Sujet Précédent Sujet Suivant

Spyware doctor me dit que j'ai rootkit.agent

Résolu/Fermé
Pitou - 6 sept. 2008 à 17:43
 Utilisateur anonyme - 7 sept. 2008 à 05:37
Bonjour,

spyware doctor me dit que j'ai rootkit.agent mais je devrais acheter la version complete pour l'enlever

y a-t-il un logiciel gratuit qui me permette de l'éliminer?


P.S. Merci a boulepate62 pour ses judicieux conseils, mon ordi était infecté grave et maintenant il marche a nouveau
A voir également:

14 réponses

Réponse 1 / 14
Utilisateur anonyme
7 sept. 2008 à 00:25
Ne touche à rien d'autre.
C'est peut-être Spyware Doctor qui délire pour vérifier ça :

Rends toi ici
https://www.virustotal.com/gui/

Dans le champs là ou il y a le bouton "Choisir" copie et colle la lligne ci-dessous
C:\WINDOWS\system32\drivers\oreans32.sys

Clic sur Envoyer le fichier. Patiente et dès qu'il a terminé, copie le rapport ici stp
Si tu n'as rien compris, tu trouveras un tutoriel pour Virustotal ci-dessous
https://kerio.probb.fr/t671-tutoriel-virustotal-multi-scans-anti-virus
1
Réponse 2 / 14
Utilisateur anonyme
7 sept. 2008 à 01:42
Ok, rends toi jusqu'à ce fichier est supprime-le :
C:\WINDOWS\system32\drivers\oreans32.sys s'il persiste supprime-le en mode sans échec.
1
Réponse 3 / 14
Utilisateur anonyme
6 sept. 2008 à 17:47
Hello

C'est enore moi :-)

Peux-tu nous donner le rapport de Spyware Doctor ou nous indiquer l'emplacement où est situé la bestiole ?

Pense à mettre à jour ton Firefox
0
Réponse 4 / 14
Pitou
6 sept. 2008 à 17:52
je ne peux pas copier coller donc je tape les détails à la main


c:/windows/system32/drivers/oreans32.sys
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 14
Utilisateur anonyme
6 sept. 2008 à 18:28
Regarde la réponse <3> de ce sujet et utilise le logiciel indiqué.
0
Réponse 6 / 14
Pitou
6 sept. 2008 à 19:33
ok j'ai fait tourner trojan remover, il a enlevé un truc... je fais quoi ensuite?
0
Réponse 7 / 14
Utilisateur anonyme
6 sept. 2008 à 20:22
Bah, ton problème est réglé ?!
0
Réponse 8 / 14
Pitou
6 sept. 2008 à 23:16
non, spyware doctor me dit toujours que j'ai rootkit.agent, et aussi un dialer
0
Réponse 9 / 14
Utilisateur anonyme
6 sept. 2008 à 23:18
Toujours le même ?
Refais un scan avec Trojan Remover et mets moi le rapport ici (n'oublie pas de le mettre à jour avant de l'utiliser)
Pour Spyware Doctor j'ai besoin que tu me donnes l'emplacement exact où se situe les bestioles, sans quoi je ne peux faire grand-chose ;-)
0
Réponse 10 / 14
pitou
7 sept. 2008 à 00:01
le dialer a disparu en tout cas, mais rootkit.agent est toujours la

l'analyse de spyware doctor dit que c'est le fichier

c:/windows/system32/drivers/oreans32.sys


il y a aussi beaucoup de lignes pour les programmes de démarrage, les valeurs de registre et les clés de registre. je dois tous les taper? il semble impossible de faire copier coller.





***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2542. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 17:49:04 06 sept. 2008
Using Database v7125
Operating System: Windows XP SP3 [Windows XP Professional Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Francois Bergeron\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Francois Bergeron\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Spyware

************************************************************


************************************************************
17:49:04: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
17:49:04: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
17:49:04: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
17:49:04: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: CTHelper
Value Data: CTHELPER.EXE
C:\WINDOWS\CTHELPER.EXE
16384 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
--------------------
Value Name: H2O
Value Data: C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
385024 bytes
Created: 18/07/2006
Modified: 23/10/2005
Company: Team H2O
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1235736 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: !AVG Anti-Spyware
Value Data: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
6731312 bytes
Created: 11/06/2007
Modified: 11/06/2007
Company: GRISOFT s.r.o.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 12/07/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
--------------------
Value Name: TClock.exe
Value Data: C:\Program Files\TClock\tclock_install.exe
C:\Program Files\TClock\tclock_install.exe
140133 bytes
Created: 20/07/2006
Modified: 10/07/2006
Company:
--------------------
Value Name: WMPNSCFG
Value Data: C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
204288 bytes
Created: 10/05/2006
Modified: 03/11/2006
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
17:49:05: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
79408 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------

************************************************************
17:49:05: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
17:49:05: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
17:49:05: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 10/05/2006
Modified: 03/11/2006
Company:
----------

