Sujet Précédent Sujet Suivant

HijackThis rapport et besoind 'aide

Fermé
vandevan - 19 févr. 2008 à 10:06
Powax Messages postés 544 Date d'inscription jeudi 31 janvier 2008 Statut Membre Dernière intervention 17 avril 2009 - 24 févr. 2008 à 16:17
Bonjour,

le PC (windows XP SP2) d'une amie donne des signes inquiétants de contamination viral. Quelques symptomes :
- Les comptes utilisateurs ne sont plus paramétrable
- Impossible d'installer un antispyware en mode normale
- utilisation word et excel impossible avecmessage du genre "vous n'avez pas les droits admin"

Bref son PC est devenu inutilisable. En mode sans échec par contre tout est ok. J'ai donc installé ccleaner en mode sans echec, hijackthis. J'ai fait tourné ccleaner et je vous livre ci-apres le rapport hijack this. Tout cela a étré réalisé en mode sans echec.
Merci de m'aider a trouver une solution pour nettoyer tout ça :

Logfile of HijackThis v1.99.1
Scan saved at 22:10:02, on 18/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Propriétaire\Bureau\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.free.fr/freebox/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://runonce.msn.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [PopitNG] C:\PROGRA~1\Wanadoo\Utilisateur1\PopitNG3.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: FotoStation Easy AutoLaunch.lnk = ?
O4 - Global Startup: hp center.lnk = C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
O4 - Global Startup: hp psc 2000 Series.lnk = C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: NkvMon.exe.lnk = C:\Program Files\Hewlett-Packard\NkvMon.exe
O4 - Global Startup: officejet 6100.lnk = ?
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: teleir_cert - https://static.ir.dgi.minefi.gouv.fr/secure/connexion/archives/ie4n4/teleir_cert.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {A19A291A-9653-4498-93F6-5BA06CF699D8} - http://adv.peopleonpage.com/pop/adv/HM/ads/frame_jumping_fr/PopLoad.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
O16 - DPF: {EF99BD32-C1FB-11D2-892F-0090271D4F88} (Yahoo! Toolbar avec bloqueur de fenêtres pop-up) - http://us.dl1.yimg.com/download.companion.yahoo.com/dl/toolbar/yiebio5_1_6_0.cab
O16 - DPF: {F00F4763-7355-4725-82F7-0DA94A256D46} (IMDownloader Class) - http://www2.incredimail.com/contents/setup/downloader/imloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{8FB7F341-89CB-4A37-A643-71E449597383}: NameServer = 212.27.54.252,212.27.53.252
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O20 - Winlogon Notify: igfxcui - C:\WINDOWS\SYSTEM32\igfxsrvc.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: Symantec Event Manager (ccEvtMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Settings Manager (ccSetMgr) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h cltCommon (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - C:\Documents and Settings\isPwdSvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\System32\HPZipm12.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe

2 réponses

Réponse 1 / 2
Powax Messages postés 544 Date d'inscription jeudi 31 janvier 2008 Statut Membre Dernière intervention 17 avril 2009 92
19 févr. 2008 à 10:55
Bonjour,

tu n'as ni anti-virus, ni pare-feu actifs (le pare-feu Windows ne compte pas) !!

1) Télécharge et installe:

http://www.commentcamarche.net/telecharger/telecharger 151 avast

http://www.commentcamarche.net/telecharger/telecharger 206 kerio

2) Ouvre Hijackthis, choisis "do a scan only"

Coche la case devant les lignes:
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
R1 - HKLM\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo.com/search?p=%s
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: (no name) - {CC90CDA0-74A0-45b4-80EF-D89CA8C249B8} - (no file)
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540000} - http://www.spywarestormer.com/files2/Install.cab
O16 - DPF: {205FF73B-CA67-11D5-99DD-444553540006} (CInstall Class) - http://www.errorguard.com/installation/Install.cab
O16 - DPF: {A19A291A-9653-4498-93F6-5BA06CF699D8} - http://adv.peopleonpage.com/pop/adv/HM/ads/frame_jumping_fr/PopLoad.cab
O16 - DPF: {CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA} (Environnement d'exécution Java 1.4.1_01) -
Ferme toutes les autres fenêtres actives et clique sur "Fix checked"

3) Fais une analyse BitDefender à partir d'IE: https://www.bitdefender.fr/

(bouton BitDefender scan online dans la colonne de gauche)

Poste le rapport stp.

