j'aimerais comprendre avant d'indiquer résolu

Merci
0
Réponse 78 / 211
vincolo Messages postés 108 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 20 décembre 2008
23 août 2008 à 11:57
Bon appétit
a + tard
0
Réponse 79 / 211
Utilisateur anonyme
23 août 2008 à 12:51
Je te comprends pour la resolution du probleme j'ai posté juste avant que toi tu poste ce qui fait que je n'ai pas vu ton message!

-Telecharge ceci--> https://www.simplysup3.com/404.html
-Suis ce tutos et poste moi le rapport-->http://www.malekal.com/tutorial_TrojanRemover.php
0
Réponse 80 / 211
vincolo Messages postés 108 Date d'inscription vendredi 22 août 2008 Statut Membre Dernière intervention 20 décembre 2008
23 août 2008 à 14:58
salut
je viens de lancer et il détecte rien mais je pense que ca peut venir de nod32
j'ai cliqué bouton droit sur nod ds la barre des taches et cliquer sur désactiver la protection antivirus et antispyware et pourtant quand je lance l'analyse avec trojanremover en mode normal il ne détecte rien mais me dit que Nod est encore actif

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 14:53:09 23 août 2008
Using Database v7109
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: D:\Mes Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
ESET NOD32 Antivirus

************************************************************


************************************************************
14:53:09: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
14:53:09: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
14:53:09: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
14:53:09: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 29/05/2003
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinPatrol
Value Data: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
271936 bytes
Created: 19/04/2007
Modified: 19/04/2007
Company: BillP Studios
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
856064 bytes
Created: 17/11/2006
Modified: 02/06/2006
Company: Lenovo
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created: 25/07/2006
Modified: 02/10/2006
Company:
--------------------
Value Name: PWRMGRTR
Value Data: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
151552 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company: Lenovo Group Limited
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
131072 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
163840 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
135168 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: TVT Scheduler Proxy
Value Data: C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
487424 bytes
Created: 04/03/2008
Modified: 04/03/2008
Company: Lenovo Group Limited
--------------------
Value Name: LXDDCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll
102400 bytes
Created: 19/01/2008
Modified: 23/01/2007
Company: Lexmark International, Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1447168 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 23/08/2008
Modified: 19/08/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: pdfSaver3
Value Data: "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
380928 bytes
Created: 05/09/2004
Modified: 05/09/2004
Company: Tracker Software Products Ltd.
--------------------
Value Name: SuperCopier2.exe
Value Data: C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
716808 bytes
Created: 07/07/2006
Modified: 25/06/2006
Company:
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created: 01/04/2008
Modified: 01/04/2008
Company: DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
14:53:11: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------

