Pb virus srosa.sys et autres
Résolu
vincolo
Messages postés
108
Date d'inscription
Statut
Membre
Dernière intervention
-
afideg -
afideg -
Bonjour,
je suis assez novice en terme de suppression de virus...
Je vous explique mon problème.
A ce que j'ai lu dans les différents forums, j'aurais téléchargé un fichier emule infecté hier sur mon pc portable.
Depuis,avast ne se lance plus,mon pc est très lent et je ne peux plus me connecter à internet(Windows ne peut pas configurer cette connexion sans fil)
J'ai testé différents logiciels comme
elibagle : il m'a trouvé et supprimé deux bagle
Anti spyware....
Depuis j'arrive à lancer Avast et ccleaner même si avast ne se lance pas automatiquement à l'ouverture de mon pc.Mon pc est un peu plus rapide mais je ne peux toujours pas me connecter à internet.
J'ai donc installé et exécuté combofix qui me détecte divers problèmes mais je ne comprends pas tout.
J'ai lu qu'il ne fallait pas poster dès le premier post un rapport donc je ne le fais pas.
Quelqu'un pourrait-il m'aider s'il vous plait?
Je vous en serais très reconnaissant.
Merci d'avance
Cordialement
Vince
je suis assez novice en terme de suppression de virus...
Je vous explique mon problème.
A ce que j'ai lu dans les différents forums, j'aurais téléchargé un fichier emule infecté hier sur mon pc portable.
Depuis,avast ne se lance plus,mon pc est très lent et je ne peux plus me connecter à internet(Windows ne peut pas configurer cette connexion sans fil)
J'ai testé différents logiciels comme
elibagle : il m'a trouvé et supprimé deux bagle
Anti spyware....
Depuis j'arrive à lancer Avast et ccleaner même si avast ne se lance pas automatiquement à l'ouverture de mon pc.Mon pc est un peu plus rapide mais je ne peux toujours pas me connecter à internet.
J'ai donc installé et exécuté combofix qui me détecte divers problèmes mais je ne comprends pas tout.
J'ai lu qu'il ne fallait pas poster dès le premier post un rapport donc je ne le fais pas.
Quelqu'un pourrait-il m'aider s'il vous plait?
Je vous en serais très reconnaissant.
Merci d'avance
Cordialement
Vince
A voir également:
- Pb virus srosa.sys et autres
- Virus mcafee - Accueil - Piratage
- Virus facebook demande d'amis - Accueil - Facebook
- Undisclosed-recipients virus - Guide
- Panda anti virus gratuit - Télécharger - Antivirus & Antimalwares
- Altruistic virus ✓ - Forum Antivirus
211 réponses
J'ai cherché un peu et on va essyaer autre chose pour virer ce downld
-Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
-Double-clique sur OTMoveIt.exe pour le lancer.
-Copie ce qui se trouve ci-dessous:
C:\WINDOWS\system32\drivers\downld
-Colle cette ligne dans le cadre de gauche de OTMoveIt2 : Paste standard List of Files/Folders to be moved.
-Clique sur MoveIt! pour lancer la suppression.
-Le résultat apparaîtra dans le cadre Results.
-Clique sur Exit pour fermer.
-Poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.
il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.
-Télécharge OTMoveIt (de Old_Timer) sur ton Bureau.
http://download.bleepingcomputer.com/oldtimer/OTMoveIt2.exe
-Double-clique sur OTMoveIt.exe pour le lancer.
-Copie ce qui se trouve ci-dessous:
C:\WINDOWS\system32\drivers\downld
-Colle cette ligne dans le cadre de gauche de OTMoveIt2 : Paste standard List of Files/Folders to be moved.
-Clique sur MoveIt! pour lancer la suppression.
-Le résultat apparaîtra dans le cadre Results.
-Clique sur Exit pour fermer.
-Poste le rapport situé dans C:\\\_OTMoveIt\MovedFiles.
il te sera peut-être demandé de redémarrer le pc pour achever la suppression.
si c'est le cas accepte par Yes.
trojan remover en mode sans échec:
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 15:55:46 23 août 2008
Using Database v7109
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: D:\Mes Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
PC appears to be in SAFE MODE.
************************************************************
************************************************************
15:55:46: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
15:55:46: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
15:55:46: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
15:55:47: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 29/05/2003
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinPatrol
Value Data: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
271936 bytes
Created: 19/04/2007
Modified: 19/04/2007
Company: BillP Studios
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
856064 bytes
Created: 17/11/2006
Modified: 02/06/2006
Company: Lenovo
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created: 25/07/2006
Modified: 02/10/2006
Company:
--------------------
Value Name: PWRMGRTR
Value Data: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
151552 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company: Lenovo Group Limited
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
131072 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
163840 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
135168 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: TVT Scheduler Proxy
Value Data: C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
487424 bytes
Created: 04/03/2008
Modified: 04/03/2008
Company: Lenovo Group Limited
--------------------
Value Name: LXDDCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll
102400 bytes
Created: 19/01/2008
Modified: 23/01/2007
Company: Lexmark International, Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1447168 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 23/08/2008
Modified: 19/08/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: pdfSaver3
Value Data: "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
380928 bytes
Created: 05/09/2004
Modified: 05/09/2004
Company: Tracker Software Products Ltd.
--------------------
Value Name: SuperCopier2.exe
Value Data: C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
716808 bytes
Created: 07/07/2006
Modified: 25/06/2006
Company:
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created: 01/04/2008
Modified: 01/04/2008
Company: DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
15:55:53: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
************************************************************
15:55:53: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
15:55:54: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
15:55:54: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
15:55:54: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 17/11/2006
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
15:55:57: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AcPrfMgrSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
53248 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company:
----------
Key: ACS
ImagePath: C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\acs.exe
36864 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company:
----------
Key: AcSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
172032 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company: Lenovo
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
133200 bytes
Created: 17/11/2006
Modified: 17/05/2004
Company: Andrea Electronics Corporation
----------
Key: AegisP
ImagePath: System32\DRIVERS\AegisP.sys
C:\WINDOWS\System32\DRIVERS\AegisP.sys
21275 bytes
Created: 17/11/2006
Modified: 17/11/2006
Company: Meetinghouse Data Communications
----------
Key: ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company: IBM Corp.
----------
Key: AR5211
ImagePath: System32\DRIVERS\ar5211.sys
C:\WINDOWS\System32\DRIVERS\ar5211.sys
471616 bytes
Created: 17/11/2006
Modified: 18/04/2006
Company: Atheros Communications, Inc.
----------
Key: b57w2k
ImagePath: System32\DRIVERS\b57xp32.sys
C:\WINDOWS\System32\DRIVERS\b57xp32.sys
152064 bytes
Created: 09/03/2006
Modified: 09/03/2006
Company: Broadcom Corporation
----------
Key: CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96370 bytes
Created: 31/01/2007
Modified: 31/01/2007
Company: Canon Inc.
----------
Key: Diskeeper
ImagePath: "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
C:\Program Files\Executive Software\Diskeeper\DkService.exe
606316 bytes
Created: 26/07/2005
Modified: 26/07/2005
Company: Executive Software International, Inc.
----------
Key: driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15352 bytes
Created: 02/12/2007
Modified: 02/12/2007
Company: Ma-Config.com
----------
Key: eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
39944 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
53256 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: EGATHDRV
ImagePath: \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
5120 bytes
Created: 19/03/2007
Modified: 25/02/2004
Company: IBM Corporation
----------
Key: EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
468224 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
34312 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company:
----------
Key: FolderSize
ImagePath: "C:\Program Files\FolderSize\FolderSizeSvc.exe"
C:\Program Files\FolderSize\FolderSizeSvc.exe
131072 bytes
Created: 14/11/2007
Modified: 14/11/2007
Company: Brio
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 19/01/2008
Modified: 04/01/2007
Company: Google
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
242304 bytes
Created: 17/11/2006
Modified: 18/10/2005
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5672032 bytes
Created: 03/02/2008
Modified: 13/01/2007
Company: Intel Corporation
----------
Key: IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
21424 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo.
----------
Key: IBMPMSVC
ImagePath: %SystemRoot%\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ibmpmsvc.exe
36400 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo
----------
Key: IBMTPCHK
ImagePath: \??\C:\WINDOWS\System32\Drivers\IBMBLDID.sys
C:\WINDOWS\System32\Drivers\IBMBLDID.sys
6016 bytes
Created: 17/11/2006
Modified: 13/01/2006
Company:
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created: 14/11/2005
Modified: 14/11/2005
Company: Macrovision Corporation
----------
Key: IKFileFlt
ImagePath: system32\drivers\ikfileflt.sys
C:\WINDOWS\system32\drivers\ikfileflt.sys
39248 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
52304 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IkSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
59984 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: lxdd_device
ImagePath: C:\WINDOWS\system32\lxddcoms.exe -service
C:\WINDOWS\system32\lxddcoms.exe
537520 bytes
Created: 19/01/2008
Modified: 13/02/2007
Company:
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
382248 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Nero AG
----------
Key: NSCIRDA
ImagePath: System32\DRIVERS\nscirda.sys
C:\WINDOWS\System32\DRIVERS\nscirda.sys
28672 bytes
Created: 17/11/2006
Modified: 04/08/2004
Company: National Semiconductor Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created: 19/01/2008
Modified: 19/01/2008
Company: Padus, Inc.
----------
Key: psadd
ImagePath: system32\DRIVERS\psadd.sys
C:\WINDOWS\system32\DRIVERS\psadd.sys
21376 bytes
Created: 18/01/2008
Modified: 19/02/2007
Company: Lenovo (United States) Inc.
----------
Key: Shockprf
ImagePath: System32\DRIVERS\Apsx86.sys
C:\WINDOWS\System32\DRIVERS\Apsx86.sys
100144 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created: 17/11/2006
Modified: 02/10/2006
Company: Microsoft Corporation
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
260224 bytes
Created: 17/11/2006
Modified: 10/02/2005
Company: Analog Devices, Inc.
----------
Key: SolidWorks Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe"
C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
79360 bytes
Created: 07/03/2008
Modified: 07/03/2008
Company: SolidWorks
----------
Key: SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created: 17/11/2006
Modified: 20/09/2002
Company: Analog Devices, Inc.
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: SUService
ImagePath: c:\program files\lenovo\system update\suservice.exe
c:\program files\lenovo\system update\suservice.exe
32768 bytes
Created: 16/05/2008
Modified: 16/05/2008
Company: Lenovo Group Limited
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{80DC98F3-6751-434B-A813-D18D5EFD7A18}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
177664 bytes
Created: 17/11/2006
Modified: 14/02/2006
Company: Synaptics, Inc.
----------
Key: TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9343 bytes
Created: 17/11/2006
Modified: 02/10/2006
Company:
----------
Key: ThinkVantage Registry Monitor Service
ImagePath: "C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe"
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
644408 bytes
Created: 26/09/2007
Modified: 26/09/2007
Company: Lenovo Group Limited
----------
Key: TPDIGIMN
ImagePath: System32\DRIVERS\ApsHM86.sys
C:\WINDOWS\System32\DRIVERS\ApsHM86.sys
19760 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: TPHDEXLGSVC
ImagePath: System32\TPHDEXLG.exe
C:\WINDOWS\System32\TPHDEXLG.exe
37168 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: TPInput
ImagePath: System32\DRIVERS\TPInput.sys
C:\WINDOWS\System32\DRIVERS\TPInput.sys
6528 bytes
Created: 17/11/2006
Modified: 26/09/2006
Company: Lenovo, Ltd. and IBM Corporation.