************************************************************
17:49:06: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
17:49:06: Scanning ----- SERVICES REGISTRY KEYS -----
Key: a2free
ImagePath: "C:\Program Files\a-squared Free\a2service.exe"
C:\Program Files\a-squared Free\a2service.exe
380536 bytes
Created: 06/09/2008
Modified: 31/07/2008
Company: Emsi Software GmbH
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys [file not found to scan]
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
110592 bytes
Created: 06/09/2007
Modified: 06/09/2007
Company: Apple, Inc.
----------
Key: ATI Smart
ImagePath: C:\WINDOWS\system32\ati2sgag.exe
C:\WINDOWS\system32\ati2sgag.exe
520192 bytes
Created: 18/07/2006
Modified: 07/06/2006
Company:
----------
Key: AVG Anti-Spyware Driver
ImagePath: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
11000 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company:
----------
Key: AVG Anti-Spyware Guard
ImagePath: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
312880 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
875288 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
231704 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgAsCln
ImagePath: System32\DRIVERS\AvgAsCln.sys
C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
10872 bytes
Created: 06/09/2008
Modified: 30/05/2007
Company: GRISOFT, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys
97928 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys
26824 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
76040 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: CLEDX
ImagePath: System32\DRIVERS\cledx.sys
C:\WINDOWS\System32\DRIVERS\cledx.sys
33792 bytes
Created: 18/07/2006
Modified: 09/05/2005
Company: Team H2O
----------
Key: ctac32k
ImagePath: system32\drivers\ctac32k.sys
C:\WINDOWS\system32\drivers\ctac32k.sys
501760 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: ctaud2k
ImagePath: system32\drivers\ctaud2k.sys
C:\WINDOWS\system32\drivers\ctaud2k.sys
439296 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: ctdvda2k
ImagePath: system32\drivers\ctdvda2k.sys
C:\WINDOWS\system32\drivers\ctdvda2k.sys
340704 bytes
Created: 10/11/2005
Modified: 10/11/2005
Company: Creative Technology Ltd
----------
Key: ctprxy2k
ImagePath: system32\drivers\ctprxy2k.sys
C:\WINDOWS\system32\drivers\ctprxy2k.sys
7168 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: ctsfm2k
ImagePath: system32\drivers\ctsfm2k.sys
C:\WINDOWS\system32\drivers\ctsfm2k.sys
142336 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: emupia
ImagePath: system32\drivers\emupia2k.sys
C:\WINDOWS\system32\drivers\emupia2k.sys
77824 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: ha10kx2k
ImagePath: system32\drivers\ha10kx2k.sys
C:\WINDOWS\system32\drivers\ha10kx2k.sys
754176 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: hap16v2k
ImagePath: system32\drivers\hap16v2k.sys
C:\WINDOWS\system32\drivers\hap16v2k.sys
154112 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: hap17v2k
ImagePath: system32\drivers\hap17v2k.sys
C:\WINDOWS\system32\drivers\hap17v2k.sys
179712 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: hidgame
ImagePath: system32\DRIVERS\hidgame.sys
C:\WINDOWS\system32\DRIVERS\hidgame.sys
8576 bytes
Created: 01/09/2008
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 04/04/2005
Modified: 04/04/2005
Company: Macrovision Corporation
----------
Key: IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
40840 bytes
Created: 06/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: IKSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
66952 bytes
Created: 06/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: IKSysSec
ImagePath: system32\drivers\iksyssec.sys
C:\WINDOWS\system32\drivers\iksyssec.sys
81288 bytes
Created: 06/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: irsir
ImagePath: system32\DRIVERS\irsir.sys
C:\WINDOWS\system32\DRIVERS\irsir.sys
18688 bytes
Created: 31/08/2008
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: MidiSyn
ImagePath: system32\drivers\MidiSyn.sys
C:\WINDOWS\system32\drivers\MidiSyn.sys [file not found to scan]
----------
Key: msgame
ImagePath: System32\DRIVERS\msgame.sys
C:\WINDOWS\System32\DRIVERS\msgame.sys
35200 bytes
Created: 16/07/2006
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: ms_mpu401
ImagePath: system32\drivers\msmpu401.sys
C:\WINDOWS\system32\drivers\msmpu401.sys
2944 bytes
Created: 31/08/2008
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: nmwcd
ImagePath: system32\drivers\ccdcmb.sys
C:\WINDOWS\system32\drivers\ccdcmb.sys
17536 bytes
Created: 22/08/2008
Modified: 07/05/2008
Company: Nokia
----------
Key: nmwcdc
ImagePath: system32\drivers\ccdcmbo.sys
C:\WINDOWS\system32\drivers\ccdcmbo.sys
20864 bytes
Created: 22/08/2008
Modified: 07/05/2008
Company: Nokia
----------
Key: oreans32
ImagePath: \??\C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\system32\drivers\oreans32.sys
33952 bytes
Created: 27/07/2006
Modified: 27/07/2006
Company:
----------
Key: ossrv
ImagePath: system32\drivers\ctoss2k.sys
C:\WINDOWS\system32\drivers\ctoss2k.sys
114688 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd.
----------
Key: pccsmcfd
ImagePath: system32\DRIVERS\pccsmcfd.sys
C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21632 bytes
Created: 23/05/2008
Modified: 17/09/2007
Company: Nokia
----------
Key: PnkBstrA
ImagePath: C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrA.exe
66872 bytes
Created: 06/06/2007
Modified: 06/08/2007
Company:
----------
Key: PnkBstrB
ImagePath: C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PnkBstrB.exe
107832 bytes
Created: 06/06/2007
Modified: 06/09/2008
Company:
----------
Key: sdAuxService
ImagePath: C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
356920 bytes
Created: 06/09/2008
Modified: 13/06/2008
Company: PC Tools
----------
Key: sdCoreService
ImagePath: C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
1077640 bytes
Created: 06/09/2008
Modified: 25/08/2008
Company: PC Tools
----------
Key: senfilt
ImagePath: system32\drivers\senfilt.sys
C:\WINDOWS\system32\drivers\senfilt.sys [file not found to scan]
----------
Key: ServiceLayer
ImagePath: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
575488 bytes
Created: 07/08/2008
Modified: 07/08/2008
Company: Nokia.
----------
Key: SISNIC
ImagePath: System32\DRIVERS\sisnic.sys
C:\WINDOWS\System32\DRIVERS\sisnic.sys
-R- 32256 bytes
Created: 16/07/2006
Modified: 10/07/2002
Company: SiS Corporation
----------
Key: SiSRaid1
ImagePath: System32\DRIVERS\SiSRaid1.sys
C:\WINDOWS\System32\DRIVERS\SiSRaid1.sys
-R- 46464 bytes
Created: 16/07/2006
Modified: 03/09/2004
Company: Silicon Integrated Systems
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys [file not found to scan]
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: sp_rssrv
ImagePath: "C:\Program Files\Spyware Terminator\sp_rsser.exe"
C:\Program Files\Spyware Terminator\sp_rsser.exe
570880 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: Crawler.com
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{92403B35-5127-4AED-A5E4-AF008416A6F0}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: tapvpn
ImagePath: system32\DRIVERS\tapvpn.sys
C:\WINDOWS\system32\DRIVERS\tapvpn.sys
27136 bytes
Created: 23/01/2008
Modified: 23/01/2008
Company: The OpenVPN Project
----------
Key: TmhidCharger2
ImagePath: system32\drivers\TmhidCharger2.sys
C:\WINDOWS\system32\drivers\TmhidCharger2.sys
27773 bytes
Created: 01/09/2008
Modified: 05/06/2000
Company: Windows (R) 2000 DDK provider
----------
Key: upperdev
ImagePath: system32\DRIVERS\usbser_lowerflt.sys
C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
8064 bytes
Created: 22/08/2008
Modified: 06/06/2008
Company: Windows (R) Codename Longhorn DDK provider
----------
Key: usbser
ImagePath: system32\drivers\usbser.sys
C:\WINDOWS\system32\drivers\usbser.sys
26112 bytes
Created: 23/05/2008
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: UsbserFilt
ImagePath: system32\DRIVERS\usbser_lowerfltj.sys
C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
8064 bytes
Created: 22/08/2008
Modified: 07/05/2008
Company: Windows (R) Codename Longhorn DDK provider
----------
Key: usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 19/01/2007
Modified: 19/01/2007
Company: Microsoft Corporation
----------
Key: WMPNetworkSvc
ImagePath: C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
918016 bytes
Created: 10/05/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------

************************************************************
17:49:08: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 18/07/2006
Modified: 28/02/2003
Company:
VxD Key = JAVASUP
----------
----------

************************************************************
17:49:08: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : AtiExtEvent
DLLName: Ati2evxx.dll
C:\WINDOWS\system32\Ati2evxx.dll
61440 bytes
Created: 07/06/2006
Modified: 07/06/2006
Company: ATI Technologies Inc.
----------

************************************************************
17:49:08: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
99608 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: PowerISO
CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
Path: C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\PowerISO\PWRISOSH.DLL
147456 bytes
Created: 07/07/2008
Modified: 07/07/2008
Company: PowerISO Computing, Inc.
----------
Key: SPTContMenu
CLSID: {BD88A479-9623-4897-8546-BC62B9628F44}
Path: C:\Program Files\Spyware Terminator\sptcontmenu.dll
C:\Program Files\Spyware Terminator\sptcontmenu.dll
164352 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: Crawler.com
----------

************************************************************
17:49:08: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007
Modified: 10/05/2007
Company: Adobe Systems, Inc.
----------

************************************************************
17:49:08: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
455960 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
1562448 bytes
Created: 20/07/2006
Modified: 07/07/2008
Company: Safer Networking Limited
----------
Key: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
BHO: C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
609952 bytes
Created: 20/07/2006
Modified: 24/05/2005
Company: PC Tools
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 12/07/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
----------

************************************************************
17:49:08: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 09/05/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------

************************************************************
17:49:08: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
17:49:08: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
17:49:08: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [,avgrsstx.dll]
File: avgrsstx.dll
C:\WINDOWS\system32\avgrsstx.dll
10520 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------

************************************************************
17:49:08: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
17:49:08: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 07/02/2006
Modified: 16/07/2006
Company:
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
17:49:08: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 29/08/2007
Modified: 11/04/2008
Company: Apple Inc.
Parameters: -task
Next Run Time: 11/09/2008 13:21:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
----------

************************************************************
17:49:08: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
17:49:08: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Francois Bergeron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Francois Bergeron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 20/07/2006
Modified: 26/04/2007
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Francois Bergeron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 20/07/2006
Modified: 26/04/2007
Company:
----------
Additional checks completed

************************************************************
17:49:09: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\System32\Ati2evxx.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\WINDOWS\CTHELPER.EXE
--------------------
C:\Program Files\a-squared Free\a2service.exe
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\PnkBstrA.exe
--------------------
C:\WINDOWS\system32\PnkBstrB.exe
--------------------
C:\Program Files\Spyware Doctor\pctsAuxs.exe
--------------------
C:\Program Files\Spyware Doctor\pctsSvc.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
--------------------
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgtray.exe
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
--------------------
C:\Program Files\Spyware Terminator\sp_rsser.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\Program Files\Spyware Doctor\pctsTray.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgemc.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe
--------------------
C:\Program Files\Windows Media Player\WMPNSCFG.exe
--------------------
C:\Program Files\Windows Media Player\WMPNetwk.exe
--------------------
C:\Program Files\TClock\TClock.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
--------------------
C:\Documents and Settings\Francois Bergeron\Application Data\Simply Super Software\Trojan Remover\bdo4F.exe
FileSize: 2548288
[This is a Trojan Remover component]
--------------------
--------------------
C:\Program Files\AVG\AVG8\avgui.exe
--------------------
C:\WINDOWS\system32\wscntfy.exe
--------------------