************************************************************
14:53:11: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
14:53:11: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
14:53:11: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
14:53:11: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 17/11/2006
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
14:53:12: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AcPrfMgrSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
53248 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company:
----------
Key: ACS
ImagePath: C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\acs.exe
36864 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company:
----------
Key: AcSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
172032 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company: Lenovo
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
133200 bytes
Created: 17/11/2006
Modified: 17/05/2004
Company: Andrea Electronics Corporation
----------
Key: AegisP
ImagePath: System32\DRIVERS\AegisP.sys
C:\WINDOWS\System32\DRIVERS\AegisP.sys
21275 bytes
Created: 17/11/2006
Modified: 17/11/2006
Company: Meetinghouse Data Communications
----------
Key: ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company: IBM Corp.
----------
Key: AR5211
ImagePath: System32\DRIVERS\ar5211.sys
C:\WINDOWS\System32\DRIVERS\ar5211.sys
471616 bytes
Created: 17/11/2006
Modified: 18/04/2006
Company: Atheros Communications, Inc.
----------
Key: b57w2k
ImagePath: System32\DRIVERS\b57xp32.sys
C:\WINDOWS\System32\DRIVERS\b57xp32.sys
152064 bytes
Created: 09/03/2006
Modified: 09/03/2006
Company: Broadcom Corporation
----------
Key: CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96370 bytes
Created: 31/01/2007
Modified: 31/01/2007
Company: Canon Inc.
----------
Key: Diskeeper
ImagePath: "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
C:\Program Files\Executive Software\Diskeeper\DkService.exe
606316 bytes
Created: 26/07/2005
Modified: 26/07/2005
Company: Executive Software International, Inc.
----------
Key: driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15352 bytes
Created: 02/12/2007
Modified: 02/12/2007
Company: Ma-Config.com
----------
Key: eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
39944 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
53256 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: EGATHDRV
ImagePath: \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
5120 bytes
Created: 19/03/2007
Modified: 25/02/2004
Company: IBM Corporation
----------
Key: EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
468224 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
34312 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company:
----------
Key: FolderSize
ImagePath: "C:\Program Files\FolderSize\FolderSizeSvc.exe"
C:\Program Files\FolderSize\FolderSizeSvc.exe
131072 bytes
Created: 14/11/2007
Modified: 14/11/2007
Company: Brio
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 19/01/2008
Modified: 04/01/2007
Company: Google
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
242304 bytes
Created: 17/11/2006
Modified: 18/10/2005
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5672032 bytes
Created: 03/02/2008
Modified: 13/01/2007
Company: Intel Corporation
----------
Key: IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
21424 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo.
----------
Key: IBMPMSVC
ImagePath: %SystemRoot%\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ibmpmsvc.exe
36400 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo
----------
Key: IBMTPCHK
ImagePath: \??\C:\WINDOWS\System32\Drivers\IBMBLDID.sys
C:\WINDOWS\System32\Drivers\IBMBLDID.sys
6016 bytes
Created: 17/11/2006
Modified: 13/01/2006
Company:
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created: 14/11/2005
Modified: 14/11/2005
Company: Macrovision Corporation
----------
Key: IKFileFlt
ImagePath: system32\drivers\ikfileflt.sys
C:\WINDOWS\system32\drivers\ikfileflt.sys
39248 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
52304 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IkSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
59984 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: lxdd_device
ImagePath: C:\WINDOWS\system32\lxddcoms.exe -service
C:\WINDOWS\system32\lxddcoms.exe
537520 bytes
Created: 19/01/2008
Modified: 13/02/2007
Company:
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
382248 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Nero AG
----------
Key: NSCIRDA
ImagePath: System32\DRIVERS\nscirda.sys
C:\WINDOWS\System32\DRIVERS\nscirda.sys
28672 bytes
Created: 17/11/2006
Modified: 04/08/2004
Company: National Semiconductor Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created: 19/01/2008
Modified: 19/01/2008
Company: Padus, Inc.
----------
Key: psadd
ImagePath: system32\DRIVERS\psadd.sys
C:\WINDOWS\system32\DRIVERS\psadd.sys
21376 bytes
Created: 18/01/2008
Modified: 19/02/2007
Company: Lenovo (United States) Inc.
----------
Key: Shockprf
ImagePath: System32\DRIVERS\Apsx86.sys
C:\WINDOWS\System32\DRIVERS\Apsx86.sys
100144 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created: 17/11/2006
Modified: 02/10/2006
Company: Microsoft Corporation
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
260224 bytes
Created: 17/11/2006
Modified: 10/02/2005
Company: Analog Devices, Inc.
----------
Key: SolidWorks Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe"
C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
79360 bytes
Created: 07/03/2008
Modified: 07/03/2008
Company: SolidWorks
----------
Key: SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created: 17/11/2006
Modified: 20/09/2002
Company: Analog Devices, Inc.
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: SUService
ImagePath: c:\program files\lenovo\system update\suservice.exe
c:\program files\lenovo\system update\suservice.exe
32768 bytes
Created: 16/05/2008
Modified: 16/05/2008
Company: Lenovo Group Limited
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{80DC98F3-6751-434B-A813-D18D5EFD7A18}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
177664 bytes
Created: 17/11/2006
Modified: 14/02/2006
Company: Synaptics, Inc.
----------
Key: TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9343 bytes
Created: 17/11/2006
Modified: 02/10/2006
Company:
----------
Key: ThinkVantage Registry Monitor Service
ImagePath: "C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe"
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
644408 bytes
Created: 26/09/2007
Modified: 26/09/2007
Company: Lenovo Group Limited
----------
Key: TPDIGIMN
ImagePath: System32\DRIVERS\ApsHM86.sys
C:\WINDOWS\System32\DRIVERS\ApsHM86.sys
19760 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: TPHDEXLGSVC
ImagePath: System32\TPHDEXLG.exe
C:\WINDOWS\System32\TPHDEXLG.exe
37168 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: TPInput
ImagePath: System32\DRIVERS\TPInput.sys
C:\WINDOWS\System32\DRIVERS\TPInput.sys
6528 bytes
Created: 17/11/2006
Modified: 26/09/2006
Company: Lenovo, Ltd. and IBM Corporation.
----------
Key: TpKmpSVC
ImagePath: C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpKmpSVC.exe
32768 bytes
Created: 17/11/2006
Modified: 06/06/2005
Company:
----------
Key: TPM
ImagePath: System32\DRIVERS\tpm.sys
C:\WINDOWS\System32\DRIVERS\tpm.sys
17792 bytes
Created: 09/10/2005
Modified: 09/10/2005
Company: Winbond Electronics Corp.
----------
Key: TPPWRIF
ImagePath: System32\drivers\Tppwrif.sys
C:\WINDOWS\System32\drivers\Tppwrif.sys
4442 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company:
----------
Key: TSMAPIP
ImagePath: System32\drivers\TSMAPIP.SYS
C:\WINDOWS\System32\drivers\TSMAPIP.SYS
7168 bytes
Created: 17/11/2006
Modified: 10/01/2007
Company:
----------
Key: TVT Scheduler
ImagePath: "C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe"
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
1122304 bytes
Created: 04/03/2008
Modified: 04/03/2008
Company: Lenovo Group Limited
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: WinDefend
ImagePath: "C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Program Files\Windows Defender\MsMpEng.exe
13592 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------