----------
Key: TpKmpSVC
ImagePath: C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpKmpSVC.exe
32768 bytes
Created: 17/11/2006
Modified: 06/06/2005
Company:
----------
Key: TPM
ImagePath: System32\DRIVERS\tpm.sys
C:\WINDOWS\System32\DRIVERS\tpm.sys
17792 bytes
Created: 09/10/2005
Modified: 09/10/2005
Company: Winbond Electronics Corp.
----------
Key: TPPWRIF
ImagePath: System32\drivers\Tppwrif.sys
C:\WINDOWS\System32\drivers\Tppwrif.sys
4442 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company:
----------
Key: TSMAPIP
ImagePath: System32\drivers\TSMAPIP.SYS
C:\WINDOWS\System32\drivers\TSMAPIP.SYS
7168 bytes
Created: 17/11/2006
Modified: 10/01/2007
Company:
----------
Key: TVT Scheduler
ImagePath: "C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe"
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
1122304 bytes
Created: 04/03/2008
Modified: 04/03/2008
Company: Lenovo Group Limited
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: WinDefend
ImagePath: "C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Program Files\Windows Defender\MsMpEng.exe
13592 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------
************************************************************
15:56:13: Scanning -----VXD ENTRIES-----
************************************************************
15:56:13: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxdev.dll
C:\WINDOWS\system32\igfxdev.dll
204800 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
----------
Key : tpfnf2
DLLName: notifyf2.dll
C:\WINDOWS\system32\notifyf2.dll
28672 bytes
Created: 06/07/2005
Modified: 06/07/2005
Company:
----------
Key : tphotkey
DLLName: tphklock.dll
C:\WINDOWS\system32\tphklock.dll
24576 bytes
Created: 30/11/2005
Modified: 30/11/2005
Company:
----------
************************************************************
15:56:13: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Cover Designer
CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
Path: C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
2106664 bytes
Created: 24/09/2007
Modified: 24/09/2007
Company: Nero AG
----------
Key: Eset Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path: C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
169216 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: ShellExtension
CLSID: [empty]
----------
************************************************************
15:56:14: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {04DAAD08-70EF-450E-834A-DCFAF9B48748}
File: C:\Program Files\FolderSize\FolderSizeColumn.dll
C:\Program Files\FolderSize\FolderSizeColumn.dll
102400 bytes
Created: 14/11/2007
Modified: 14/11/2007
Company: Brio
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: [CLSID does not appear to reference a file]
************************************************************
15:56:14: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {07A11D74-9D25-4fea-A833-8B0D76A5577A}
BHO: C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
-R- 70928 bytes
Created: 24/07/2007
Modified: 24/07/2007
Company: Mindjet
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
1562448 bytes
Created: 22/08/2008
Modified: 07/07/2008
Company: Safer Networking Limited
----------
Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
BHO: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - file already scanned
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {AC41D38F-B56D-40AD-94E0-B493D130C959}
BHO: C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
-R- 65536 bytes
Created: 14/12/2006
Modified: 14/12/2006
Company: Mindjet
----------
************************************************************
15:56:14: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------
************************************************************
15:56:15: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
15:56:15: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
15:56:15: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank
************************************************************
15:56:15: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [file not found to scan]
----------
************************************************************
15:56:15: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 17/11/2006
Modified: 17/11/2006
Company:
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
15:56:15: Scanning ----- SCHEDULED TASKS -----
Taskname: MP Scheduled Scan.job
File: C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
293144 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
Parameters: Scan -RestrictPrivileges
Next Run Time: 24/08/2008 01:54:00
Status: La tâche n'a pas encore été exécutée
Creator: SYSTEM
Comments: Scheduled Scan
----------
Taskname: PMTask.job
File: C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
20480 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company:
Parameters: [blank]
Next Run Time: Never
Status: La tâche n'a pas encore été exécutée
Creator: Administrateur
Comments: [blank]
----------
************************************************************
15:56:15: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
15:56:15: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
11614518 bytes
Created: 17/11/2006
Modified: 21/02/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
11614518 bytes
Created: 17/11/2006
Modified: 21/02/2008
Company:
----------
Additional checks completed
************************************************************
15:56:16: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\oek1.exe
FileSize: 2548288
[This is a Trojan Remover component]
--------------------
--------------------
************************************************************
15:56:18: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
15:56:18: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
15:56:18: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.centre-valdeloire.fr
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 15:56:18 23 août 2008
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 14:59:24 23 août 2008
Using Database v7109
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: D:\Mes Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
ESET NOD32 Antivirus
************************************************************
************************************************************
14:59:24: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
14:59:24: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
14:59:24: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
14:59:25: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 29/05/2003
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinPatrol
Value Data: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
271936 bytes
Created: 19/04/2007
Modified: 19/04/2007
Company: BillP Studios
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
856064 bytes
Created: 17/11/2006
Modified: 02/06/2006
Company: Lenovo
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created: 25/07/2006
Modified: 02/10/2006
Company:
--------------------
Value Name: PWRMGRTR
Value Data: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
151552 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company: Lenovo Group Limited
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
131072 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
163840 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
135168 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: TVT Scheduler Proxy
Value Data: C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
487424 bytes
Created: 04/03/2008
Modified: 04/03/2008
Company: Lenovo Group Limited
--------------------
Value Name: LXDDCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll
102400 bytes
Created: 19/01/2008
Modified: 23/01/2007
Company: Lexmark International, Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1447168 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 23/08/2008
Modified: 19/08/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: pdfSaver3
Value Data: "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
380928 bytes
Created: 05/09/2004
Modified: 05/09/2004
Company: Tracker Software Products Ltd.
--------------------
Value Name: SuperCopier2.exe
Value Data: C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
716808 bytes
Created: 07/07/2006
Modified: 25/06/2006
Company:
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created: 01/04/2008
Modified: 01/04/2008
Company: DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
14:59:26: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
************************************************************
14:59:26: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
14:59:27: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
14:59:27: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
14:59:27: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 17/11/2006
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
14:59:27: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AcPrfMgrSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
53248 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company:
----------
Key: ACS
ImagePath: C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\acs.exe
36864 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company:
----------
Key: AcSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
172032 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company: Lenovo
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
133200 bytes
Created: 17/11/2006
Modified: 17/05/2004
Company: Andrea Electronics Corporation
----------
Key: AegisP
ImagePath: System32\DRIVERS\AegisP.sys
C:\WINDOWS\System32\DRIVERS\AegisP.sys
21275 bytes
Created: 17/11/2006
Modified: 17/11/2006
Company: Meetinghouse Data Communications
----------
Key: ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company: IBM Corp.
----------
Key: AR5211
ImagePath: System32\DRIVERS\ar5211.sys
C:\WINDOWS\System32\DRIVERS\ar5211.sys
471616 bytes
Created: 17/11/2006
Modified: 18/04/2006
Company: Atheros Communications, Inc.
----------
Key: b57w2k
ImagePath: System32\DRIVERS\b57xp32.sys
C:\WINDOWS\System32\DRIVERS\b57xp32.sys
152064 bytes
Created: 09/03/2006
Modified: 09/03/2006
Company: Broadcom Corporation
----------
Key: CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96370 bytes
Created: 31/01/2007
Modified: 31/01/2007
Company: Canon Inc.
----------
Key: Diskeeper
ImagePath: "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
C:\Program Files\Executive Software\Diskeeper\DkService.exe
606316 bytes
Created: 26/07/2005
Modified: 26/07/2005
Company: Executive Software International, Inc.
----------
Key: driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15352 bytes
Created: 02/12/2007
Modified: 02/12/2007
Company: Ma-Config.com
----------
Key: eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
39944 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
53256 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: EGATHDRV
ImagePath: \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
5120 bytes
Created: 19/03/2007
Modified: 25/02/2004
Company: IBM Corporation
----------
Key: EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
468224 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
34312 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company:
----------
Key: FolderSize
ImagePath: "C:\Program Files\FolderSize\FolderSizeSvc.exe"
C:\Program Files\FolderSize\FolderSizeSvc.exe
131072 bytes
Created: 14/11/2007
Modified: 14/11/2007
Company: Brio
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 19/01/2008
Modified: 04/01/2007
Company: Google
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
242304 bytes
Created: 17/11/2006
Modified: 18/10/2005
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5672032 bytes
Created: 03/02/2008
Modified: 13/01/2007
Company: Intel Corporation
----------
Key: IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
21424 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo.
----------
Key: IBMPMSVC
ImagePath: %SystemRoot%\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ibmpmsvc.exe
36400 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo
----------
Key: IBMTPCHK
ImagePath: \??\C:\WINDOWS\System32\Drivers\IBMBLDID.sys
C:\WINDOWS\System32\Drivers\IBMBLDID.sys
6016 bytes
Created: 17/11/2006
Modified: 13/01/2006
Company:
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created: 14/11/2005
Modified: 14/11/2005
Company: Macrovision Corporation
----------
Key: IKFileFlt
ImagePath: system32\drivers\ikfileflt.sys
C:\WINDOWS\system32\drivers\ikfileflt.sys
39248 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
52304 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IkSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
59984 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: lxdd_device
ImagePath: C:\WINDOWS\system32\lxddcoms.exe -service
C:\WINDOWS\system32\lxddcoms.exe
537520 bytes
Created: 19/01/2008
Modified: 13/02/2007
Company:
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
382248 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Nero AG
----------
Key: NSCIRDA
ImagePath: System32\DRIVERS\nscirda.sys
C:\WINDOWS\System32\DRIVERS\nscirda.sys
28672 bytes
Created: 17/11/2006
Modified: 04/08/2004
Company: National Semiconductor Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created: 19/01/2008
Modified: 19/01/2008
Company: Padus, Inc.
----------
Key: psadd
ImagePath: system32\DRIVERS\psadd.sys
C:\WINDOWS\system32\DRIVERS\psadd.sys
21376 bytes
Created: 18/01/2008
Modified: 19/02/2007
Company: Lenovo (United States) Inc.
----------
Key: Shockprf
ImagePath: System32\DRIVERS\Apsx86.sys
C:\WINDOWS\System32\DRIVERS\Apsx86.sys
100144 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created: 17/11/2006
Modified: 02/10/2006
Company: Microsoft Corporation
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
260224 bytes
Created: 17/11/2006
Modified: 10/02/2005
Company: Analog Devices, Inc.
----------
Key: SolidWorks Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe"
C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
79360 bytes
Created: 07/03/2008
Modified: 07/03/2008
Company: SolidWorks
----------
Key: SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created: 17/11/2006
Modified: 20/09/2002
Company: Analog Devices, Inc.
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: SUService
ImagePath: c:\program files\lenovo\system update\suservice.exe
c:\program files\lenovo\system update\suservice.exe
32768 bytes
Created: 16/05/2008
Modified: 16/05/2008
Company: Lenovo Group Limited
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{80DC98F3-6751-434B-A813-D18D5EFD7A18}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
177664 bytes
Created: 17/11/2006
Modified: 14/02/2006
Company: Synaptics, Inc.
----------
Key: TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9343 bytes
Created: 17/11/2006
Modified: 02/10/2006
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 15:55:46 23 août 2008
Using Database v7109
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: D:\Mes Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
PC appears to be in SAFE MODE.