************************************************************
17:49:10: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
17:49:10: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
17:49:10: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.com/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 17:49:10 06 sept. 2008
Total Scan time: 00:00:06
************************************************************


***** THE SYSTEM HAS BEEN RESTARTED *****
06/09/2008 13:25:06: Trojan Remover has been restarted
The AppInitDLLs Registry entry has been reset
Unable to rename C:\WINDOWS\system32\tlzotg.dll to C:\WINDOWS\system32\tlzotg.dll.vir
(C:\WINDOWS\system32\tlzotg.dll does not appear to exist)
06/09/2008 13:25:06: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2542. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 13:10:00 06 sept. 2008
Using Database v7125
Operating System: Windows XP SP3 [Windows XP Professional Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Francois Bergeron\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Francois Bergeron\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************************


************************************************************
13:10:00: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
13:10:00: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
13:10:00: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
13:10:01: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: CTHelper
Value Data: CTHELPER.EXE
C:\WINDOWS\CTHELPER.EXE
16384 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
--------------------
Value Name: H2O
Value Data: C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
385024 bytes
Created: 18/07/2006
Modified: 23/10/2005
Company: Team H2O
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1235736 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: !AVG Anti-Spyware
Value Data: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
6731312 bytes
Created: 11/06/2007
Modified: 11/06/2007
Company: GRISOFT s.r.o.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
917072 bytes
Created: 06/09/2008
Modified: 04/09/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
--------------------
Value Name: TClock.exe
Value Data: C:\Program Files\TClock\tclock_install.exe
C:\Program Files\TClock\tclock_install.exe
140133 bytes
Created: 20/07/2006
Modified: 10/07/2006
Company:
--------------------
Value Name: WMPNSCFG
Value Data: C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
204288 bytes
Created: 10/05/2006
Modified: 03/11/2006
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
13:10:04: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
79408 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------

************************************************************
13:10:04: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
13:10:05: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
13:10:05: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 10/05/2006
Modified: 03/11/2006
Company:
----------

************************************************************
13:10:05: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
13:10:06: Scanning ----- SERVICES REGISTRY KEYS -----
Key: a2free
ImagePath: "C:\Program Files\a-squared Free\a2service.exe"
C:\Program Files\a-squared Free\a2service.exe
380536 bytes
Created: 06/09/2008
Modified: 31/07/2008
Company: Emsi Software GmbH
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys [file not found to scan]
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
110592 bytes
Created: 06/09/2007
Modified: 06/09/2007
Company: Apple, Inc.
----------
Key: ATI Smart
ImagePath: C:\WINDOWS\system32\ati2sgag.exe
C:\WINDOWS\system32\ati2sgag.exe
520192 bytes
Created: 18/07/2006
Modified: 07/06/2006
Company:
----------
Key: AVG Anti-Spyware Driver
ImagePath: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
11000 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company:
----------
Key: AVG Anti-Spyware Guard
ImagePath: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
312880 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
875288 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
231704 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgAsCln
ImagePath: System32\DRIVERS\AvgAsCln.sys
C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
10872 bytes
Created: 06/09/2008
Modified: 30/05/2007
Company: GRISOFT, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys
97928 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys
26824 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
76040 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: CLEDX
ImagePath: System32\DRIVERS\cledx.sys
C:\WINDOWS\System32\DRIVERS\cledx.sys
33792 bytes
Created: 18/07/2006
Modified: 09/05/2005
Company: Team H2O
----------
Key: ctac32k
ImagePath: system32\drivers\ctac32k.sys
C:\WINDOWS\system32\drivers\ctac32k.sys
501760 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: ctaud2k
ImagePath: system32\drivers\ctaud2k.sys
C:\WINDOWS\system32\drivers\ctaud2k.sys
439296 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: ctdvda2k
ImagePath: system32\drivers\ctdvda2k.sys
C:\WINDOWS\system32\drivers\ctdvda2k.sys
340704 bytes
Created: 10/11/2005
Modified: 10/11/2005
Company: Creative Technology Ltd
----------
Key: ctprxy2k
ImagePath: system32\drivers\ctprxy2k.sys
C:\WINDOWS\system32\drivers\ctprxy2k.sys
7168 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: ctsfm2k
ImagePath: system32\drivers\ctsfm2k.sys
C:\WINDOWS\system32\drivers\ctsfm2k.sys
142336 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: emupia
ImagePath: system32\drivers\emupia2k.sys
C:\WINDOWS\system32\drivers\emupia2k.sys
77824 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: ha10kx2k
ImagePath: system32\drivers\ha10kx2k.sys
C:\WINDOWS\system32\drivers\ha10kx2k.sys
754176 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: hap16v2k
ImagePath: system32\drivers\hap16v2k.sys
C:\WINDOWS\system32\drivers\hap16v2k.sys
154112 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: hap17v2k
ImagePath: system32\drivers\hap17v2k.sys
C:\WINDOWS\system32\drivers\hap17v2k.sys
179712 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: hidgame
ImagePath: system32\DRIVERS\hidgame.sys
C:\WINDOWS\system32\DRIVERS\hidgame.sys
8576 bytes
Created: 01/09/2008
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 04/04/2005
Modified: 04/04/2005
Company: Macrovision Corporation
----------
Key: IKFileSec
ImagePath: \SystemRoot\system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
40840 bytes
Created: 06/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: IKSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
66952 bytes
Created: 06/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: IKSysSec
ImagePath: system32\drivers\iksyssec.sys
C:\WINDOWS\system32\drivers\iksyssec.sys
81288 bytes
Created: 06/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: irsir
ImagePath: system32\DRIVERS\irsir.sys
C:\WINDOWS\system32\DRIVERS\irsir.sys
18688 bytes
Created: 31/08/2008
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: MidiSyn
ImagePath: system32\drivers\MidiSyn.sys
C:\WINDOWS\system32\drivers\MidiSyn.sys [file not found to scan]
----------
Key: msgame
ImagePath: System32\DRIVERS\msgame.sys
C:\WINDOWS\System32\DRIVERS\msgame.sys
35200 bytes
Created: 16/07/2006
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: ms_mpu401
ImagePath: system32\drivers\msmpu401.sys
C:\WINDOWS\system32\drivers\msmpu401.sys
2944 bytes
Created: 31/08/2008
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: nmwcd
ImagePath: system32\drivers\ccdcmb.sys
C:\WINDOWS\system32\drivers\ccdcmb.sys
17536 bytes
Created: 22/08/2008
Modified: 07/05/2008
Company: Nokia
----------
Key: nmwcdc
ImagePath: system32\drivers\ccdcmbo.sys
C:\WINDOWS\system32\drivers\ccdcmbo.sys
20864 bytes
Created: 22/08/2008
Modified: 07/05/2008
Company: Nokia
----------
Key: oreans32
ImagePath: \??\C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\system32\drivers\oreans32.sys
33952 bytes
Created: 27/07/2006
Modified: 27/07/2006
Company:
----------
Key: ossrv
ImagePath: system32\drivers\ctoss2k.sys
C:\WINDOWS\system32\drivers\ctoss2k.sys
114688 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd.
----------
Key: pccsmcfd
ImagePath: system32\DRIVERS\pccsmcfd.sys
C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21632 bytes
Created: 23/05/2008
Modified: 17/09/2007
Company: Nokia
----------
Key: PnkBstrA
ImagePath: C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrA.exe
66872 bytes
Created: 06/06/2007
Modified: 06/08/2007
Company:
----------
Key: PnkBstrB
ImagePath: C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PnkBstrB.exe
107832 bytes
Created: 06/06/2007
Modified: 06/09/2008
Company:
----------
Key: sdAuxService
ImagePath: C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
356920 bytes
Created: 06/09/2008
Modified: 13/06/2008
Company: PC Tools
----------
Key: sdCoreService
ImagePath: C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
1077640 bytes
Created: 06/09/2008
Modified: 25/08/2008
Company: PC Tools
----------
Key: senfilt
ImagePath: system32\drivers\senfilt.sys
C:\WINDOWS\system32\drivers\senfilt.sys [file not found to scan]
----------
Key: ServiceLayer
ImagePath: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
575488 bytes
Created: 07/08/2008
Modified: 07/08/2008
Company: Nokia.
----------
Key: SISNIC
ImagePath: System32\DRIVERS\sisnic.sys
C:\WINDOWS\System32\DRIVERS\sisnic.sys
-R- 32256 bytes
Created: 16/07/2006
Modified: 10/07/2002
Company: SiS Corporation
----------
Key: SiSRaid1
ImagePath: System32\DRIVERS\SiSRaid1.sys
C:\WINDOWS\System32\DRIVERS\SiSRaid1.sys
-R- 46464 bytes
Created: 16/07/2006
Modified: 03/09/2004
Company: Silicon Integrated Systems
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys [file not found to scan]
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: sp_rssrv
ImagePath: "C:\Program Files\Spyware Terminator\sp_rsser.exe"
C:\Program Files\Spyware Terminator\sp_rsser.exe
570880 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: Crawler.com
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{92403B35-5127-4AED-A5E4-AF008416A6F0}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: tapvpn
ImagePath: system32\DRIVERS\tapvpn.sys
C:\WINDOWS\system32\DRIVERS\tapvpn.sys
27136 bytes
Created: 23/01/2008
Modified: 23/01/2008
Company: The OpenVPN Project
----------
Key: TmhidCharger2
ImagePath: system32\drivers\TmhidCharger2.sys
C:\WINDOWS\system32\drivers\TmhidCharger2.sys
27773 bytes
Created: 01/09/2008
Modified: 05/06/2000
Company: Windows (R) 2000 DDK provider
----------
Key: upperdev
ImagePath: system32\DRIVERS\usbser_lowerflt.sys
C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
8064 bytes
Created: 22/08/2008
Modified: 06/06/2008
Company: Windows (R) Codename Longhorn DDK provider
----------
Key: usbser
ImagePath: system32\drivers\usbser.sys
C:\WINDOWS\system32\drivers\usbser.sys
26112 bytes
Created: 23/05/2008
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: UsbserFilt
ImagePath: system32\DRIVERS\usbser_lowerfltj.sys
C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
8064 bytes
Created: 22/08/2008
Modified: 07/05/2008
Company: Windows (R) Codename Longhorn DDK provider
----------
Key: usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 19/01/2007
Modified: 19/01/2007
Company: Microsoft Corporation
----------
Key: WMPNetworkSvc
ImagePath: C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
918016 bytes
Created: 10/05/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------