4) Télécharge, installe et scanne:

http://www.commentcamarche.net/telecharger/telecharger 34055042 trojan remover

Poste le rapport.
0
vandevan
24 févr. 2008 à 15:06
Bonjour,

désolé pour cette réponse tardive.
L'anti virus est Norton et n'indique pas de présence viral lors de scan en mode normale ou sans echec

Impossible de faire le scan en ligne et ce sur deux site différente.
Voici le rapport de trojan remover :

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.7.2514. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 21/02/2008 10:46:22
Using Database v6938
Operating System: Windows XP SP2
File System: NTFS
Data directory: C:\Documents and Settings\Propriétaire\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\PROGRA~1\Wanadoo\Utilisateur1\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges


**************************************************
PC appears to be in SAFE MODE.

**************************************************


**************************************************
10:46:22: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

**************************************************
10:46:22: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

**************************************************
10:46:22: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
10:46:23: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 04/11/2002
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 04/11/2002
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 04/11/2002
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: KBD
Value Data: C:\HP\KBD\KBD.EXE
C:\HP\KBD\KBD.EXE
61440 bytes
Created: 01/01/2002
Modified: 07/07/2001
Company: Hewlett-Packard Company
--------------------
Value Name: PS2
Value Data: C:\WINDOWS\system32\ps2.exe
C:\WINDOWS\system32\ps2.exe
81920 bytes
Created: 01/01/2002
Modified: 14/06/2002
Company: Hewlett-Packard Company
--------------------
Value Name: Recguard
Value Data: C:\WINDOWS\SMINST\RECGUARD.EXE
C:\WINDOWS\SMINST\RECGUARD.EXE
212992 bytes
Created: 02/01/2002
Modified: 19/12/2001
Company:
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\System32\igfxtray.exe
C:\WINDOWS\System32\igfxtray.exe
143360 bytes
Created: 15/05/2002
Modified: 08/08/2001
Company: Intel Corporation
--------------------
Value Name: hpsysdrv
Value Data: c:\windows\system\hpsysdrv.exe
c:\windows\system\hpsysdrv.exe
52736 bytes
Created: 01/01/2002
Modified: 07/05/1998
Company: Hewlett-Packard Company
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\hkcmd.exe
90112 bytes
Created: 15/05/2002
Modified: 08/08/2001
Company: Intel Corporation
--------------------
Value Name: dla
Value Data: C:\WINDOWS\system32\dla\tfswctrl.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
106549 bytes
Created: 01/01/2002
Modified: 16/07/2002
Company: VERITAS Software, Inc.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
132496 bytes
Created: 15/10/2007
Modified: 25/09/2007
Company: Sun Microsystems, Inc.
--------------------
Value Name: Symantec PIF AlertEng
Value Data: "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
517768 bytes
Created: 12/03/2007
Modified: 12/03/2007
Company: Symantec Corporation
--------------------
Value Name: ccApp
Value Data: C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
115816 bytes
Created: 09/01/2007
Modified: 09/01/2007
Company: Symantec Corporation
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe
C:\Program Files\Trojan Remover\Trjscan.exe
862288 bytes
Created: 19/02/2008
Modified: 14/02/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: PopitNG
Value Data: C:\PROGRA~1\Wanadoo\Utilisateur1\PopitNG3.exe
C:\PROGRA~1\Wanadoo\Utilisateur1\PopitNG3.exe
154112 bytes
Created: 12/04/2005
Modified: 12/04/2005
Company: Bertrand EISELE & Nicolas JOUVRAY
--------------------
Value Name: ctfmon.exe
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 04/11/2002
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