************************************************************
************************************************************
15:55:46: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
15:55:46: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
15:55:46: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
15:55:47: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 29/05/2003
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinPatrol
Value Data: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
271936 bytes
Created: 19/04/2007
Modified: 19/04/2007
Company: BillP Studios
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
856064 bytes
Created: 17/11/2006
Modified: 02/06/2006
Company: Lenovo
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created: 25/07/2006
Modified: 02/10/2006
Company:
--------------------
Value Name: PWRMGRTR
Value Data: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
151552 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company: Lenovo Group Limited
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
131072 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
163840 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
135168 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: TVT Scheduler Proxy
Value Data: C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
487424 bytes
Created: 04/03/2008
Modified: 04/03/2008
Company: Lenovo Group Limited
--------------------
Value Name: LXDDCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll
102400 bytes
Created: 19/01/2008
Modified: 23/01/2007
Company: Lexmark International, Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1447168 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 23/08/2008
Modified: 19/08/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: pdfSaver3
Value Data: "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
380928 bytes
Created: 05/09/2004
Modified: 05/09/2004
Company: Tracker Software Products Ltd.
--------------------
Value Name: SuperCopier2.exe
Value Data: C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
716808 bytes
Created: 07/07/2006
Modified: 25/06/2006
Company:
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created: 01/04/2008
Modified: 01/04/2008
Company: DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
15:55:53: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
************************************************************
15:55:53: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
15:55:54: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
15:55:54: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
15:55:54: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 17/11/2006
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
15:55:57: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AcPrfMgrSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
53248 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company:
----------
Key: ACS
ImagePath: C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\acs.exe
36864 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company:
----------
Key: AcSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
172032 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company: Lenovo
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
133200 bytes
Created: 17/11/2006
Modified: 17/05/2004
Company: Andrea Electronics Corporation
----------
Key: AegisP
ImagePath: System32\DRIVERS\AegisP.sys
C:\WINDOWS\System32\DRIVERS\AegisP.sys
21275 bytes
Created: 17/11/2006
Modified: 17/11/2006
Company: Meetinghouse Data Communications
----------
Key: ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company: IBM Corp.
----------
Key: AR5211
ImagePath: System32\DRIVERS\ar5211.sys
C:\WINDOWS\System32\DRIVERS\ar5211.sys
471616 bytes
Created: 17/11/2006
Modified: 18/04/2006
Company: Atheros Communications, Inc.
----------
Key: b57w2k
ImagePath: System32\DRIVERS\b57xp32.sys
C:\WINDOWS\System32\DRIVERS\b57xp32.sys
152064 bytes
Created: 09/03/2006
Modified: 09/03/2006
Company: Broadcom Corporation
----------
Key: CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96370 bytes
Created: 31/01/2007
Modified: 31/01/2007
Company: Canon Inc.
----------
Key: Diskeeper
ImagePath: "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
C:\Program Files\Executive Software\Diskeeper\DkService.exe
606316 bytes
Created: 26/07/2005
Modified: 26/07/2005
Company: Executive Software International, Inc.
----------
Key: driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15352 bytes
Created: 02/12/2007
Modified: 02/12/2007
Company: Ma-Config.com
----------
Key: eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
39944 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
53256 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: EGATHDRV
ImagePath: \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
5120 bytes
Created: 19/03/2007
Modified: 25/02/2004
Company: IBM Corporation
----------
Key: EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
468224 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
34312 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company:
----------
Key: FolderSize
ImagePath: "C:\Program Files\FolderSize\FolderSizeSvc.exe"
C:\Program Files\FolderSize\FolderSizeSvc.exe
131072 bytes
Created: 14/11/2007
Modified: 14/11/2007
Company: Brio
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 19/01/2008
Modified: 04/01/2007
Company: Google
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
242304 bytes
Created: 17/11/2006
Modified: 18/10/2005
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5672032 bytes
Created: 03/02/2008
Modified: 13/01/2007
Company: Intel Corporation
----------
Key: IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
21424 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo.
----------
Key: IBMPMSVC
ImagePath: %SystemRoot%\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ibmpmsvc.exe
36400 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo
----------
Key: IBMTPCHK
ImagePath: \??\C:\WINDOWS\System32\Drivers\IBMBLDID.sys
C:\WINDOWS\System32\Drivers\IBMBLDID.sys
6016 bytes
Created: 17/11/2006
Modified: 13/01/2006
Company:
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created: 14/11/2005
Modified: 14/11/2005
Company: Macrovision Corporation
----------
Key: IKFileFlt
ImagePath: system32\drivers\ikfileflt.sys
C:\WINDOWS\system32\drivers\ikfileflt.sys
39248 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
52304 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IkSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
59984 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: lxdd_device
ImagePath: C:\WINDOWS\system32\lxddcoms.exe -service
C:\WINDOWS\system32\lxddcoms.exe
537520 bytes
Created: 19/01/2008
Modified: 13/02/2007
Company:
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
382248 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Nero AG
----------
Key: NSCIRDA
ImagePath: System32\DRIVERS\nscirda.sys
C:\WINDOWS\System32\DRIVERS\nscirda.sys
28672 bytes
Created: 17/11/2006
Modified: 04/08/2004
Company: National Semiconductor Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created: 19/01/2008
Modified: 19/01/2008
Company: Padus, Inc.
----------
Key: psadd
ImagePath: system32\DRIVERS\psadd.sys
C:\WINDOWS\system32\DRIVERS\psadd.sys
21376 bytes
Created: 18/01/2008
Modified: 19/02/2007
Company: Lenovo (United States) Inc.
----------
Key: Shockprf
ImagePath: System32\DRIVERS\Apsx86.sys
C:\WINDOWS\System32\DRIVERS\Apsx86.sys
100144 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created: 17/11/2006
Modified: 02/10/2006
Company: Microsoft Corporation
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
260224 bytes
Created: 17/11/2006
Modified: 10/02/2005
Company: Analog Devices, Inc.
----------
Key: SolidWorks Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe"
C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
79360 bytes
Created: 07/03/2008
Modified: 07/03/2008
Company: SolidWorks
----------
Key: SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created: 17/11/2006
Modified: 20/09/2002
Company: Analog Devices, Inc.
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: SUService
ImagePath: c:\program files\lenovo\system update\suservice.exe
c:\program files\lenovo\system update\suservice.exe
32768 bytes
Created: 16/05/2008
Modified: 16/05/2008
Company: Lenovo Group Limited
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{80DC98F3-6751-434B-A813-D18D5EFD7A18}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
177664 bytes
Created: 17/11/2006
Modified: 14/02/2006
Company: Synaptics, Inc.
----------
Key: TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9343 bytes
Created: 17/11/2006
Modified: 02/10/2006
Company:
----------
Key: ThinkVantage Registry Monitor Service
ImagePath: "C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe"
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
644408 bytes
Created: 26/09/2007
Modified: 26/09/2007
Company: Lenovo Group Limited
----------
Key: TPDIGIMN
ImagePath: System32\DRIVERS\ApsHM86.sys
C:\WINDOWS\System32\DRIVERS\ApsHM86.sys
19760 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: TPHDEXLGSVC
ImagePath: System32\TPHDEXLG.exe
C:\WINDOWS\System32\TPHDEXLG.exe
37168 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: TPInput
ImagePath: System32\DRIVERS\TPInput.sys
C:\WINDOWS\System32\DRIVERS\TPInput.sys
6528 bytes
Created: 17/11/2006
Modified: 26/09/2006
Company: Lenovo, Ltd. and IBM Corporation.
----------
Key: TpKmpSVC
ImagePath: C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpKmpSVC.exe
32768 bytes
Created: 17/11/2006
Modified: 06/06/2005
Company:
----------
Key: TPM
ImagePath: System32\DRIVERS\tpm.sys
C:\WINDOWS\System32\DRIVERS\tpm.sys
17792 bytes
Created: 09/10/2005
Modified: 09/10/2005
Company: Winbond Electronics Corp.
----------
Key: TPPWRIF
ImagePath: System32\drivers\Tppwrif.sys
C:\WINDOWS\System32\drivers\Tppwrif.sys
4442 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company:
----------
Key: TSMAPIP
ImagePath: System32\drivers\TSMAPIP.SYS
C:\WINDOWS\System32\drivers\TSMAPIP.SYS
7168 bytes
Created: 17/11/2006
Modified: 10/01/2007
Company:
----------
Key: TVT Scheduler
ImagePath: "C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe"
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
1122304 bytes
Created: 04/03/2008
Modified: 04/03/2008
Company: Lenovo Group Limited
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: WinDefend
ImagePath: "C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Program Files\Windows Defender\MsMpEng.exe
13592 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------
************************************************************
15:56:13: Scanning -----VXD ENTRIES-----
************************************************************
15:56:13: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxdev.dll
C:\WINDOWS\system32\igfxdev.dll
204800 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
----------
Key : tpfnf2
DLLName: notifyf2.dll
C:\WINDOWS\system32\notifyf2.dll
28672 bytes
Created: 06/07/2005
Modified: 06/07/2005
Company:
----------
Key : tphotkey
DLLName: tphklock.dll
C:\WINDOWS\system32\tphklock.dll
24576 bytes
Created: 30/11/2005
Modified: 30/11/2005
Company:
----------
************************************************************
15:56:13: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Cover Designer
CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
Path: C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
2106664 bytes
Created: 24/09/2007
Modified: 24/09/2007
Company: Nero AG
----------
Key: Eset Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path: C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
169216 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: ShellExtension
CLSID: [empty]
----------
************************************************************
15:56:14: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {04DAAD08-70EF-450E-834A-DCFAF9B48748}
File: C:\Program Files\FolderSize\FolderSizeColumn.dll
C:\Program Files\FolderSize\FolderSizeColumn.dll
102400 bytes
Created: 14/11/2007
Modified: 14/11/2007
Company: Brio
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: [CLSID does not appear to reference a file]
************************************************************
15:56:14: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {07A11D74-9D25-4fea-A833-8B0D76A5577A}
BHO: C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
-R- 70928 bytes
Created: 24/07/2007
Modified: 24/07/2007
Company: Mindjet
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
1562448 bytes
Created: 22/08/2008
Modified: 07/07/2008
Company: Safer Networking Limited
----------
Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
BHO: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - file already scanned
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {AC41D38F-B56D-40AD-94E0-B493D130C959}
BHO: C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
-R- 65536 bytes
Created: 14/12/2006
Modified: 14/12/2006
Company: Mindjet
----------
************************************************************
15:56:14: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------
************************************************************
15:56:15: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
15:56:15: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
15:56:15: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank
************************************************************
15:56:15: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [file not found to scan]
----------
************************************************************
15:56:15: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 17/11/2006
Modified: 17/11/2006
Company:
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
15:56:15: Scanning ----- SCHEDULED TASKS -----
Taskname: MP Scheduled Scan.job
File: C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
293144 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
Parameters: Scan -RestrictPrivileges
Next Run Time: 24/08/2008 01:54:00
Status: La tâche n'a pas encore été exécutée
Creator: SYSTEM
Comments: Scheduled Scan
----------
Taskname: PMTask.job
File: C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
20480 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company:
Parameters: [blank]
Next Run Time: Never
Status: La tâche n'a pas encore été exécutée
Creator: Administrateur
Comments: [blank]
----------
************************************************************
15:56:15: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
15:56:15: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
11614518 bytes
Created: 17/11/2006
Modified: 21/02/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
11614518 bytes
Created: 17/11/2006
Modified: 21/02/2008
Company:
----------
Additional checks completed
************************************************************
15:56:16: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\oek1.exe
FileSize: 2548288
[This is a Trojan Remover component]
--------------------
--------------------
************************************************************
15:56:18: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
15:56:18: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
15:56:18: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.centre-valdeloire.fr
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 15:56:18 23 août 2008
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 14:59:24 23 août 2008
Using Database v7109
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: D:\Mes Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
ESET NOD32 Antivirus
************************************************************
************************************************************
14:59:24: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
14:59:24: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
14:59:24: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
14:59:25: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 29/05/2003
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinPatrol
Value Data: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
271936 bytes
Created: 19/04/2007
Modified: 19/04/2007
Company: BillP Studios
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
856064 bytes
Created: 17/11/2006
Modified: 02/06/2006
Company: Lenovo
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created: 25/07/2006
Modified: 02/10/2006
Company:
--------------------
Value Name: PWRMGRTR
Value Data: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
151552 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company: Lenovo Group Limited
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
131072 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
163840 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
135168 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: TVT Scheduler Proxy
Value Data: C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
487424 bytes
Created: 04/03/2008
Modified: 04/03/2008
Company: Lenovo Group Limited
--------------------
Value Name: LXDDCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll
102400 bytes
Created: 19/01/2008
Modified: 23/01/2007
Company: Lexmark International, Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1447168 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 23/08/2008
Modified: 19/08/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: pdfSaver3
Value Data: "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
380928 bytes
Created: 05/09/2004
Modified: 05/09/2004
Company: Tracker Software Products Ltd.