************************************************************
14:53:18: Scanning -----VXD ENTRIES-----

************************************************************
14:53:18: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxdev.dll
C:\WINDOWS\system32\igfxdev.dll
204800 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
----------
Key : tpfnf2
DLLName: notifyf2.dll
C:\WINDOWS\system32\notifyf2.dll
28672 bytes
Created: 06/07/2005
Modified: 06/07/2005
Company:
----------
Key : tphotkey
DLLName: tphklock.dll
C:\WINDOWS\system32\tphklock.dll
24576 bytes
Created: 30/11/2005
Modified: 30/11/2005
Company:
----------

************************************************************
14:53:18: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Cover Designer
CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
Path: C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
2106664 bytes
Created: 24/09/2007
Modified: 24/09/2007
Company: Nero AG
----------
Key: Eset Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path: C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
169216 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: ShellExtension
CLSID: [empty]
----------

************************************************************
14:53:18: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {04DAAD08-70EF-450E-834A-DCFAF9B48748}
File: C:\Program Files\FolderSize\FolderSizeColumn.dll
C:\Program Files\FolderSize\FolderSizeColumn.dll
102400 bytes
Created: 14/11/2007
Modified: 14/11/2007
Company: Brio
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: [CLSID does not appear to reference a file]

************************************************************
14:53:18: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {07A11D74-9D25-4fea-A833-8B0D76A5577A}
BHO: C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
-R- 70928 bytes
Created: 24/07/2007
Modified: 24/07/2007
Company: Mindjet
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
1562448 bytes
Created: 22/08/2008
Modified: 07/07/2008
Company: Safer Networking Limited
----------
Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
BHO: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - file already scanned
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {AC41D38F-B56D-40AD-94E0-B493D130C959}
BHO: C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
-R- 65536 bytes
Created: 14/12/2006
Modified: 14/12/2006
Company: Mindjet
----------

************************************************************
14:53:19: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------

************************************************************
14:53:19: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
14:53:19: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
14:53:19: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

************************************************************
14:53:19: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [file not found to scan]
----------