************************************************************
13:10:13: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 18/07/2006
Modified: 28/02/2003
Company:
VxD Key = JAVASUP
----------
----------

************************************************************
13:10:13: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : AtiExtEvent
DLLName: Ati2evxx.dll
C:\WINDOWS\system32\Ati2evxx.dll
61440 bytes
Created: 07/06/2006
Modified: 07/06/2006
Company: ATI Technologies Inc.
----------

************************************************************
13:10:13: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
99608 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: PowerISO
CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
Path: C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\PowerISO\PWRISOSH.DLL
147456 bytes
Created: 07/07/2008
Modified: 07/07/2008
Company: PowerISO Computing, Inc.
----------
Key: SPTContMenu
CLSID: {BD88A479-9623-4897-8546-BC62B9628F44}
Path: C:\Program Files\Spyware Terminator\sptcontmenu.dll
C:\Program Files\Spyware Terminator\sptcontmenu.dll
164352 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: Crawler.com
----------

************************************************************
13:10:14: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007
Modified: 10/05/2007
Company: Adobe Systems, Inc.
----------

************************************************************
13:10:14: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
455960 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
1562448 bytes
Created: 20/07/2006
Modified: 07/07/2008
Company: Safer Networking Limited
----------
Key: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
BHO: C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
609952 bytes
Created: 20/07/2006
Modified: 24/05/2005
Company: PC Tools
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 12/07/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
----------

************************************************************
13:10:14: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 09/05/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------

************************************************************
13:10:14: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
13:10:14: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
13:10:14: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [tlzotg.dll,avgrsstx.dll]
tlzotg.dll - this reference will be removed
C:\WINDOWS\system32\tlzotg.dll - unable to take ownership/change permissions
C:\WINDOWS\system32\tlzotg.dll - marked for renaming when the PC is restarted (if it exists)
----------
File: avgrsstx.dll
C:\WINDOWS\system32\avgrsstx.dll
10520 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------

************************************************************
13:22:35: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
13:22:35: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 07/02/2006
Modified: 16/07/2006
Company:
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
13:22:35: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 29/08/2007
Modified: 11/04/2008
Company: Apple Inc.
Parameters: -task
Next Run Time: 11/09/2008 13:21:00
Status:
0
Réponse 11 / 14
pitou
7 sept. 2008 à 00:01
le dialer a disparu en tout cas, mais rootkit.agent est toujours la

l'analyse de spyware doctor dit que c'est le fichier

c:/windows/system32/drivers/oreans32.sys


il y a aussi beaucoup de lignes pour les programmes de démarrage, les valeurs de registre et les clés de registre. je dois tous les taper? il semble impossible de faire copier coller.





***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2542. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 17:49:04 06 sept. 2008
Using Database v7125
Operating System: Windows XP SP3 [Windows XP Professional Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Francois Bergeron\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Francois Bergeron\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Spyware

************************************************************


************************************************************
17:49:04: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
17:49:04: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
17:49:04: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
17:49:04: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: CTHelper
Value Data: CTHELPER.EXE
C:\WINDOWS\CTHELPER.EXE
16384 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
--------------------
Value Name: H2O
Value Data: C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
385024 bytes
Created: 18/07/2006
Modified: 23/10/2005
Company: Team H2O
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1235736 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: !AVG Anti-Spyware
Value Data: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
6731312 bytes
Created: 11/06/2007
Modified: 11/06/2007
Company: GRISOFT s.r.o.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 12/07/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
--------------------
Value Name: TClock.exe
Value Data: C:\Program Files\TClock\tclock_install.exe
C:\Program Files\TClock\tclock_install.exe
140133 bytes
Created: 20/07/2006
Modified: 10/07/2006
Company:
--------------------
Value Name: WMPNSCFG
Value Data: C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
204288 bytes
Created: 10/05/2006
Modified: 03/11/2006
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
17:49:05: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
79408 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------

************************************************************
17:49:05: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
17:49:05: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
17:49:05: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 10/05/2006
Modified: 03/11/2006
Company:
----------