**************************************************
10:46:26: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

**************************************************
10:46:26: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
10:46:26: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\DREAMA~1.SCR
C:\WINDOWS\DREAMA~1.SCR
94208 bytes
Created: 22/01/2006
Modified: 22/01/2006
Company:
--------------------

**************************************************
10:46:26: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {9EF0045A-CDD9-438e-95E6-02B9AFEC8E11}
Path: %SystemRoot%\System32\updcrl.exe
C:\WINDOWS\System32\updcrl.exe
7168 bytes
Created: 23/03/2001
Modified: 23/03/2001
Company: Microsoft Corporation
----------

**************************************************
10:46:27: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: AppMgmt
%SystemRoot%\System32\appmgmts.dll - file is globally excluded (file cannot be found)
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: NwSapAgent
Path: %SystemRoot%\System32\ipxsap.dll
C:\WINDOWS\System32\ipxsap.dll
66560 bytes
Created: 04/11/2002
Modified: 28/08/2001
Company: Microsoft Corporation
--------------------

**************************************************
10:46:29: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ADILOADER
ImagePath: System32\Drivers\adildr.sys
C:\WINDOWS\System32\Drivers\adildr.sys - this registry value has been removed [file not found to scan]
----------
Key: adiusbaw
ImagePath: System32\DRIVERS\adiusbaw.sys
C:\WINDOWS\System32\DRIVERS\adiusbaw.sys - this registry value has been removed [file not found to scan]
----------
Key: ALCXWDM
ImagePath: system32\drivers\ALCXWDM.SYS
C:\WINDOWS\system32\drivers\ALCXWDM.SYS
656172 bytes
Created: 22/06/2002
Modified: 22/06/2002
Company: Avance Logic, Inc.
----------
Key: AmdK7
ImagePath: System32\DRIVERS\amdk7.sys
C:\WINDOWS\System32\DRIVERS\amdk7.sys
41600 bytes
Created: 19/08/2004
Modified: 19/08/2004
Company: Microsoft Corporation
----------
Key: ccEvtMgr
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
108648 bytes
Created: 09/01/2007
Modified: 09/01/2007
Company: Symantec Corporation
----------
Key: ccSetMgr
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
108648 bytes
Created: 09/01/2007
Modified: 09/01/2007
Company: Symantec Corporation
----------
Key: CLTNetCnService
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h cltCommon
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
108648 bytes
Created: 09/01/2007
Modified: 09/01/2007
Company: Symantec Corporation
----------
Key: drvmcdb
ImagePath: system32\drivers\drvmcdb.sys
C:\WINDOWS\system32\drivers\drvmcdb.sys
81552 bytes
Created: 01/01/2002
Modified: 05/06/2002
Company: VERITAS Software, Inc.
----------
Key: drvnddm
ImagePath: system32\drivers\drvnddm.sys
C:\WINDOWS\system32\drivers\drvnddm.sys
40368 bytes
Created: 01/01/2002
Modified: 06/06/2002
Company: VERITAS Software, Inc.
----------
Key: eeCtrl
ImagePath: \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys
385072 bytes
Created: 07/02/2008
Modified: 22/01/2008
Company: Symantec Corporation
----------
Key: EraserUtilRebootDrv
ImagePath: \??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
109616 bytes
Created: 07/02/2008
Modified: 22/01/2008
Company: Symantec Corporation