************************************************************
14:53:19: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 17/11/2006
Modified: 17/11/2006
Company:
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
14:53:19: Scanning ----- SCHEDULED TASKS -----
Taskname: MP Scheduled Scan.job
File: C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
293144 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
Parameters: Scan -RestrictPrivileges
Next Run Time: 24/08/2008 01:54:00
Status: La tâche n'a pas encore été exécutée
Creator: SYSTEM
Comments: Scheduled Scan
----------
Taskname: PMTask.job
File: C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
20480 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company:
Parameters: [blank]
Next Run Time: Never
Status: La tâche n'a pas encore été exécutée
Creator: Administrateur
Comments: [blank]
----------

************************************************************
14:53:19: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
14:53:19: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
11614518 bytes
Created: 17/11/2006
Modified: 21/02/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
11614518 bytes
Created: 17/11/2006
Modified: 21/02/2008
Company:
----------
Additional checks completed

************************************************************
14:53:20: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\ibmpmsvc.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\Program Files\Windows Defender\MsMpEng.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
--------------------
C:\Program Files\Executive Software\Diskeeper\DkService.exe
--------------------
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
--------------------
C:\Program Files\FolderSize\FolderSizeSvc.exe
--------------------
C:\WINDOWS\system32\lxddcoms.exe
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
--------------------
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
--------------------
C:\WINDOWS\System32\TPHDEXLG.exe
--------------------
C:\WINDOWS\system32\TpKmpSVC.exe
--------------------
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
--------------------
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
--------------------
c:\program files\lenovo\system update\suservice.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\Program Files\Canon\CAL\CALMAIN.exe
--------------------
C:\WINDOWS\System32\wbem\wmiapsrv.exe
--------------------
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
--------------------
C:\WINDOWS\system32\rundll32.exe
--------------------
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
--------------------
C:\WINDOWS\system32\hkcmd.exe
--------------------
C:\WINDOWS\system32\igfxpers.exe
--------------------
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
--------------------
C:\Program Files\Lenovo\PkgMgr\HOTKEY\TPONSCR.exe
--------------------
C:\Program Files\Lenovo\PkgMgr\HOTKEY_1\TpScrex.exe
--------------------
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
--------------------
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
--------------------
C:\Program Files\DAEMON Tools Lite\daemon.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe
--------------------
C:\Program Files\3M\PSNotes2\Psn2.exe
--------------------
C:\WINDOWS\System32\acs.exe
--------------------
C:\PROGRA~1\3M\PSNotes2\PSNGive.exe
--------------------
C:\Program Files\ThinkPad\ConnectUtilities\SvcGuiHlpr.exe
--------------------
C:\WINDOWS\system32\wscntfy.exe
--------------------
C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\jwb36.exe
FileSize: 2548288
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
14:53:22: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
14:53:22: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
14:53:22: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.centre-valdeloire.fr
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 14:53:22 23 août 2008
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 14:52:11 23 août 2008
Using Database v7109
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: D:\Mes Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
ESET NOD32 Antivirus

************************************************************


************************************************************
14:52:11: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
14:52:11: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
14:52:11: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
14:52:11: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 29/05/2003
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinPatrol
Value Data: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
271936 bytes
Created: 19/04/2007
Modified: 19/04/2007
Company: BillP Studios
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
856064 bytes
Created: 17/11/2006
Modified: 02/06/2006
Company: Lenovo
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created: 25/07/2006
Modified: 02/10/2006
Company:
--------------------
Value Name: PWRMGRTR
Value Data: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
151552 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company: Lenovo Group Limited
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
131072 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
163840 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
135168 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: TVT Scheduler Proxy
Value Data: C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
487424 bytes
Created: 04/03/2008
Modified: 04/03/2008
Company: Lenovo Group Limited
--------------------
Value Name: LXDDCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll
102400 bytes
Created: 19/01/2008
Modified: 23/01/2007
Company: Lexmark International, Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1447168 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 23/08/2008
Modified: 19/08/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: pdfSaver3
Value Data: "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
380928 bytes
Created: 05/09/2004
Modified: 05/09/2004
Company: Tracker Software Products Ltd.
--------------------
Value Name: SuperCopier2.exe
Value Data: C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
716808 bytes
Created: 07/07/2006
Modified: 25/06/2006
Company:
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created: 01/04/2008
Modified: 01/04/2008
Company: DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
14:52:12: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------