--------------------
Value Name: SuperCopier2.exe
Value Data: C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
716808 bytes
Created: 07/07/2006
Modified: 25/06/2006
Company:
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created: 01/04/2008
Modified: 01/04/2008
Company: DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
14:59:26: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
************************************************************
14:59:26: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
14:59:27: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
14:59:27: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
14:59:27: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 17/11/2006
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
14:59:27: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AcPrfMgrSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
53248 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company:
----------
Key: ACS
ImagePath: C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\acs.exe
36864 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company:
----------
Key: AcSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
172032 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company: Lenovo
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
133200 bytes
Created: 17/11/2006
Modified: 17/05/2004
Company: Andrea Electronics Corporation
----------
Key: AegisP
ImagePath: System32\DRIVERS\AegisP.sys
C:\WINDOWS\System32\DRIVERS\AegisP.sys
21275 bytes
Created: 17/11/2006
Modified: 17/11/2006
Company: Meetinghouse Data Communications
----------
Key: ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company: IBM Corp.
----------
Key: AR5211
ImagePath: System32\DRIVERS\ar5211.sys
C:\WINDOWS\System32\DRIVERS\ar5211.sys
471616 bytes
Created: 17/11/2006
Modified: 18/04/2006
Company: Atheros Communications, Inc.
----------
Key: b57w2k
ImagePath: System32\DRIVERS\b57xp32.sys
C:\WINDOWS\System32\DRIVERS\b57xp32.sys
152064 bytes
Created: 09/03/2006
Modified: 09/03/2006
Company: Broadcom Corporation
----------
Key: CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96370 bytes
Created: 31/01/2007
Modified: 31/01/2007
Company: Canon Inc.
----------
Key: Diskeeper
ImagePath: "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
C:\Program Files\Executive Software\Diskeeper\DkService.exe
606316 bytes
Created: 26/07/2005
Modified: 26/07/2005
Company: Executive Software International, Inc.
----------
Key: driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15352 bytes
Created: 02/12/2007
Modified: 02/12/2007
Company: Ma-Config.com
----------
Key: eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
39944 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
53256 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: EGATHDRV
ImagePath: \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
5120 bytes
Created: 19/03/2007
Modified: 25/02/2004
Company: IBM Corporation
----------
Key: EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
468224 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
34312 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company:
----------
Key: FolderSize
ImagePath: "C:\Program Files\FolderSize\FolderSizeSvc.exe"
C:\Program Files\FolderSize\FolderSizeSvc.exe
131072 bytes
Created: 14/11/2007
Modified: 14/11/2007
Company: Brio
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 19/01/2008
Modified: 04/01/2007
Company: Google
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
242304 bytes
Created: 17/11/2006
Modified: 18/10/2005
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5672032 bytes
Created: 03/02/2008
Modified: 13/01/2007
Company: Intel Corporation
----------
Key: IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
21424 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo.
----------
Key: IBMPMSVC
ImagePath: %SystemRoot%\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ibmpmsvc.exe
36400 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo
----------
Key: IBMTPCHK
ImagePath: \??\C:\WINDOWS\System32\Drivers\IBMBLDID.sys
C:\WINDOWS\System32\Drivers\IBMBLDID.sys
6016 bytes
Created: 17/11/2006
Modified: 13/01/2006
Company:
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created: 14/11/2005
Modified: 14/11/2005
Company: Macrovision Corporation
----------
Key: IKFileFlt
ImagePath: system32\drivers\ikfileflt.sys
C:\WINDOWS\system32\drivers\ikfileflt.sys
39248 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
52304 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IkSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
59984 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: lxdd_device
ImagePath: C:\WINDOWS\system32\lxddcoms.exe -service
C:\WINDOWS\system32\lxddcoms.exe
537520 bytes
Created: 19/01/2008
Modified: 13/02/2007
Company:
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
382248 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Nero AG
----------
Key: NSCIRDA
ImagePath: System32\DRIVERS\nscirda.sys
C:\WINDOWS\System32\DRIVERS\nscirda.sys
28672 bytes
Created: 17/11/2006
Modified: 04/08/2004
Company: National Semiconductor Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created: 19/01/2008
Modified: 19/01/2008
Company: Padus, Inc.
----------
Key: psadd
ImagePath: system32\DRIVERS\psadd.sys
C:\WINDOWS\system32\DRIVERS\psadd.sys
21376 bytes
Created: 18/01/2008
Modified: 19/02/2007
Company: Lenovo (United States) Inc.
----------
Key: Shockprf
ImagePath: System32\DRIVERS\Apsx86.sys
C:\WINDOWS\System32\DRIVERS\Apsx86.sys
100144 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created: 17/11/2006
Modified: 02/10/2006
Company: Microsoft Corporation
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
260224 bytes
Created: 17/11/2006
Modified: 10/02/2005
Company: Analog Devices, Inc.
----------
Key: SolidWorks Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe"
C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
79360 bytes
Created: 07/03/2008
Modified: 07/03/2008
Company: SolidWorks
----------
Key: SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created: 17/11/2006
Modified: 20/09/2002
Company: Analog Devices, Inc.
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: SUService
ImagePath: c:\program files\lenovo\system update\suservice.exe
c:\program files\lenovo\system update\suservice.exe
32768 bytes
Created: 16/05/2008
Modified: 16/05/2008
Company: Lenovo Group Limited
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{80DC98F3-6751-434B-A813-D18D5EFD7A18}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
177664 bytes
Created: 17/11/2006
Modified: 14/02/2006
Company: Synaptics, Inc.
----------
Key: TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9343 bytes
Created: 17/11/2006
Modified: 02/10/2006
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
trojan remover en mode sans échec:
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 15:55:46 23 août 2008
Using Database v7109
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: D:\Mes Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
PC appears to be in SAFE MODE.
************************************************************
************************************************************
15:55:46: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
15:55:46: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
15:55:46: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
15:55:47: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 29/05/2003
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinPatrol
Value Data: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
271936 bytes
Created: 19/04/2007
Modified: 19/04/2007
Company: BillP Studios
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
856064 bytes
Created: 17/11/2006
Modified: 02/06/2006
Company: Lenovo
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created: 25/07/2006
Modified: 02/10/2006
Company:
--------------------
Value Name: PWRMGRTR
Value Data: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
151552 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company: Lenovo Group Limited
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
131072 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
163840 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
135168 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: TVT Scheduler Proxy
Value Data: C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
487424 bytes
Created: 04/03/2008
Modified: 04/03/2008
Company: Lenovo Group Limited
--------------------
Value Name: LXDDCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll
102400 bytes
Created: 19/01/2008
Modified: 23/01/2007
Company: Lexmark International, Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1447168 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 23/08/2008
Modified: 19/08/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: pdfSaver3
Value Data: "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
380928 bytes
Created: 05/09/2004
Modified: 05/09/2004
Company: Tracker Software Products Ltd.
--------------------
Value Name: SuperCopier2.exe
Value Data: C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
716808 bytes
Created: 07/07/2006
Modified: 25/06/2006
Company:
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created: 01/04/2008
Modified: 01/04/2008
Company: DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
15:55:53: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
************************************************************
15:55:53: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
15:55:54: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
15:55:54: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
15:55:54: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 17/11/2006
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
15:55:57: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AcPrfMgrSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
53248 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company:
----------
Key: ACS
ImagePath: C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\acs.exe
36864 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company:
----------
Key: AcSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
172032 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company: Lenovo
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
133200 bytes
Created: 17/11/2006
Modified: 17/05/2004
Company: Andrea Electronics Corporation
----------
Key: AegisP
ImagePath: System32\DRIVERS\AegisP.sys
C:\WINDOWS\System32\DRIVERS\AegisP.sys
21275 bytes
Created: 17/11/2006
Modified: 17/11/2006
Company: Meetinghouse Data Communications
----------
Key: ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company: IBM Corp.
----------
Key: AR5211
ImagePath: System32\DRIVERS\ar5211.sys
C:\WINDOWS\System32\DRIVERS\ar5211.sys
471616 bytes
Created: 17/11/2006
Modified: 18/04/2006
Company: Atheros Communications, Inc.
----------
Key: b57w2k
ImagePath: System32\DRIVERS\b57xp32.sys
C:\WINDOWS\System32\DRIVERS\b57xp32.sys
152064 bytes
Created: 09/03/2006
Modified: 09/03/2006
Company: Broadcom Corporation
----------
Key: CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96370 bytes
Created: 31/01/2007
Modified: 31/01/2007
Company: Canon Inc.
----------
Key: Diskeeper
ImagePath: "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
C:\Program Files\Executive Software\Diskeeper\DkService.exe
606316 bytes
Created: 26/07/2005
Modified: 26/07/2005
Company: Executive Software International, Inc.
----------
Key: driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15352 bytes
Created: 02/12/2007
Modified: 02/12/2007
Company: Ma-Config.com
----------
Key: eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
39944 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
53256 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: EGATHDRV
ImagePath: \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
5120 bytes
Created: 19/03/2007
Modified: 25/02/2004
Company: IBM Corporation
----------
Key: EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
468224 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
34312 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company:
----------
Key: FolderSize
ImagePath: "C:\Program Files\FolderSize\FolderSizeSvc.exe"
C:\Program Files\FolderSize\FolderSizeSvc.exe
131072 bytes
Created: 14/11/2007
Modified: 14/11/2007
Company: Brio
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 19/01/2008
Modified: 04/01/2007
Company: Google
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
242304 bytes
Created: 17/11/2006
Modified: 18/10/2005
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5672032 bytes
Created: 03/02/2008
Modified: 13/01/2007
Company: Intel Corporation
----------
Key: IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
21424 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo.