************************************************************
17:49:06: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
17:49:06: Scanning ----- SERVICES REGISTRY KEYS -----
Key: a2free
ImagePath: "C:\Program Files\a-squared Free\a2service.exe"
C:\Program Files\a-squared Free\a2service.exe
380536 bytes
Created: 06/09/2008
Modified: 31/07/2008
Company: Emsi Software GmbH
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys [file not found to scan]
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
110592 bytes
Created: 06/09/2007
Modified: 06/09/2007
Company: Apple, Inc.
----------
Key: ATI Smart
ImagePath: C:\WINDOWS\system32\ati2sgag.exe
C:\WINDOWS\system32\ati2sgag.exe
520192 bytes
Created: 18/07/2006
Modified: 07/06/2006
Company:
----------
Key: AVG Anti-Spyware Driver
ImagePath: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
11000 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company:
----------
Key: AVG Anti-Spyware Guard
ImagePath: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
312880 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
875288 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
231704 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgAsCln
ImagePath: System32\DRIVERS\AvgAsCln.sys
C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
10872 bytes
Created: 06/09/2008
Modified: 30/05/2007
Company: GRISOFT, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys
97928 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys
26824 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
76040 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: CLEDX
ImagePath: System32\DRIVERS\cledx.sys
C:\WINDOWS\System32\DRIVERS\cledx.sys
33792 bytes
Created: 18/07/2006
Modified: 09/05/2005
Company: Team H2O
----------
Key: ctac32k
ImagePath: system32\drivers\ctac32k.sys
C:\WINDOWS\system32\drivers\ctac32k.sys
501760 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: ctaud2k
ImagePath: system32\drivers\ctaud2k.sys
C:\WINDOWS\system32\drivers\ctaud2k.sys
439296 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: ctdvda2k
ImagePath: system32\drivers\ctdvda2k.sys
C:\WINDOWS\system32\drivers\ctdvda2k.sys
340704 bytes
Created: 10/11/2005
Modified: 10/11/2005
Company: Creative Technology Ltd
----------
Key: ctprxy2k
ImagePath: system32\drivers\ctprxy2k.sys
C:\WINDOWS\system32\drivers\ctprxy2k.sys
7168 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: ctsfm2k
ImagePath: system32\drivers\ctsfm2k.sys
C:\WINDOWS\system32\drivers\ctsfm2k.sys
142336 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: emupia
ImagePath: system32\drivers\emupia2k.sys
C:\WINDOWS\system32\drivers\emupia2k.sys
77824 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: ha10kx2k
ImagePath: system32\drivers\ha10kx2k.sys
C:\WINDOWS\system32\drivers\ha10kx2k.sys
754176 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: hap16v2k
ImagePath: system32\drivers\hap16v2k.sys
C:\WINDOWS\system32\drivers\hap16v2k.sys
154112 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: hap17v2k
ImagePath: system32\drivers\hap17v2k.sys
C:\WINDOWS\system32\drivers\hap17v2k.sys
179712 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: hidgame
ImagePath: system32\DRIVERS\hidgame.sys
C:\WINDOWS\system32\DRIVERS\hidgame.sys
8576 bytes
Created: 01/09/2008
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 04/04/2005
Modified: 04/04/2005
Company: Macrovision Corporation
----------
Key: IKFileSec
ImagePath: system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
40840 bytes
Created: 06/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: IKSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
66952 bytes
Created: 06/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: IKSysSec
ImagePath: system32\drivers\iksyssec.sys
C:\WINDOWS\system32\drivers\iksyssec.sys
81288 bytes
Created: 06/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: irsir
ImagePath: system32\DRIVERS\irsir.sys
C:\WINDOWS\system32\DRIVERS\irsir.sys
18688 bytes
Created: 31/08/2008
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: MidiSyn
ImagePath: system32\drivers\MidiSyn.sys
C:\WINDOWS\system32\drivers\MidiSyn.sys [file not found to scan]
----------
Key: msgame
ImagePath: System32\DRIVERS\msgame.sys
C:\WINDOWS\System32\DRIVERS\msgame.sys
35200 bytes
Created: 16/07/2006
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: ms_mpu401
ImagePath: system32\drivers\msmpu401.sys
C:\WINDOWS\system32\drivers\msmpu401.sys
2944 bytes
Created: 31/08/2008
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: nmwcd
ImagePath: system32\drivers\ccdcmb.sys
C:\WINDOWS\system32\drivers\ccdcmb.sys
17536 bytes
Created: 22/08/2008
Modified: 07/05/2008
Company: Nokia
----------
Key: nmwcdc
ImagePath: system32\drivers\ccdcmbo.sys
C:\WINDOWS\system32\drivers\ccdcmbo.sys
20864 bytes
Created: 22/08/2008
Modified: 07/05/2008
Company: Nokia
----------
Key: oreans32
ImagePath: \??\C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\system32\drivers\oreans32.sys
33952 bytes
Created: 27/07/2006
Modified: 27/07/2006
Company:
----------
Key: ossrv
ImagePath: system32\drivers\ctoss2k.sys
C:\WINDOWS\system32\drivers\ctoss2k.sys
114688 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd.
----------
Key: pccsmcfd
ImagePath: system32\DRIVERS\pccsmcfd.sys
C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21632 bytes
Created: 23/05/2008
Modified: 17/09/2007
Company: Nokia
----------
Key: PnkBstrA
ImagePath: C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrA.exe
66872 bytes
Created: 06/06/2007
Modified: 06/08/2007
Company:
----------
Key: PnkBstrB
ImagePath: C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PnkBstrB.exe
107832 bytes
Created: 06/06/2007
Modified: 06/09/2008
Company:
----------
Key: sdAuxService
ImagePath: C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
356920 bytes
Created: 06/09/2008
Modified: 13/06/2008
Company: PC Tools
----------
Key: sdCoreService
ImagePath: C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
1077640 bytes
Created: 06/09/2008
Modified: 25/08/2008
Company: PC Tools
----------
Key: senfilt
ImagePath: system32\drivers\senfilt.sys
C:\WINDOWS\system32\drivers\senfilt.sys [file not found to scan]
----------
Key: ServiceLayer
ImagePath: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
575488 bytes
Created: 07/08/2008
Modified: 07/08/2008
Company: Nokia.
----------
Key: SISNIC
ImagePath: System32\DRIVERS\sisnic.sys
C:\WINDOWS\System32\DRIVERS\sisnic.sys
-R- 32256 bytes
Created: 16/07/2006
Modified: 10/07/2002
Company: SiS Corporation
----------
Key: SiSRaid1
ImagePath: System32\DRIVERS\SiSRaid1.sys
C:\WINDOWS\System32\DRIVERS\SiSRaid1.sys
-R- 46464 bytes
Created: 16/07/2006
Modified: 03/09/2004
Company: Silicon Integrated Systems
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys [file not found to scan]
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: sp_rssrv
ImagePath: "C:\Program Files\Spyware Terminator\sp_rsser.exe"
C:\Program Files\Spyware Terminator\sp_rsser.exe
570880 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: Crawler.com
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{92403B35-5127-4AED-A5E4-AF008416A6F0}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: tapvpn
ImagePath: system32\DRIVERS\tapvpn.sys
C:\WINDOWS\system32\DRIVERS\tapvpn.sys
27136 bytes
Created: 23/01/2008
Modified: 23/01/2008
Company: The OpenVPN Project
----------
Key: TmhidCharger2
ImagePath: system32\drivers\TmhidCharger2.sys
C:\WINDOWS\system32\drivers\TmhidCharger2.sys
27773 bytes
Created: 01/09/2008
Modified: 05/06/2000
Company: Windows (R) 2000 DDK provider
----------
Key: upperdev
ImagePath: system32\DRIVERS\usbser_lowerflt.sys
C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
8064 bytes
Created: 22/08/2008
Modified: 06/06/2008
Company: Windows (R) Codename Longhorn DDK provider
----------
Key: usbser
ImagePath: system32\drivers\usbser.sys
C:\WINDOWS\system32\drivers\usbser.sys
26112 bytes
Created: 23/05/2008
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: UsbserFilt
ImagePath: system32\DRIVERS\usbser_lowerfltj.sys
C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
8064 bytes
Created: 22/08/2008
Modified: 07/05/2008
Company: Windows (R) Codename Longhorn DDK provider
----------
Key: usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 19/01/2007
Modified: 19/01/2007
Company: Microsoft Corporation
----------
Key: WMPNetworkSvc
ImagePath: C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
918016 bytes
Created: 10/05/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------

************************************************************
17:49:08: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 18/07/2006
Modified: 28/02/2003
Company:
VxD Key = JAVASUP
----------
----------

************************************************************
17:49:08: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : AtiExtEvent
DLLName: Ati2evxx.dll
C:\WINDOWS\system32\Ati2evxx.dll
61440 bytes
Created: 07/06/2006
Modified: 07/06/2006
Company: ATI Technologies Inc.
----------

************************************************************
17:49:08: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
99608 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: PowerISO
CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
Path: C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\PowerISO\PWRISOSH.DLL
147456 bytes
Created: 07/07/2008
Modified: 07/07/2008
Company: PowerISO Computing, Inc.
----------
Key: SPTContMenu
CLSID: {BD88A479-9623-4897-8546-BC62B9628F44}
Path: C:\Program Files\Spyware Terminator\sptcontmenu.dll
C:\Program Files\Spyware Terminator\sptcontmenu.dll
164352 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: Crawler.com
----------