************************************************************
14:52:12: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
14:52:13: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
14:52:13: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----

************************************************************
14:52:13: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 17/11/2006
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------

************************************************************
14:52:13: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AcPrfMgrSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
53248 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company:
----------
Key: ACS
ImagePath: C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\acs.exe
36864 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company:
----------
Key: AcSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
172032 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company: Lenovo
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
133200 bytes
Created: 17/11/2006
Modified: 17/05/2004
Company: Andrea Electronics Corporation
----------
Key: AegisP
ImagePath: System32\DRIVERS\AegisP.sys
C:\WINDOWS\System32\DRIVERS\AegisP.sys
21275 bytes
Created: 17/11/2006
Modified: 17/11/2006
Company: Meetinghouse Data Communications
----------
Key: ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company: IBM Corp.
----------
Key: AR5211
ImagePath: System32\DRIVERS\ar5211.sys
C:\WINDOWS\System32\DRIVERS\ar5211.sys
471616 bytes
Created: 17/11/2006
Modified: 18/04/2006
Company: Atheros Communications, Inc.
----------
Key: b57w2k
ImagePath: System32\DRIVERS\b57xp32.sys
C:\WINDOWS\System32\DRIVERS\b57xp32.sys
152064 bytes
Created: 09/03/2006
Modified: 09/03/2006
Company: Broadcom Corporation
----------
Key: CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96370 bytes
Created: 31/01/2007
Modified: 31/01/2007
Company: Canon Inc.
----------
Key: Diskeeper
ImagePath: "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
C:\Program Files\Executive Software\Diskeeper\DkService.exe
606316 bytes
Created: 26/07/2005
Modified: 26/07/2005
Company: Executive Software International, Inc.
----------
Key: driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15352 bytes
Created: 02/12/2007
Modified: 02/12/2007
Company: Ma-Config.com
----------
Key: eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
39944 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
53256 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: EGATHDRV
ImagePath: \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
5120 bytes
Created: 19/03/2007
Modified: 25/02/2004
Company: IBM Corporation
----------
Key: EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
468224 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
34312 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company:
----------
Key: FolderSize
ImagePath: "C:\Program Files\FolderSize\FolderSizeSvc.exe"
C:\Program Files\FolderSize\FolderSizeSvc.exe
131072 bytes
Created: 14/11/2007
Modified: 14/11/2007
Company: Brio
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 19/01/2008
Modified: 04/01/2007
Company: Google
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
242304 bytes
Created: 17/11/2006
Modified: 18/10/2005
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5672032 bytes
Created: 03/02/2008
Modified: 13/01/2007
Company: Intel Corporation
----------
Key: IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
21424 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo.
----------
Key: IBMPMSVC
ImagePath: %SystemRoot%\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ibmpmsvc.exe
36400 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo
----------
Key: IBMTPCHK
ImagePath: \??\C:\WINDOWS\System32\Drivers\IBMBLDID.sys
C:\WINDOWS\System32\Drivers\IBMBLDID.sys
6016 bytes
Created: 17/11/2006
Modified: 13/01/2006
Company:
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created: 14/11/2005
Modified: 14/11/2005
Company: Macrovision Corporation
----------
Key: IKFileFlt
ImagePath: system32\drivers\ikfileflt.sys
C:\WINDOWS\system32\drivers\ikfileflt.sys
39248 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
52304 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IkSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
59984 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: lxdd_device
ImagePath: C:\WINDOWS\system32\lxddcoms.exe -service
C:\WINDOWS\system32\lxddcoms.exe
537520 bytes
Created: 19/01/2008
Modified: 13/02/2007
Company:
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
382248 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Nero AG
----------
Key: NSCIRDA
ImagePath: System32\DRIVERS\nscirda.sys
C:\WINDOWS\System32\DRIVERS\nscirda.sys
28672 bytes
Created: 17/11/2006
Modified: 04/08/2004
Company: National Semiconductor Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created: 19/01/2008
Modified: 1
0

Discussions similaires

Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Virus MSN Tinyurl
djkifkif -
matt56430 -

8 réponses