----------
Key: Fallback
ImagePath: System32\DRIVERS\fallback.sys
C:\WINDOWS\System32\DRIVERS\fallback.sys
-R- 310739 bytes
Created: 24/12/2002
Modified: 12/07/2001
Company: Conexant Systems
----------
Key: Fax
ImagePath: %systemroot%\system32\fxssvc.exe
C:\WINDOWS\system32\fxssvc.exe
268800 bytes
Created: 04/11/2002
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: Fsks
ImagePath: System32\DRIVERS\fsksnt.sys
C:\WINDOWS\System32\DRIVERS\fsksnt.sys
-R- 127405 bytes
Created: 24/12/2002
Modified: 14/06/2001
Company: Conexant Systems
----------
Key: gusvc
ImagePath: "C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe"
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
138168 bytes
Created: 17/05/2007
Modified: 17/05/2007
Company: Google
----------
Key: HPZid412
ImagePath: System32\DRIVERS\HPZid412.sys
C:\WINDOWS\System32\DRIVERS\HPZid412.sys
-R- 50960 bytes
Created: 13/12/2002
Modified: 15/02/2002
Company: HP
----------
Key: HPZipr12
ImagePath: System32\DRIVERS\HPZipr12.sys
C:\WINDOWS\System32\DRIVERS\HPZipr12.sys
-R- 16112 bytes
Created: 13/12/2002
Modified: 21/03/2002
Company: HP
----------
Key: HPZius12
ImagePath: System32\DRIVERS\HPZius12.sys
C:\WINDOWS\System32\DRIVERS\HPZius12.sys
-R- 22512 bytes
Created: 13/12/2002
Modified: 08/03/2002
Company: HP
----------
Key: i81x
ImagePath: System32\DRIVERS\i81xnt5.sys
C:\WINDOWS\System32\DRIVERS\i81xnt5.sys
158140 bytes
Created: 08/08/2001
Modified: 08/08/2001
Company: Intel(R) Corporation
----------
Key: iAimFP0
ImagePath: System32\DRIVERS\wADV01nt.sys
C:\WINDOWS\System32\DRIVERS\wADV01nt.sys
12479 bytes
Created: 08/08/2001
Modified: 08/08/2001
Company: Intel(R) Corporation
----------
Key: iAimFP1
ImagePath: System32\DRIVERS\wADV02NT.sys
C:\WINDOWS\System32\DRIVERS\wADV02NT.sys
12031 bytes
Created: 08/08/2001
Modified: 08/08/2001
Company: Intel(R) Corporation
----------
Key: iAimFP2
ImagePath: System32\DRIVERS\wADV05NT.sys
C:\WINDOWS\System32\DRIVERS\wADV05NT.sys
11679 bytes
Created: 08/08/2001
Modified: 08/08/2001
Company: Intel(R) Corporation
----------
Key: iAimFP3
ImagePath: System32\DRIVERS\wSiINTxx.sys
C:\WINDOWS\System32\DRIVERS\wSiINTxx.sys
11999 bytes
Created: 08/08/2001
Modified: 08/08/2001
Company: Intel(R) Corporation
----------
Key: iAimFP4
ImagePath: System32\DRIVERS\wVchNTxx.sys
C:\WINDOWS\System32\DRIVERS\wVchNTxx.sys
19359 bytes
Created: 08/08/2001
Modified: 08/08/2001
Company: Intel(R) Corporation
----------
Key: iAimTV0
ImagePath: System32\DRIVERS\wATV01nt.sys
C:\WINDOWS\System32\DRIVERS\wATV01nt.sys
29215 bytes
Created: 08/08/2001
Modified: 08/08/2001
Company: Intel(R) Corporation
----------
Key: iAimTV1
ImagePath: System32\DRIVERS\wATV02NT.sys
C:\WINDOWS\System32\DRIVERS\wATV02NT.sys
19199 bytes
Created: 08/08/2001
Modified: 08/08/2001
Company: Intel(R) Corporation
----------
Key: iAimTV2
ImagePath: System32\DRIVERS\wATV03nt.sys
C:\WINDOWS\System32\DRIVERS\wATV03nt.sys - this registry value has been removed [file not found to scan]
----------
Key: iAimTV3
ImagePath: System32\DRIVERS\wATV04nt.sys
C:\WINDOWS\System32\DRIVERS\wATV04nt.sys
33503 bytes
Created: 08/08/2001
Modified: 08/08/2001
Company: Intel(R) Corporation
----------
Key: iAimTV4
ImagePath: System32\DRIVERS\wCh7xxNT.sys
C:\WINDOWS\System32\DRIVERS\wCh7xxNT.sys
23519 bytes