************************************************************
17:49:08: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007
Modified: 10/05/2007
Company: Adobe Systems, Inc.
----------

************************************************************
17:49:08: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
455960 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
1562448 bytes
Created: 20/07/2006
Modified: 07/07/2008
Company: Safer Networking Limited
----------
Key: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
BHO: C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
609952 bytes
Created: 20/07/2006
Modified: 24/05/2005
Company: PC Tools
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 12/07/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
----------

************************************************************
17:49:08: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 09/05/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------

************************************************************
17:49:08: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
17:49:08: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
17:49:08: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [,avgrsstx.dll]
File: avgrsstx.dll
C:\WINDOWS\system32\avgrsstx.dll
10520 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------

************************************************************
17:49:08: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
17:49:08: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 07/02/2006
Modified: 16/07/2006
Company:
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
17:49:08: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 29/08/2007
Modified: 11/04/2008
Company: Apple Inc.
Parameters: -task
Next Run Time: 11/09/2008 13:21:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
----------

************************************************************
17:49:08: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
17:49:08: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Francois Bergeron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Francois Bergeron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 20/07/2006
Modified: 26/04/2007
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Francois Bergeron\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 20/07/2006
Modified: 26/04/2007
Company:
----------
Additional checks completed

************************************************************
17:49:09: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\System32\Ati2evxx.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\WINDOWS\CTHELPER.EXE
--------------------
C:\Program Files\a-squared Free\a2service.exe
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\PnkBstrA.exe
--------------------
C:\WINDOWS\system32\PnkBstrB.exe
--------------------
C:\Program Files\Spyware Doctor\pctsAuxs.exe
--------------------
C:\Program Files\Spyware Doctor\pctsSvc.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
--------------------
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgtray.exe
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
--------------------
C:\Program Files\Spyware Terminator\sp_rsser.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\Program Files\Spyware Doctor\pctsTray.exe
--------------------
C:\PROGRA~1\AVG\AVG8\avgemc.exe
--------------------
C:\WINDOWS\system32\ctfmon.exe
--------------------
C:\Program Files\Windows Media Player\WMPNSCFG.exe
--------------------
C:\Program Files\Windows Media Player\WMPNetwk.exe
--------------------
C:\Program Files\TClock\TClock.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
--------------------
C:\Documents and Settings\Francois Bergeron\Application Data\Simply Super Software\Trojan Remover\bdo4F.exe
FileSize: 2548288
[This is a Trojan Remover component]
--------------------
--------------------
C:\Program Files\AVG\AVG8\avgui.exe
--------------------
C:\WINDOWS\system32\wscntfy.exe
--------------------

************************************************************
17:49:10: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

************************************************************
17:49:10: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

************************************************************
17:49:10: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.com/?gws_rd=ssl
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 17:49:10 06 sept. 2008
Total Scan time: 00:00:06
************************************************************


***** THE SYSTEM HAS BEEN RESTARTED *****
06/09/2008 13:25:06: Trojan Remover has been restarted
The AppInitDLLs Registry entry has been reset
Unable to rename C:\WINDOWS\system32\tlzotg.dll to C:\WINDOWS\system32\tlzotg.dll.vir
(C:\WINDOWS\system32\tlzotg.dll does not appear to exist)
06/09/2008 13:25:06: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.2.2542. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 13:10:00 06 sept. 2008
Using Database v7125
Operating System: Windows XP SP3 [Windows XP Professional Service Pack 3 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Francois Bergeron\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Francois Bergeron\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Virus

************************************************************


************************************************************
13:10:00: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

************************************************************
13:10:00: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

************************************************************
13:10:00: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
13:10:01: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: CTHelper
Value Data: CTHELPER.EXE
C:\WINDOWS\CTHELPER.EXE
16384 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
--------------------
Value Name: H2O
Value Data: C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
385024 bytes
Created: 18/07/2006
Modified: 23/10/2005
Company: Team H2O
--------------------
Value Name: AVG8_TRAY
Value Data: C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
1235736 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
--------------------
Value Name: !AVG Anti-Spyware
Value Data: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
6731312 bytes
Created: 11/06/2007
Modified: 11/06/2007
Company: GRISOFT s.r.o.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
917072 bytes
Created: 06/09/2008
Modified: 04/09/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
--------------------
Value Name: TClock.exe
Value Data: C:\Program Files\TClock\tclock_install.exe
C:\Program Files\TClock\tclock_install.exe
140133 bytes
Created: 20/07/2006
Modified: 10/07/2006
Company:
--------------------
Value Name: WMPNSCFG
Value Data: C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
204288 bytes
Created: 10/05/2006
Modified: 03/11/2006
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

************************************************************
13:10:04: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
79408 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------

************************************************************
13:10:04: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
13:10:05: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

************************************************************
13:10:05: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 10/05/2006
Modified: 03/11/2006
Company:
----------