----------
Key: IBMPMSVC
ImagePath: %SystemRoot%\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ibmpmsvc.exe
36400 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo
----------
Key: IBMTPCHK
ImagePath: \??\C:\WINDOWS\System32\Drivers\IBMBLDID.sys
C:\WINDOWS\System32\Drivers\IBMBLDID.sys
6016 bytes
Created: 17/11/2006
Modified: 13/01/2006
Company:
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created: 14/11/2005
Modified: 14/11/2005
Company: Macrovision Corporation
----------
Key: IKFileFlt
ImagePath: system32\drivers\ikfileflt.sys
C:\WINDOWS\system32\drivers\ikfileflt.sys
39248 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
52304 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IkSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
59984 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: lxdd_device
ImagePath: C:\WINDOWS\system32\lxddcoms.exe -service
C:\WINDOWS\system32\lxddcoms.exe
537520 bytes
Created: 19/01/2008
Modified: 13/02/2007
Company:
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
382248 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Nero AG
----------
Key: NSCIRDA
ImagePath: System32\DRIVERS\nscirda.sys
C:\WINDOWS\System32\DRIVERS\nscirda.sys
28672 bytes
Created: 17/11/2006
Modified: 04/08/2004
Company: National Semiconductor Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created: 19/01/2008
Modified: 19/01/2008
Company: Padus, Inc.
----------
Key: psadd
ImagePath: system32\DRIVERS\psadd.sys
C:\WINDOWS\system32\DRIVERS\psadd.sys
21376 bytes
Created: 18/01/2008
Modified: 19/02/2007
Company: Lenovo (United States) Inc.
----------
Key: Shockprf
ImagePath: System32\DRIVERS\Apsx86.sys
C:\WINDOWS\System32\DRIVERS\Apsx86.sys
100144 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created: 17/11/2006
Modified: 02/10/2006
Company: Microsoft Corporation
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
260224 bytes
Created: 17/11/2006
Modified: 10/02/2005
Company: Analog Devices, Inc.
----------
Key: SolidWorks Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe"
C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
79360 bytes
Created: 07/03/2008
Modified: 07/03/2008
Company: SolidWorks
----------
Key: SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created: 17/11/2006
Modified: 20/09/2002
Company: Analog Devices, Inc.
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: SUService
ImagePath: c:\program files\lenovo\system update\suservice.exe
c:\program files\lenovo\system update\suservice.exe
32768 bytes
Created: 16/05/2008
Modified: 16/05/2008
Company: Lenovo Group Limited
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{80DC98F3-6751-434B-A813-D18D5EFD7A18}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
177664 bytes
Created: 17/11/2006
Modified: 14/02/2006
Company: Synaptics, Inc.
----------
Key: TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9343 bytes
Created: 17/11/2006
Modified: 02/10/2006
Company:
----------
Key: ThinkVantage Registry Monitor Service
ImagePath: "C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe"
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
644408 bytes
Created: 26/09/2007
Modified: 26/09/2007
Company: Lenovo Group Limited
----------
Key: TPDIGIMN
ImagePath: System32\DRIVERS\ApsHM86.sys
C:\WINDOWS\System32\DRIVERS\ApsHM86.sys
19760 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: TPHDEXLGSVC
ImagePath: System32\TPHDEXLG.exe
C:\WINDOWS\System32\TPHDEXLG.exe
37168 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: TPInput
ImagePath: System32\DRIVERS\TPInput.sys
C:\WINDOWS\System32\DRIVERS\TPInput.sys
6528 bytes
Created: 17/11/2006
Modified: 26/09/2006
Company: Lenovo, Ltd. and IBM Corporation.
----------
Key: TpKmpSVC
ImagePath: C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpKmpSVC.exe
32768 bytes
Created: 17/11/2006
Modified: 06/06/2005
Company:
----------
Key: TPM
ImagePath: System32\DRIVERS\tpm.sys
C:\WINDOWS\System32\DRIVERS\tpm.sys
17792 bytes
Created: 09/10/2005
Modified: 09/10/2005
Company: Winbond Electronics Corp.
----------
Key: TPPWRIF
ImagePath: System32\drivers\Tppwrif.sys
C:\WINDOWS\System32\drivers\Tppwrif.sys
4442 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company:
----------
Key: TSMAPIP
ImagePath: System32\drivers\TSMAPIP.SYS
C:\WINDOWS\System32\drivers\TSMAPIP.SYS
7168 bytes
Created: 17/11/2006
Modified: 10/01/2007
Company:
----------
Key: TVT Scheduler
ImagePath: "C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe"
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
1122304 bytes
Created: 04/03/2008
Modified: 04/03/2008
Company: Lenovo Group Limited
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: WinDefend
ImagePath: "C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Program Files\Windows Defender\MsMpEng.exe
13592 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------
************************************************************
15:56:13: Scanning -----VXD ENTRIES-----
************************************************************
15:56:13: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxdev.dll
C:\WINDOWS\system32\igfxdev.dll
204800 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
----------
Key : tpfnf2
DLLName: notifyf2.dll
C:\WINDOWS\system32\notifyf2.dll
28672 bytes
Created: 06/07/2005
Modified: 06/07/2005
Company:
----------
Key : tphotkey
DLLName: tphklock.dll
C:\WINDOWS\system32\tphklock.dll
24576 bytes
Created: 30/11/2005
Modified: 30/11/2005
Company:
----------
************************************************************
15:56:13: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Cover Designer
CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
Path: C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
2106664 bytes
Created: 24/09/2007
Modified: 24/09/2007
Company: Nero AG
----------
Key: Eset Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path: C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
169216 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: ShellExtension
CLSID: [empty]
----------
************************************************************
15:56:14: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {04DAAD08-70EF-450E-834A-DCFAF9B48748}
File: C:\Program Files\FolderSize\FolderSizeColumn.dll
C:\Program Files\FolderSize\FolderSizeColumn.dll
102400 bytes
Created: 14/11/2007
Modified: 14/11/2007
Company: Brio
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: [CLSID does not appear to reference a file]
************************************************************
15:56:14: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {07A11D74-9D25-4fea-A833-8B0D76A5577A}
BHO: C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
-R- 70928 bytes
Created: 24/07/2007
Modified: 24/07/2007
Company: Mindjet
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
1562448 bytes
Created: 22/08/2008
Modified: 07/07/2008
Company: Safer Networking Limited
----------
Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
BHO: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - file already scanned
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {AC41D38F-B56D-40AD-94E0-B493D130C959}
BHO: C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
-R- 65536 bytes
Created: 14/12/2006
Modified: 14/12/2006
Company: Mindjet
----------
************************************************************
15:56:14: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------
************************************************************
15:56:15: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
15:56:15: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
15:56:15: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank
************************************************************
15:56:15: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [file not found to scan]
----------
************************************************************
15:56:15: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 17/11/2006
Modified: 17/11/2006
Company:
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
15:56:15: Scanning ----- SCHEDULED TASKS -----
Taskname: MP Scheduled Scan.job
File: C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
293144 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
Parameters: Scan -RestrictPrivileges
Next Run Time: 24/08/2008 01:54:00
Status: La tâche n'a pas encore été exécutée
Creator: SYSTEM
Comments: Scheduled Scan
----------
Taskname: PMTask.job
File: C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
20480 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company:
Parameters: [blank]
Next Run Time: Never
Status: La tâche n'a pas encore été exécutée
Creator: Administrateur
Comments: [blank]
----------
************************************************************
15:56:15: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
15:56:15: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
11614518 bytes
Created: 17/11/2006
Modified: 21/02/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
11614518 bytes
Created: 17/11/2006
Modified: 21/02/2008
Company:
----------
Additional checks completed
************************************************************
15:56:16: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\oek1.exe
FileSize: 2548288
[This is a Trojan Remover component]
--------------------
--------------------
************************************************************
15:56:18: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
15:56:18: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
15:56:18: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.centre-valdeloire.fr
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 15:56:18 23 août 2008
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 14:59:24 23 août 2008
Using Database v7109
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: D:\Mes Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
ESET NOD32 Antivirus
************************************************************
************************************************************
14:59:24: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
14:59:24: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
14:59:24: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
14:59:25: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 29/05/2003
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinPatrol
Value Data: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
271936 bytes
Created: 19/04/2007
Modified: 19/04/2007
Company: BillP Studios
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
856064 bytes
Created: 17/11/2006
Modified: 02/06/2006
Company: Lenovo
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created: 25/07/2006
Modified: 02/10/2006
Company:
--------------------
Value Name: PWRMGRTR
Value Data: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
151552 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company: Lenovo Group Limited
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
131072 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
163840 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
135168 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: TVT Scheduler Proxy
Value Data: C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
487424 bytes
Created: 04/03/2008
Modified: 04/03/2008
Company: Lenovo Group Limited
--------------------
Value Name: LXDDCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll
102400 bytes
Created: 19/01/2008
Modified: 23/01/2007
Company: Lexmark International, Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1447168 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 23/08/2008
Modified: 19/08/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: pdfSaver3
Value Data: "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
380928 bytes
Created: 05/09/2004
Modified: 05/09/2004
Company: Tracker Software Products Ltd.
--------------------
Value Name: SuperCopier2.exe
Value Data: C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
716808 bytes
Created: 07/07/2006
Modified: 25/06/2006
Company:
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created: 01/04/2008
Modified: 01/04/2008
Company: DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
14:59:26: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
************************************************************
14:59:26: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
14:59:27: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
14:59:27: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
14:59:27: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 17/11/2006
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
14:59:27: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AcPrfMgrSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
53248 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company:
----------
Key: ACS
ImagePath: C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\acs.exe
36864 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company:
----------
Key: AcSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
172032 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company: Lenovo
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
133200 bytes
Created: 17/11/2006
Modified: 17/05/2004
Company: Andrea Electronics Corporation
----------
Key: AegisP
ImagePath: System32\DRIVERS\AegisP.sys
C:\WINDOWS\System32\DRIVERS\AegisP.sys
21275 bytes
Created: 17/11/2006
Modified: 17/11/2006
Company: Meetinghouse Data Communications
----------
Key: ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company: IBM Corp.
----------
Key: AR5211
ImagePath: System32\DRIVERS\ar5211.sys
C:\WINDOWS\System32\DRIVERS\ar5211.sys
471616 bytes
Created: 17/11/2006
Modified: 18/04/2006
Company: Atheros Communications, Inc.
----------
Key: b57w2k
ImagePath: System32\DRIVERS\b57xp32.sys
C:\WINDOWS\System32\DRIVERS\b57xp32.sys
152064 bytes
Created: 09/03/2006
Modified: 09/03/2006
Company: Broadcom Corporation
----------
Key: CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96370 bytes
Created: 31/01/2007
Modified: 31/01/2007
Company: Canon Inc.
----------
Key: Diskeeper
ImagePath: "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
C:\Program Files\Executive Software\Diskeeper\DkService.exe
606316 bytes
Created: 26/07/2005
Modified: 26/07/2005
Company: Executive Software International, Inc.
----------
Key: driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15352 bytes
Created: 02/12/2007
Modified: 02/12/2007
Company: Ma-Config.com
----------
Key: eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
39944 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
53256 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: EGATHDRV
ImagePath: \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
5120 bytes
Created: 19/03/2007
Modified: 25/02/2004
Company: IBM Corporation
----------
Key: EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
468224 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
34312 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company:
----------
Key: FolderSize
ImagePath: "C:\Program Files\FolderSize\FolderSizeSvc.exe"
C:\Program Files\FolderSize\FolderSizeSvc.exe
131072 bytes
Created: 14/11/2007
Modified: 14/11/2007
Company: Brio
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 19/01/2008
Modified: 04/01/2007
Company: Google
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
242304 bytes
Created: 17/11/2006
Modified: 18/10/2005
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5672032 bytes
Created: 03/02/2008
Modified: 13/01/2007
Company: Intel Corporation
----------
Key: IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
21424 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo.
----------
Key: IBMPMSVC
ImagePath: %SystemRoot%\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ibmpmsvc.exe
36400 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo
----------
Key: IBMTPCHK
ImagePath: \??\C:\WINDOWS\System32\Drivers\IBMBLDID.sys
C:\WINDOWS\System32\Drivers\IBMBLDID.sys
6016 bytes
Created: 17/11/2006
Modified: 13/01/2006
Company:
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created: 14/11/2005
Modified: 14/11/2005
Company: Macrovision Corporation
----------
Key: IKFileFlt
ImagePath: system32\drivers\ikfileflt.sys
C:\WINDOWS\system32\drivers\ikfileflt.sys
39248 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
52304 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IkSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
59984 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: lxdd_device
ImagePath: C:\WINDOWS\system32\lxddcoms.exe -service
C:\WINDOWS\system32\lxddcoms.exe
537520 bytes
Created: 19/01/2008
Modified: 13/02/2007
Company:
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
382248 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Nero AG
----------
Key: NSCIRDA
ImagePath: System32\DRIVERS\nscirda.sys
C:\WINDOWS\System32\DRIVERS\nscirda.sys
28672 bytes
Created: 17/11/2006
Modified: 04/08/2004
Company: National Semiconductor Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created: 19/01/2008
Modified: 19/01/2008
Company: Padus, Inc.
----------
Key: psadd
ImagePath: system32\DRIVERS\psadd.sys
C:\WINDOWS\system32\DRIVERS\psadd.sys
21376 bytes
Created: 18/01/2008
Modified: 19/02/2007
Company: Lenovo (United States) Inc.
----------
Key: Shockprf
ImagePath: System32\DRIVERS\Apsx86.sys
C:\WINDOWS\System32\DRIVERS\Apsx86.sys
100144 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created: 17/11/2006
Modified: 02/10/2006
Company: Microsoft Corporation
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
260224 bytes
Created: 17/11/2006
Modified: 10/02/2005
Company: Analog Devices, Inc.
----------
Key: SolidWorks Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe"
C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
79360 bytes
Created: 07/03/2008
Modified: 07/03/2008
Company: SolidWorks
----------
Key: SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created: 17/11/2006
Modified: 20/09/2002
Company: Analog Devices, Inc.
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: SUService
ImagePath: c:\program files\lenovo\system update\suservice.exe
c:\program files\lenovo\system update\suservice.exe
32768 bytes
Created: 16/05/2008
Modified: 16/05/2008
Company: Lenovo Group Limited
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{80DC98F3-6751-434B-A813-D18D5EFD7A18}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
177664 bytes
Created: 17/11/2006
Modified: 14/02/2006
Company: Synaptics, Inc.
----------
Key: TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9343 bytes
Created: 17/11/2006
Modified: 02/10/2006
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 15:55:46 23 août 2008
Using Database v7109
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: D:\Mes Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
PC appears to be in SAFE MODE.
************************************************************
************************************************************
15:55:46: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
15:55:46: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
15:55:46: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
15:55:47: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 29/05/2003
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinPatrol
Value Data: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
271936 bytes
Created: 19/04/2007
Modified: 19/04/2007
Company: BillP Studios
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
856064 bytes
Created: 17/11/2006
Modified: 02/06/2006
Company: Lenovo
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created: 25/07/2006
Modified: 02/10/2006
Company:
--------------------
Value Name: PWRMGRTR
Value Data: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
151552 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company: Lenovo Group Limited
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
131072 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
163840 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
135168 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: TVT Scheduler Proxy
Value Data: C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
487424 bytes
Created: 04/03/2008
Modified: 04/03/2008
Company: Lenovo Group Limited
--------------------
Value Name: LXDDCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll
102400 bytes
Created: 19/01/2008
Modified: 23/01/2007
Company: Lexmark International, Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1447168 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 23/08/2008
Modified: 19/08/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: pdfSaver3
Value Data: "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
380928 bytes
Created: 05/09/2004
Modified: 05/09/2004
Company: Tracker Software Products Ltd.
--------------------
Value Name: SuperCopier2.exe
Value Data: C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
716808 bytes
Created: 07/07/2006
Modified: 25/06/2006
Company:
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created: 01/04/2008
Modified: 01/04/2008
Company: DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
15:55:53: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
************************************************************
15:55:53: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
15:55:54: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
15:55:54: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
15:55:54: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 17/11/2006
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
15:55:57: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AcPrfMgrSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
53248 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company:
----------
Key: ACS
ImagePath: C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\acs.exe
36864 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company:
----------
Key: AcSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
172032 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company: Lenovo
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
133200 bytes
Created: 17/11/2006
Modified: 17/05/2004
Company: Andrea Electronics Corporation
----------
Key: AegisP
ImagePath: System32\DRIVERS\AegisP.sys
C:\WINDOWS\System32\DRIVERS\AegisP.sys
21275 bytes
Created: 17/11/2006
Modified: 17/11/2006
Company: Meetinghouse Data Communications
----------
Key: ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company: IBM Corp.
----------
Key: AR5211
ImagePath: System32\DRIVERS\ar5211.sys
C:\WINDOWS\System32\DRIVERS\ar5211.sys
471616 bytes
Created: 17/11/2006
Modified: 18/04/2006
Company: Atheros Communications, Inc.
----------
Key: b57w2k
ImagePath: System32\DRIVERS\b57xp32.sys
C:\WINDOWS\System32\DRIVERS\b57xp32.sys
152064 bytes
Created: 09/03/2006
Modified: 09/03/2006
Company: Broadcom Corporation
----------
Key: CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96370 bytes
Created: 31/01/2007
Modified: 31/01/2007
Company: Canon Inc.
----------
Key: Diskeeper
ImagePath: "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
C:\Program Files\Executive Software\Diskeeper\DkService.exe
606316 bytes
Created: 26/07/2005
Modified: 26/07/2005
Company: Executive Software International, Inc.
----------
Key: driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15352 bytes
Created: 02/12/2007
Modified: 02/12/2007
Company: Ma-Config.com
----------
Key: eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
39944 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
53256 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: EGATHDRV
ImagePath: \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
5120 bytes
Created: 19/03/2007
Modified: 25/02/2004
Company: IBM Corporation
----------
Key: EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
468224 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
34312 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company:
----------
Key: FolderSize
ImagePath: "C:\Program Files\FolderSize\FolderSizeSvc.exe"
C:\Program Files\FolderSize\FolderSizeSvc.exe
131072 bytes
Created: 14/11/2007
Modified: 14/11/2007
Company: Brio
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 19/01/2008
Modified: 04/01/2007
Company: Google
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
242304 bytes
Created: 17/11/2006
Modified: 18/10/2005
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5672032 bytes
Created: 03/02/2008
Modified: 13/01/2007
Company: Intel Corporation
----------
Key: IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
21424 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo.
----------
Key: IBMPMSVC
ImagePath: %SystemRoot%\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ibmpmsvc.exe
36400 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo
----------
Key: IBMTPCHK
ImagePath: \??\C:\WINDOWS\System32\Drivers\IBMBLDID.sys
C:\WINDOWS\System32\Drivers\IBMBLDID.sys
6016 bytes
Created: 17/11/2006
Modified: 13/01/2006
Company:
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created: 14/11/2005
Modified: 14/11/2005
Company: Macrovision Corporation
----------
Key: IKFileFlt
ImagePath: system32\drivers\ikfileflt.sys
C:\WINDOWS\system32\drivers\ikfileflt.sys
39248 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
52304 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IkSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
59984 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: lxdd_device
ImagePath: C:\WINDOWS\system32\lxddcoms.exe -service
C:\WINDOWS\system32\lxddcoms.exe
537520 bytes
Created: 19/01/2008
Modified: 13/02/2007
Company:
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
382248 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Nero AG
----------
Key: NSCIRDA
ImagePath: System32\DRIVERS\nscirda.sys
C:\WINDOWS\System32\DRIVERS\nscirda.sys
28672 bytes
Created: 17/11/2006
Modified: 04/08/2004
Company: National Semiconductor Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created: 19/01/2008
Modified: 19/01/2008
Company: Padus, Inc.
----------
Key: psadd
ImagePath: system32\DRIVERS\psadd.sys
C:\WINDOWS\system32\DRIVERS\psadd.sys
21376 bytes
Created: 18/01/2008
Modified: 19/02/2007
Company: Lenovo (United States) Inc.
----------
Key: Shockprf
ImagePath: System32\DRIVERS\Apsx86.sys
C:\WINDOWS\System32\DRIVERS\Apsx86.sys
100144 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created: 17/11/2006
Modified: 02/10/2006
Company: Microsoft Corporation
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
260224 bytes
Created: 17/11/2006
Modified: 10/02/2005
Company: Analog Devices, Inc.
----------
Key: SolidWorks Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe"
C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
79360 bytes
Created: 07/03/2008
Modified: 07/03/2008
Company: SolidWorks
----------
Key: SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created: 17/11/2006
Modified: 20/09/2002
Company: Analog Devices, Inc.
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: SUService
ImagePath: c:\program files\lenovo\system update\suservice.exe
c:\program files\lenovo\system update\suservice.exe
32768 bytes
Created: 16/05/2008
Modified: 16/05/2008
Company: Lenovo Group Limited
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{80DC98F3-6751-434B-A813-D18D5EFD7A18}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
177664 bytes
Created: 17/11/2006
Modified: 14/02/2006
Company: Synaptics, Inc.
----------
Key: TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9343 bytes
Created: 17/11/2006
Modified: 02/10/2006
Company:
----------
Key: ThinkVantage Registry Monitor Service
ImagePath: "C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe"
C:\Program Files\Fichiers communs\Lenovo\tvt_reg_monitor_svc.exe
644408 bytes
Created: 26/09/2007
Modified: 26/09/2007
Company: Lenovo Group Limited
----------
Key: TPDIGIMN
ImagePath: System32\DRIVERS\ApsHM86.sys
C:\WINDOWS\System32\DRIVERS\ApsHM86.sys
19760 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: TPHDEXLGSVC
ImagePath: System32\TPHDEXLG.exe
C:\WINDOWS\System32\TPHDEXLG.exe
37168 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: TPInput
ImagePath: System32\DRIVERS\TPInput.sys
C:\WINDOWS\System32\DRIVERS\TPInput.sys
6528 bytes
Created: 17/11/2006
Modified: 26/09/2006
Company: Lenovo, Ltd. and IBM Corporation.
----------
Key: TpKmpSVC
ImagePath: C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpKmpSVC.exe
32768 bytes
Created: 17/11/2006
Modified: 06/06/2005
Company:
----------
Key: TPM
ImagePath: System32\DRIVERS\tpm.sys
C:\WINDOWS\System32\DRIVERS\tpm.sys
17792 bytes
Created: 09/10/2005
Modified: 09/10/2005
Company: Winbond Electronics Corp.