************************************************************
13:10:05: Scanning ----- SERVICEDLL REGISTRY KEYS -----

************************************************************
13:10:06: Scanning ----- SERVICES REGISTRY KEYS -----
Key: a2free
ImagePath: "C:\Program Files\a-squared Free\a2service.exe"
C:\Program Files\a-squared Free\a2service.exe
380536 bytes
Created: 06/09/2008
Modified: 31/07/2008
Company: Emsi Software GmbH
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys [file not found to scan]
----------
Key: Apple Mobile Device
ImagePath: "C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
110592 bytes
Created: 06/09/2007
Modified: 06/09/2007
Company: Apple, Inc.
----------
Key: ATI Smart
ImagePath: C:\WINDOWS\system32\ati2sgag.exe
C:\WINDOWS\system32\ati2sgag.exe
520192 bytes
Created: 18/07/2006
Modified: 07/06/2006
Company:
----------
Key: AVG Anti-Spyware Driver
ImagePath: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
11000 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company:
----------
Key: AVG Anti-Spyware Guard
ImagePath: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
312880 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------
Key: avg8emc
ImagePath: C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
875288 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: avg8wd
ImagePath: C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
231704 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgAsCln
ImagePath: System32\DRIVERS\AvgAsCln.sys
C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
10872 bytes
Created: 06/09/2008
Modified: 30/05/2007
Company: GRISOFT, s.r.o.
----------
Key: AvgLdx86
ImagePath: \SystemRoot\System32\Drivers\avgldx86.sys
C:\WINDOWS\System32\Drivers\avgldx86.sys
97928 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgMfx86
ImagePath: \SystemRoot\System32\Drivers\avgmfx86.sys
C:\WINDOWS\System32\Drivers\avgmfx86.sys
26824 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: AvgTdiX
ImagePath: \SystemRoot\System32\Drivers\avgtdix.sys
C:\WINDOWS\System32\Drivers\avgtdix.sys
76040 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: CLEDX
ImagePath: System32\DRIVERS\cledx.sys
C:\WINDOWS\System32\DRIVERS\cledx.sys
33792 bytes
Created: 18/07/2006
Modified: 09/05/2005
Company: Team H2O
----------
Key: ctac32k
ImagePath: system32\drivers\ctac32k.sys
C:\WINDOWS\system32\drivers\ctac32k.sys
501760 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: ctaud2k
ImagePath: system32\drivers\ctaud2k.sys
C:\WINDOWS\system32\drivers\ctaud2k.sys
439296 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: ctdvda2k
ImagePath: system32\drivers\ctdvda2k.sys
C:\WINDOWS\system32\drivers\ctdvda2k.sys
340704 bytes
Created: 10/11/2005
Modified: 10/11/2005
Company: Creative Technology Ltd
----------
Key: ctprxy2k
ImagePath: system32\drivers\ctprxy2k.sys
C:\WINDOWS\system32\drivers\ctprxy2k.sys
7168 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: ctsfm2k
ImagePath: system32\drivers\ctsfm2k.sys
C:\WINDOWS\system32\drivers\ctsfm2k.sys
142336 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: emupia
ImagePath: system32\drivers\emupia2k.sys
C:\WINDOWS\system32\drivers\emupia2k.sys
77824 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: ha10kx2k
ImagePath: system32\drivers\ha10kx2k.sys
C:\WINDOWS\system32\drivers\ha10kx2k.sys
754176 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: hap16v2k
ImagePath: system32\drivers\hap16v2k.sys
C:\WINDOWS\system32\drivers\hap16v2k.sys
154112 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: hap17v2k
ImagePath: system32\drivers\hap17v2k.sys
C:\WINDOWS\system32\drivers\hap17v2k.sys
179712 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd
----------
Key: hidgame
ImagePath: system32\DRIVERS\hidgame.sys
C:\WINDOWS\system32\DRIVERS\hidgame.sys
8576 bytes
Created: 01/09/2008
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 04/04/2005
Modified: 04/04/2005
Company: Macrovision Corporation
----------
Key: IKFileSec
ImagePath: \SystemRoot\system32\drivers\ikfilesec.sys
C:\WINDOWS\system32\drivers\ikfilesec.sys
40840 bytes
Created: 06/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: IKSysFlt
ImagePath: system32\drivers\iksysflt.sys
C:\WINDOWS\system32\drivers\iksysflt.sys
66952 bytes
Created: 06/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: IKSysSec
ImagePath: system32\drivers\iksyssec.sys
C:\WINDOWS\system32\drivers\iksyssec.sys
81288 bytes
Created: 06/09/2008
Modified: 25/08/2008
Company: PCTools Research Pty Ltd.
----------
Key: irsir
ImagePath: system32\DRIVERS\irsir.sys
C:\WINDOWS\system32\DRIVERS\irsir.sys
18688 bytes
Created: 31/08/2008
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: MidiSyn
ImagePath: system32\drivers\MidiSyn.sys
C:\WINDOWS\system32\drivers\MidiSyn.sys [file not found to scan]
----------
Key: msgame
ImagePath: System32\DRIVERS\msgame.sys
C:\WINDOWS\System32\DRIVERS\msgame.sys
35200 bytes
Created: 16/07/2006
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: ms_mpu401
ImagePath: system32\drivers\msmpu401.sys
C:\WINDOWS\system32\drivers\msmpu401.sys
2944 bytes
Created: 31/08/2008
Modified: 17/08/2001
Company: Microsoft Corporation
----------
Key: nmwcd
ImagePath: system32\drivers\ccdcmb.sys
C:\WINDOWS\system32\drivers\ccdcmb.sys
17536 bytes
Created: 22/08/2008
Modified: 07/05/2008
Company: Nokia
----------
Key: nmwcdc
ImagePath: system32\drivers\ccdcmbo.sys
C:\WINDOWS\system32\drivers\ccdcmbo.sys
20864 bytes
Created: 22/08/2008
Modified: 07/05/2008
Company: Nokia
----------
Key: oreans32
ImagePath: \??\C:\WINDOWS\system32\drivers\oreans32.sys
C:\WINDOWS\system32\drivers\oreans32.sys
33952 bytes
Created: 27/07/2006
Modified: 27/07/2006
Company:
----------
Key: ossrv
ImagePath: system32\drivers\ctoss2k.sys
C:\WINDOWS\system32\drivers\ctoss2k.sys
114688 bytes
Created: 08/12/2005
Modified: 08/12/2005
Company: Creative Technology Ltd.
----------
Key: pccsmcfd
ImagePath: system32\DRIVERS\pccsmcfd.sys
C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys
21632 bytes
Created: 23/05/2008
Modified: 17/09/2007
Company: Nokia
----------
Key: PnkBstrA
ImagePath: C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\PnkBstrA.exe
66872 bytes
Created: 06/06/2007
Modified: 06/08/2007
Company:
----------
Key: PnkBstrB
ImagePath: C:\WINDOWS\system32\PnkBstrB.exe
C:\WINDOWS\system32\PnkBstrB.exe
107832 bytes
Created: 06/06/2007
Modified: 06/09/2008
Company:
----------
Key: sdAuxService
ImagePath: C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
356920 bytes
Created: 06/09/2008
Modified: 13/06/2008
Company: PC Tools
----------
Key: sdCoreService
ImagePath: C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
1077640 bytes
Created: 06/09/2008
Modified: 25/08/2008
Company: PC Tools
----------
Key: senfilt
ImagePath: system32\drivers\senfilt.sys
C:\WINDOWS\system32\drivers\senfilt.sys [file not found to scan]
----------
Key: ServiceLayer
ImagePath: "C:\Program Files\PC Connectivity Solution\ServiceLayer.exe"
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
575488 bytes
Created: 07/08/2008
Modified: 07/08/2008
Company: Nokia.
----------
Key: SISNIC
ImagePath: System32\DRIVERS\sisnic.sys
C:\WINDOWS\System32\DRIVERS\sisnic.sys
-R- 32256 bytes
Created: 16/07/2006
Modified: 10/07/2002
Company: SiS Corporation
----------
Key: SiSRaid1
ImagePath: System32\DRIVERS\SiSRaid1.sys
C:\WINDOWS\System32\DRIVERS\SiSRaid1.sys
-R- 46464 bytes
Created: 16/07/2006
Modified: 03/09/2004
Company: Silicon Integrated Systems
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys [file not found to scan]
----------
Key: sptd
ImagePath: System32\Drivers\sptd.sys - this file is globally excluded
----------
Key: sp_rssrv
ImagePath: "C:\Program Files\Spyware Terminator\sp_rsser.exe"
C:\Program Files\Spyware Terminator\sp_rsser.exe
570880 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: Crawler.com
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{92403B35-5127-4AED-A5E4-AF008416A6F0}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 28/08/2001
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: tapvpn
ImagePath: system32\DRIVERS\tapvpn.sys
C:\WINDOWS\system32\DRIVERS\tapvpn.sys
27136 bytes
Created: 23/01/2008
Modified: 23/01/2008
Company: The OpenVPN Project
----------
Key: TmhidCharger2
ImagePath: system32\drivers\TmhidCharger2.sys
C:\WINDOWS\system32\drivers\TmhidCharger2.sys
27773 bytes
Created: 01/09/2008
Modified: 05/06/2000
Company: Windows (R) 2000 DDK provider
----------
Key: upperdev
ImagePath: system32\DRIVERS\usbser_lowerflt.sys
C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys
8064 bytes
Created: 22/08/2008
Modified: 06/06/2008
Company: Windows (R) Codename Longhorn DDK provider
----------
Key: usbser
ImagePath: system32\drivers\usbser.sys
C:\WINDOWS\system32\drivers\usbser.sys
26112 bytes
Created: 23/05/2008
Modified: 13/04/2008
Company: Microsoft Corporation
----------
Key: UsbserFilt
ImagePath: system32\DRIVERS\usbser_lowerfltj.sys
C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys
8064 bytes
Created: 22/08/2008
Modified: 07/05/2008
Company: Windows (R) Codename Longhorn DDK provider
----------
Key: usnjsvc
ImagePath: "C:\Program Files\MSN Messenger\usnsvc.exe"
C:\Program Files\MSN Messenger\usnsvc.exe
97136 bytes
Created: 19/01/2007
Modified: 19/01/2007
Company: Microsoft Corporation
----------
Key: WMPNetworkSvc
ImagePath: C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
918016 bytes
Created: 10/05/2006
Modified: 03/11/2006
Company: Microsoft Corporation
----------

************************************************************
13:10:13: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 18/07/2006
Modified: 28/02/2003
Company:
VxD Key = JAVASUP
----------
----------

************************************************************
13:10:13: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : AtiExtEvent
DLLName: Ati2evxx.dll
C:\WINDOWS\system32\Ati2evxx.dll
61440 bytes
Created: 07/06/2006
Modified: 07/06/2006
Company: ATI Technologies Inc.
----------