----------
Key: TPPWRIF
ImagePath: System32\drivers\Tppwrif.sys
C:\WINDOWS\System32\drivers\Tppwrif.sys
4442 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company:
----------
Key: TSMAPIP
ImagePath: System32\drivers\TSMAPIP.SYS
C:\WINDOWS\System32\drivers\TSMAPIP.SYS
7168 bytes
Created: 17/11/2006
Modified: 10/01/2007
Company:
----------
Key: TVT Scheduler
ImagePath: "C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe"
C:\Program Files\Fichiers communs\Lenovo\Scheduler\tvtsched.exe
1122304 bytes
Created: 04/03/2008
Modified: 04/03/2008
Company: Lenovo Group Limited
----------
Key: usnjsvc
ImagePath: "C:\Program Files\Windows Live\Messenger\usnsvc.exe"
C:\Program Files\Windows Live\Messenger\usnsvc.exe
98328 bytes
Created: 18/10/2007
Modified: 18/10/2007
Company: Microsoft Corporation
----------
Key: WinDefend
ImagePath: "C:\Program Files\Windows Defender\MsMpEng.exe"
C:\Program Files\Windows Defender\MsMpEng.exe
13592 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
Key: WLSetupSvc
ImagePath: "C:\Program Files\Windows Live\installer\WLSetupSvc.exe"
C:\Program Files\Windows Live\installer\WLSetupSvc.exe
266240 bytes
Created: 25/10/2007
Modified: 25/10/2007
Company: Microsoft Corporation
----------
************************************************************
15:56:13: Scanning -----VXD ENTRIES-----
************************************************************
15:56:13: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxdev.dll
C:\WINDOWS\system32\igfxdev.dll
204800 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
----------
Key : tpfnf2
DLLName: notifyf2.dll
C:\WINDOWS\system32\notifyf2.dll
28672 bytes
Created: 06/07/2005
Modified: 06/07/2005
Company:
----------
Key : tphotkey
DLLName: tphklock.dll
C:\WINDOWS\system32\tphklock.dll
24576 bytes
Created: 30/11/2005
Modified: 30/11/2005
Company:
----------
************************************************************
15:56:13: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Cover Designer
CLSID: {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
Path: C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
2106664 bytes
Created: 24/09/2007
Modified: 24/09/2007
Company: Nero AG
----------
Key: Eset Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path: C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
169216 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: ShellExtension
CLSID: [empty]
----------
************************************************************
15:56:14: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {04DAAD08-70EF-450E-834A-DCFAF9B48748}
File: C:\Program Files\FolderSize\FolderSizeColumn.dll
C:\Program Files\FolderSize\FolderSizeColumn.dll
102400 bytes
Created: 14/11/2007
Modified: 14/11/2007
Company: Brio
----------
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: [CLSID does not appear to reference a file]
************************************************************
15:56:14: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {07A11D74-9D25-4fea-A833-8B0D76A5577A}
BHO: C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
C:\Program Files\Mindjet\MindManager 7\Mm7InternetExplorer.dll
-R- 70928 bytes
Created: 24/07/2007
Modified: 24/07/2007
Company: Mindjet
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
1562448 bytes
Created: 22/08/2008
Modified: 07/07/2008
Company: Safer Networking Limited
----------
Key: {72853161-30C5-4D22-B7F9-0BBC1D38A37E}
BHO: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll - file already scanned
----------
Key: {9030D464-4C02-4ABF-8ECC-5164760863C6}
BHO: C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
328752 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Microsoft Corporation
----------
Key: {AC41D38F-B56D-40AD-94E0-B493D130C959}
BHO: C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
C:\Program Files\Mindjet\MindManager 6\Mm6InternetExplorer.dll
-R- 65536 bytes
Created: 14/12/2006
Modified: 14/12/2006
Company: Mindjet
----------
************************************************************
15:56:14: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------
************************************************************
15:56:15: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
15:56:15: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
15:56:15: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank
************************************************************
15:56:15: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dllschannel.dlldigest.dllmsnsspc.dll
msapsspc.dllschannel.dlldigest.dllmsnsspc.dll [file not found to scan]
----------
************************************************************
15:56:15: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 17/11/2006
Modified: 17/11/2006
Company:
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
15:56:15: Scanning ----- SCHEDULED TASKS -----
Taskname: MP Scheduled Scan.job
File: C:\Program Files\Windows Defender\MpCmdRun.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
293144 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
Parameters: Scan -RestrictPrivileges
Next Run Time: 24/08/2008 01:54:00
Status: La tâche n'a pas encore été exécutée
Creator: SYSTEM
Comments: Scheduled Scan
----------
Taskname: PMTask.job
File: C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\PWMIDTSK.EXE
20480 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company:
Parameters: [blank]
Next Run Time: Never
Status: La tâche n'a pas encore été exécutée
Creator: Administrateur
Comments: [blank]
----------
************************************************************
15:56:15: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
15:56:15: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
11614518 bytes
Created: 17/11/2006
Modified: 21/02/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Administrateur\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
11614518 bytes
Created: 17/11/2006
Modified: 21/02/2008
Company:
----------
Additional checks completed
************************************************************
15:56:16: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\oek1.exe
FileSize: 2548288
[This is a Trojan Remover component]
--------------------
--------------------
************************************************************
15:56:18: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
15:56:18: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
15:56:18: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.centre-valdeloire.fr
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 15:56:18 23 août 2008
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2539. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 14:59:24 23 août 2008
Using Database v7109
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: D:\Mes Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
************************************************************
The following Anti-Malware program(s) are loaded:
ESET NOD32 Antivirus
************************************************************
************************************************************
14:59:24: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
14:59:24: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
14:59:24: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
14:59:25: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 29/05/2003
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: WinPatrol
Value Data: C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
271936 bytes
Created: 19/04/2007
Modified: 19/04/2007
Company: BillP Studios
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
856064 bytes
Created: 17/11/2006
Modified: 02/06/2006
Company: Lenovo
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created: 25/07/2006
Modified: 02/10/2006
Company:
--------------------
Value Name: PWRMGRTR
Value Data: rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL
151552 bytes
Created: 17/11/2006
Modified: 26/05/2006
Company: Lenovo Group Limited
--------------------
Value Name: GrooveMonitor
Value Data: "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
33648 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
131072 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
163840 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: Persistence
Value Data: C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxpers.exe
135168 bytes
Created: 15/09/2006
Modified: 13/01/2007
Company: Intel Corporation
--------------------
Value Name: TVT Scheduler Proxy
Value Data: C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
487424 bytes
Created: 04/03/2008
Modified: 04/03/2008
Company: Lenovo Group Limited
--------------------
Value Name: LXDDCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll
102400 bytes
Created: 19/01/2008
Modified: 23/01/2007
Company: Lexmark International, Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1447168 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
914512 bytes
Created: 23/08/2008
Modified: 19/08/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: pdfSaver3
Value Data: "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe
380928 bytes
Created: 05/09/2004
Modified: 05/09/2004
Company: Tracker Software Products Ltd.
--------------------
Value Name: SuperCopier2.exe
Value Data: C:\Program Files\SuperCopier2\SuperCopier2.exe
C:\Program Files\SuperCopier2\SuperCopier2.exe
716808 bytes
Created: 07/07/2006
Modified: 25/06/2006
Company:
--------------------
Value Name: DAEMON Tools Lite
Value Data: "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
C:\Program Files\DAEMON Tools Lite\daemon.exe
486856 bytes
Created: 01/04/2008
Modified: 01/04/2008
Company: DT Soft Ltd
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this entry is globally excluded
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
14:59:26: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {B5A7F190-DDA6-4420-B3BA-52453494E6CD}
Value: Groove GFS Stub Execution Hook
File: C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
2212224 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
ValueName: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB}
Value: Microsoft AntiMalware ShellExecuteHook
File: C:\PROGRA~1\WIFD1F~1\MpShHook.dll
C:\PROGRA~1\WIFD1F~1\MpShHook.dll
83224 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------
************************************************************
14:59:26: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
14:59:27: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
14:59:27: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
************************************************************
14:59:27: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 17/11/2006
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
************************************************************
14:59:27: Scanning ----- SERVICES REGISTRY KEYS -----
Key: AcPrfMgrSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcPrfMgrSvc.exe
53248 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company:
----------
Key: ACS
ImagePath: C:\WINDOWS\System32\acs.exe
C:\WINDOWS\System32\acs.exe
36864 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company:
----------
Key: AcSvc
ImagePath: C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
C:\Program Files\ThinkPad\ConnectUtilities\AcSvc.exe
172032 bytes
Created: 17/11/2006
Modified: 25/12/2006
Company: Lenovo
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
133200 bytes
Created: 17/11/2006
Modified: 17/05/2004
Company: Andrea Electronics Corporation
----------
Key: AegisP
ImagePath: System32\DRIVERS\AegisP.sys
C:\WINDOWS\System32\DRIVERS\AegisP.sys
21275 bytes
Created: 17/11/2006
Modified: 17/11/2006
Company: Meetinghouse Data Communications
----------
Key: ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created: 17/11/2006
Modified: 08/11/2005
Company: IBM Corp.
----------
Key: AR5211
ImagePath: System32\DRIVERS\ar5211.sys
C:\WINDOWS\System32\DRIVERS\ar5211.sys
471616 bytes
Created: 17/11/2006
Modified: 18/04/2006
Company: Atheros Communications, Inc.
----------
Key: b57w2k
ImagePath: System32\DRIVERS\b57xp32.sys
C:\WINDOWS\System32\DRIVERS\b57xp32.sys
152064 bytes
Created: 09/03/2006
Modified: 09/03/2006
Company: Broadcom Corporation
----------
Key: CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96370 bytes
Created: 31/01/2007
Modified: 31/01/2007
Company: Canon Inc.
----------
Key: Diskeeper
ImagePath: "C:\Program Files\Executive Software\Diskeeper\DkService.exe"
C:\Program Files\Executive Software\Diskeeper\DkService.exe
606316 bytes
Created: 26/07/2005
Modified: 26/07/2005
Company: Executive Software International, Inc.
----------
Key: driverhardwarev2
ImagePath: \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys
15352 bytes
Created: 02/12/2007
Modified: 02/12/2007
Company: Ma-Config.com
----------
Key: eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
39944 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: easdrv
ImagePath: system32\DRIVERS\easdrv.sys
C:\WINDOWS\system32\DRIVERS\easdrv.sys
53256 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: EGATHDRV
ImagePath: \??\C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
C:\WINDOWS\Downloaded Program Files\EGATHDRV.SYS
5120 bytes
Created: 19/03/2007
Modified: 25/02/2004
Company: IBM Corporation
----------
Key: EhttpSrv
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
19200 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
468224 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company: ESET
----------
Key: epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
34312 bytes
Created: 01/07/2008
Modified: 01/07/2008
Company:
----------
Key: FolderSize
ImagePath: "C:\Program Files\FolderSize\FolderSizeSvc.exe"
C:\Program Files\FolderSize\FolderSizeSvc.exe
131072 bytes
Created: 14/11/2007
Modified: 14/11/2007
Company: Brio
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
136120 bytes
Created: 19/01/2008
Modified: 04/01/2007
Company: Google
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
242304 bytes
Created: 17/11/2006
Modified: 18/10/2005
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: system32\DRIVERS\igxpmp32.sys
C:\WINDOWS\system32\DRIVERS\igxpmp32.sys
5672032 bytes
Created: 03/02/2008
Modified: 13/01/2007
Company: Intel Corporation
----------
Key: IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
21424 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo.