************************************************************
13:10:13: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AVG8 Shell Extension
CLSID: {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
Path: C:\Program Files\AVG\AVG8\avgse.dll
C:\Program Files\AVG\AVG8\avgse.dll
99608 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: PowerISO
CLSID: {967B2D40-8B7D-4127-9049-61EA0C2C6DCE}
Path: C:\Program Files\PowerISO\PWRISOSH.DLL
C:\Program Files\PowerISO\PWRISOSH.DLL
147456 bytes
Created: 07/07/2008
Modified: 07/07/2008
Company: PowerISO Computing, Inc.
----------
Key: SPTContMenu
CLSID: {BD88A479-9623-4897-8546-BC62B9628F44}
Path: C:\Program Files\Spyware Terminator\sptcontmenu.dll
C:\Program Files\Spyware Terminator\sptcontmenu.dll
164352 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: Crawler.com
----------

************************************************************
13:10:14: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {F9DB5320-233E-11D1-9F84-707F02C10627}
File: C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll
372736 bytes
Created: 10/05/2007
Modified: 10/05/2007
Company: Adobe Systems, Inc.
----------

************************************************************
13:10:14: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}
BHO: C:\Program Files\AVG\AVG8\avgssie.dll
C:\Program Files\AVG\AVG8\avgssie.dll
455960 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
1562448 bytes
Created: 20/07/2006
Modified: 07/07/2008
Company: Safer Networking Limited
----------
Key: {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
BHO: C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
C:\PROGRA~1\SPYWAR~1\tools\iesdsg.dll
609952 bytes
Created: 20/07/2006
Modified: 24/05/2005
Company: PC Tools
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 12/07/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
----------

************************************************************
13:10:14: Scanning ----- SHELLSERVICEOBJECTS -----
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 09/05/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------

************************************************************
13:10:14: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
13:10:14: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
13:10:14: Scanning ----- APPINIT_DLLS -----
AppInitDLLs entry = [tlzotg.dll,avgrsstx.dll]
tlzotg.dll - this reference will be removed
C:\WINDOWS\system32\tlzotg.dll - unable to take ownership/change permissions
C:\WINDOWS\system32\tlzotg.dll - marked for renaming when the PC is restarted (if it exists)
----------
File: avgrsstx.dll
C:\WINDOWS\system32\avgrsstx.dll
10520 bytes
Created: 06/09/2008
Modified: 06/09/2008
Company: AVG Technologies CZ, s.r.o.
----------

************************************************************
13:22:35: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
13:22:35: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 07/02/2006
Modified: 16/07/2006
Company:
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
13:22:35: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 29/08/2007
Modified: 11/04/2008
Company: Apple Inc.
Parameters: -task
Next Run Time: 11/09/2008 13:21:00
Status:
0
Réponse 12 / 14
pitou
7 sept. 2008 à 00:42
Fichier avz00006.dta reçu le 2008.09.06 22:08:45 (CET)
Situation actuelle: terminé
Résultat: 4/36 (11.11%)
Formaté Formaté
Impression des résultats Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 2008.9.6.0 2008.09.06 -
AntiVir 7.8.1.28 2008.09.05 -
Authentium 5.1.0.4 2008.09.06 -
Avast 4.8.1195.0 2008.09.06 -
AVG 8.0.0.161 2008.09.05 -
BitDefender 7.2 2008.09.06 -
CAT-QuickHeal 9.50 2008.09.06 Rootkit.Agent.ad
ClamAV 0.93.1 2008.09.06 -
DrWeb 4.44.0.09170 2008.09.06 -
eSafe 7.0.17.0 2008.09.03 -
eTrust-Vet 31.6.6072 2008.09.05 -
Ewido 4.0 2008.09.06 -
F-Prot 4.4.4.56 2008.09.06 -
F-Secure 8.0.14332.0 2008.09.06 -
Fortinet 3.112.0.0 2008.09.06 -
GData 19 2008.09.06 -
Ikarus T3.1.1.34.0 2008.09.06 -
K7AntiVirus 7.10.443 2008.09.05 Backdoor.Win32.SdBot.AEFU
Kaspersky 7.0.0.125 2008.09.06 -
McAfee 5378 2008.09.05 -
Microsoft 1.3903 2008.09.06 -
NOD32v2 3423 2008.09.06 -
Norman 5.80.02 2008.09.05 -
Panda 9.0.0.4 2008.09.06 -
PCTools 4.4.2.0 2008.09.06 Rootkit.Agent
Prevx1 V2 2008.09.06 -
Rising 20.60.52.00 2008.09.06 -
Sophos 4.33.0 2008.09.06 -
Sunbelt 3.1.1610.1 2008.09.05 -
Symantec 10 2008.09.06 -
TheHacker 6.3.0.8.072 2008.09.04 -
TrendMicro 8.700.0.1004 2008.09.05 -
VBA32 3.12.8.5 2008.09.06 -
ViRobot 2008.9.5.1365 2008.09.06 Trojan.Win32.NTRootkit.33952
VirusBuster 4.5.11.0 2008.09.06 -
Webwasher-Gateway 6.6.2 2008.09.05 -
Information additionnelle
File size: 33952 bytes
MD5...: aad837bf3b475092fd515cd0842334e9
SHA1..: 2f845acac30e40d5aea3ccf8d02f5226089366a5
SHA256: 57be83e12430fcd9ef76ff8dd8a139bf5a8b96e658edd98f4edb3dfb28f27dc0
SHA512: 88f391b5742fc09a7ed4780a6b60d953d88d473ea870e1befa4dbc2e44afb15d
a3a3c31c00e5ff44e4104e15ac1b4e17558b0442390d8ced3f5b7c0b5edd607b
PEiD..: -
TrID..: File type identification
Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
PEInfo: PE Structure information

( base data )
entrypointaddress.: 0x17c55
timedatestamp.....: 0x44339f82 (Wed Apr 05 10:44:18 2006)
machinetype.......: 0x14c (I386)

( 5 sections )
name viradd virsiz rawdsiz ntrpy md5
.text 0x2a0 0x7b46 0x7b60 6.96 a2524f1794b11a9e311333f0da3f6b18
.rdata 0x7e00 0x9c 0xa0 2.76 9d11c72f35eabe22c350bc236bec8c82
.data 0x7ea0 0x27e 0x280 4.66 bb0fc8bd7e2d2d94fe43212b79512d9d
INIT 0x8120 0x1d6 0x1e0 4.61 bf7044af9d417640cd0ee4270ba20097
.reloc 0x8300 0x18c 0x1a0 5.49 842703b1f7458f783d38bcf82a98c483

( 3 imports )
> NTOSKRNL.EXE: IoDeleteDevice, IoCreateSymbolicLink, IoDeleteSymbolicLink, IoCreateDevice, IofCompleteRequest, RtlZeroMemory, RtlInitUnicodeString, DbgPrint
> ntoskrnl.exe: MmAllocateNonCachedMemory, MmFreeNonCachedMemory, MmIsAddressValid, KeServiceDescriptorTable
> HAL.dll: KeLowerIrql, KeRaiseIrql

( 0 exports )
ThreatExpert info: https://www.symantec.com?md5=aad837bf3b475092fd515cd0842334e9
0
Réponse 13 / 14
pitou
7 sept. 2008 à 03:10
j'ai fait tourner la version essai de K7 antivirus et il a reconnu le rootkit.agent et l'a éliminé, avec quelques autres spyware additionnels. Je n'ai donc pas eu a aller effacer le fichier manuellement


Maintenant spyware doctor ne voit plus rien de mauvais! J'espère que mon ordi est enfin clean, merci beaucoup boulepate62
0
Réponse 14 / 14
Utilisateur anonyme
7 sept. 2008 à 05:37
Ok c'est cool ;-)
Si tu ne gardes pas Kaspersky ou ne souhaite pas l'acheter, sache qu'il existe un scan en ligne Kaspersky c'est la même chose que celui avec Bitdefender que je t'ai fait passer, sauf que ce dernier ne supprime rien, tu devras donc demander de l'aide à nouveau. https://kerio.probb.fr/t678-kaspersky-antivirus-en-ligne
Pour Trojan Remover tu peux le supprimer.

Bn surf A++
0

Discussions similaires

Volume musique de fond Netflix trop fort
Mimi_1611 -
Meg -

17 réponses
Trojan alerte
Titou43 -
gen-hackman -

23 réponses
Windows defender: avertissement de sécurité
surfinia -
Tchoumi -

20 réponses