----------
Key: IBMPMSVC
ImagePath: %SystemRoot%\system32\ibmpmsvc.exe
C:\WINDOWS\system32\ibmpmsvc.exe
36400 bytes
Created: 11/11/2005
Modified: 31/05/2007
Company: Lenovo
----------
Key: IBMTPCHK
ImagePath: \??\C:\WINDOWS\System32\Drivers\IBMBLDID.sys
C:\WINDOWS\System32\Drivers\IBMBLDID.sys
6016 bytes
Created: 17/11/2006
Modified: 13/01/2006
Company:
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
69632 bytes
Created: 14/11/2005
Modified: 14/11/2005
Company: Macrovision Corporation
----------
Key: IKFileFlt
ImagePath: system32\drivers\ikfileflt.sys
C:\WINDOWS\system32\drivers\ikfileflt.sys
39248 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
52304 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: IkSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
59984 bytes
Created: 21/08/2008
Modified: 19/04/2007
Company:
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: lxdd_device
ImagePath: C:\WINDOWS\system32\lxddcoms.exe -service
C:\WINDOWS\system32\lxddcoms.exe
537520 bytes
Created: 19/01/2008
Modified: 13/02/2007
Company:
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\mdm.exe
335872 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: NMIndexingService
ImagePath: "C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe"
C:\Program Files\Fichiers communs\Nero\Lib\NMIndexingService.exe
382248 bytes
Created: 20/09/2007
Modified: 20/09/2007
Company: Nero AG
----------
Key: NSCIRDA
ImagePath: System32\DRIVERS\nscirda.sys
C:\WINDOWS\System32\DRIVERS\nscirda.sys
28672 bytes
Created: 17/11/2006
Modified: 04/08/2004
Company: National Semiconductor Corporation
----------
Key: odserv
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\OFFICE12\ODSERV.EXE
443776 bytes
Created: 24/08/2007
Modified: 24/08/2007
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
145184 bytes
Created: 26/10/2006
Modified: 26/10/2006
Company: Microsoft Corporation
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
10368 bytes
Created: 19/01/2008
Modified: 19/01/2008
Company: Padus, Inc.
----------
Key: psadd
ImagePath: system32\DRIVERS\psadd.sys
C:\WINDOWS\system32\DRIVERS\psadd.sys
21376 bytes
Created: 18/01/2008
Modified: 19/02/2007
Company: Lenovo (United States) Inc.
----------
Key: Shockprf
ImagePath: System32\DRIVERS\Apsx86.sys
C:\WINDOWS\System32\DRIVERS\Apsx86.sys
100144 bytes
Created: 25/12/2006
Modified: 25/12/2006
Company: Lenovo.
----------
Key: Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created: 17/11/2006
Modified: 02/10/2006
Company: Microsoft Corporation
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
260224 bytes
Created: 17/11/2006
Modified: 10/02/2005
Company: Analog Devices, Inc.
----------
Key: SolidWorks Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe"
C:\Program Files\Fichiers communs\SolidWorks Shared\Service\SolidWorksLicensing.exe
79360 bytes
Created: 07/03/2008
Modified: 07/03/2008
Company: SolidWorks
----------
Key: SoundMAX Agent Service (default)
ImagePath: C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
45056 bytes
Created: 17/11/2006
Modified: 20/09/2002
Company: Analog Devices, Inc.
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: ssm_bus
ImagePath: system32\DRIVERS\ssm_bus.sys
C:\WINDOWS\system32\DRIVERS\ssm_bus.sys
58320 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdfl
ImagePath: system32\DRIVERS\ssm_mdfl.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys
8336 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: ssm_mdm
ImagePath: system32\DRIVERS\ssm_mdm.sys
C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys
94000 bytes
Created: 19/01/2008
Modified: 30/08/2005
Company: MCCI
----------
Key: SUService
ImagePath: c:\program files\lenovo\system update\suservice.exe
c:\program files\lenovo\system update\suservice.exe
32768 bytes
Created: 16/05/2008
Modified: 16/05/2008
Company: Lenovo Group Limited
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{80DC98F3-6751-434B-A813-D18D5EFD7A18}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 24/04/2003
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: SynTP
ImagePath: System32\DRIVERS\SynTP.sys
C:\WINDOWS\System32\DRIVERS\SynTP.sys
177664 bytes
Created: 17/11/2006
Modified: 14/02/2006
Company: Synaptics, Inc.
----------
Key: TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9343 bytes
Created: 17/11/2006
Modified: 02/10/2006
ce que je ne comprends pas c'est que malware me détecte encore le trojan downld en mode normal et que j'ai beau l'effacé il revient à chaque redémarrage
Salut
pour aider,
branche tout tes disque (clé usb , disques externes...) sans les ouvrir
ensuite refais un scan combofix et post le rapport , et laisse tes disques externes branché pour l instant
à+
pour aider,
branche tout tes disque (clé usb , disques externes...) sans les ouvrir
ensuite refais un scan combofix et post le rapport , et laisse tes disques externes branché pour l instant
à+
ca m'a donné ca
File/Folder not found.
C:\WINDOWS\system32\drivers\downld moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08232008_162613
tu penses que c'est bon????
Merci encore de ton aide
File/Folder not found.
C:\WINDOWS\system32\drivers\downld moved successfully.
OTMoveIt2 by OldTimer - Version 1.0.4.3 log created on 08232008_162613
tu penses que c'est bon????
Merci encore de ton aide
Voila ce que je pense le dossier downld est vide mais au demarage il se regenere a cause de :
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4857-ca71-11dc-8f62-0014a4334df6}]
\Shell\AutoRun\command - J:\ntde1ect.com
\Shell\explore\Command - J:\ntde1ect.com
\Shell\open\Command - J:\ntde1ect.com
donc il faut s ouccuper des infection usb avant
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{45cd4857-ca71-11dc-8f62-0014a4334df6}]
\Shell\AutoRun\command - J:\ntde1ect.com
\Shell\explore\Command - J:\ntde1ect.com
\Shell\open\Command - J:\ntde1ect.com
donc il faut s ouccuper des infection usb avant
Oui jle pense aussi mais ces disques amovibles ne sont pas branchés et OTMoveIt a degager downld mais on verra bien, de tte facon lorsque son pc sera desinfecté il va falloir s'occuper de ses clés
ca me soule
findb
+- FindB mis a jours le 21/08/08 par Chiquitine29
+- Recherche de fichier bagle :
+- Recherche dans : C:\WINDOWS\Prefetch :
C:\WINDOWS\Prefetch\WINTEMS.EXE Absent
C:\WINDOWS\Prefetch\MDELK.EXE Absent
C:\WINDOWS\Prefetch\HLDRRR.EXE Absent
C:\WINDOWS\Prefetch\FLEC006.EXE Absent
+- Recherche dans : C:\WINDOWS\system32 :
C:\WINDOWS\system32\hldrrr.exe Absent
C:\WINDOWS\system32\mdelk.exe Absent
C:\WINDOWS\system32\wintems.exe Absent
C:\WINDOWS\system32\ban_list.txt Absent
+- Recherche dans : C:\WINDOWS\system32\drivers :
C:\WINDOWS\system32\drivers\mdelk.exe Absent
C:\WINDOWS\system32\drivers\srosa.sys Absent
C:\WINDOWS\system32\drivers\hldrrr.exe Absent
C:\WINDOWS\system32\drivers\downld Présent!!
+- Recherche dans : C:\Documents and Settings\Administrateur\Application Data :
+- Registre :
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
WinPatrol REG_SZ C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
TPKMAPHELPER REG_SZ C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
TPHOTKEY REG_SZ C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PWRMGRTR REG_SZ rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
GrooveMonitor REG_SZ "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
TVT Scheduler Proxy REG_SZ C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
LXDDCATS REG_SZ rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
TrojanScanner REG_SZ C:\Program Files\Trojan Remover\Trjscan.exe /boot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
pdfSaver3 REG_SZ "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
SuperCopier2.exe REG_SZ C:\Program Files\SuperCopier2\SuperCopier2.exe
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
+- Recherche terminee !
+- Execute le : 23/08/2008 a 16:49:25,76
et malware
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1078
Windows 5.1.2600 Service Pack 2
16:48:00 23/08/2008
mbam-log-08-23-2008 (16-47-58).txt
Type de recherche: Examen rapide
Eléments examinés: 47338
Temps écoulé: 4 minute(s), 24 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> No action taken.
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
voila ou j'en suis
merci encore de votre aide
findb
+- FindB mis a jours le 21/08/08 par Chiquitine29
+- Recherche de fichier bagle :
+- Recherche dans : C:\WINDOWS\Prefetch :
C:\WINDOWS\Prefetch\WINTEMS.EXE Absent
C:\WINDOWS\Prefetch\MDELK.EXE Absent
C:\WINDOWS\Prefetch\HLDRRR.EXE Absent
C:\WINDOWS\Prefetch\FLEC006.EXE Absent
+- Recherche dans : C:\WINDOWS\system32 :
C:\WINDOWS\system32\hldrrr.exe Absent
C:\WINDOWS\system32\mdelk.exe Absent
C:\WINDOWS\system32\wintems.exe Absent
C:\WINDOWS\system32\ban_list.txt Absent
+- Recherche dans : C:\WINDOWS\system32\drivers :
C:\WINDOWS\system32\drivers\mdelk.exe Absent
C:\WINDOWS\system32\drivers\srosa.sys Absent
C:\WINDOWS\system32\drivers\hldrrr.exe Absent
C:\WINDOWS\system32\drivers\downld Présent!!
+- Recherche dans : C:\Documents and Settings\Administrateur\Application Data :
+- Registre :
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
WinPatrol REG_SZ C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe
TPKMAPHELPER REG_SZ C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
TPHOTKEY REG_SZ C:\PROGRA~1\Lenovo\PkgMgr\HOTKEY\TPHKMGR.exe
PWRMGRTR REG_SZ rundll32 C:\PROGRA~1\ThinkPad\UTILIT~1\PWRMGRTR.DLL,PwrMgrBkGndMonitor
GrooveMonitor REG_SZ "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
IgfxTray REG_SZ C:\WINDOWS\system32\igfxtray.exe
HotKeysCmds REG_SZ C:\WINDOWS\system32\hkcmd.exe
Persistence REG_SZ C:\WINDOWS\system32\igfxpers.exe
TVT Scheduler Proxy REG_SZ C:\Program Files\Fichiers communs\Lenovo\Scheduler\scheduler_proxy.exe
LXDDCATS REG_SZ rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXDDtime.dll,_RunDLLEntry@16
TrojanScanner REG_SZ C:\Program Files\Trojan Remover\Trjscan.exe /boot
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents
! REG.EXE VERSION 3.0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
pdfSaver3 REG_SZ "C:\Program Files\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe"
SuperCopier2.exe REG_SZ C:\Program Files\SuperCopier2\SuperCopier2.exe
DAEMON Tools Lite REG_SZ "C:\Program Files\DAEMON Tools Lite\daemon.exe" -autorun
ctfmon.exe REG_SZ C:\WINDOWS\system32\ctfmon.exe
SpybotSD TeaTimer REG_SZ C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
+- Recherche terminee !
+- Execute le : 23/08/2008 a 16:49:25,76
et malware
Malwarebytes' Anti-Malware 1.25
Version de la base de données: 1078
Windows 5.1.2600 Service Pack 2
16:48:00 23/08/2008
mbam-log-08-23-2008 (16-47-58).txt
Type de recherche: Examen rapide
Eléments examinés: 47338
Temps écoulé: 4 minute(s), 24 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 1
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
C:\WINDOWS\system32\drivers\downld (Trojan.Agent) -> No action taken.
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
voila ou j'en suis
merci encore de votre aide