Created: 08/08/2001
Modified: 08/08/2001
Company: Intel(R) Corporation
----------
Key: ialm
ImagePath: System32\DRIVERS\ialmnt5.sys
C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
78045 bytes
Created: 23/05/2002
Modified: 23/05/2002
Company: Intel Corporation
----------
Key: ISPwdSvc
ImagePath: "C:\Documents and Settings\isPwdSvc.exe"
C:\Documents and Settings\isPwdSvc.exe
80504 bytes
Created: 14/01/2007
Modified: 14/01/2007
Company: Symantec Corporation
----------
Key: K56
ImagePath: System32\DRIVERS\k56nt.sys
C:\WINDOWS\System32\DRIVERS\k56nt.sys
-R- 427167 bytes
Created: 24/12/2002
Modified: 12/07/2001
Company: Conexant Systems
----------
Key: LiveUpdate
ImagePath: "C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE"
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
2999664 bytes
Created: 07/02/2008
Modified: 26/09/2007
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Ex
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
108648 bytes
Created: 09/01/2007
Modified: 09/01/2007
Company: Symantec Corporation
----------
Key: LiveUpdate Notice Service
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll"
C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
517768 bytes
Created: 12/03/2007
Modified: 12/03/2007
Company: Symantec Corporation
----------
Key: ms_mpu401
ImagePath: system32\drivers\msmpu401.sys
C:\WINDOWS\system32\drivers\msmpu401.sys
2944 bytes
Created: 01/01/2002
Modified: 18/08/2001
Company: Microsoft Corporation
----------
Key: NAVENG
ImagePath: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080219.003\NAVENG.SYS
C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080219.003\NAVENG.SYS
82256 bytes
Created: 19/02/2008
Modified: 22/01/2008
Company: Symantec Corporation
----------
Key: NAVEX15
ImagePath: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080219.003\NAVEX15.SYS
C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20080219.003\NAVEX15.SYS
895312 bytes
Created: 19/02/2008
Modified: 22/01/2008
Company: Symantec Corporation
----------
Key: nvax
ImagePath: system32\drivers\nvax.sys
C:\WINDOWS\system32\drivers\nvax.sys
13056 bytes
Created: 28/01/2002
Modified: 28/01/2002
Company: NVIDIA® Corporation
----------
Key: NVENET
ImagePath: System32\DRIVERS\NVENET.sys
C:\WINDOWS\System32\DRIVERS\NVENET.sys
96768 bytes
Created: 01/04/2002
Modified: 01/04/2002
Company: NVIDIA Corporation
----------
Key: nvnforce
ImagePath: system32\drivers\nvapu.sys
C:\WINDOWS\system32\drivers\nvapu.sys
187648 bytes
Created: 28/01/2002
Modified: 28/01/2002
Company: NVIDIA® Corporation
----------
Key: nv_agp
ImagePath: System32\DRIVERS\nv_agp.sys
C:\WINDOWS\System32\DRIVERS\nv_agp.sys
13502 bytes
Created: 08/12/2001
Modified: 08/12/2001
Company: NVIDIA Corporation
----------
Key: NwlnkIpx
ImagePath: System32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\System32\DRIVERS\nwlnkipx.sys
88448 bytes
Created: 04/11/2002
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: System32\DRIVERS\nwlnknb.sys
C:\WINDOWS\System32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 04/11/2002
Modified: 28/08/2001
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: System32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\System32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 04/11/2002
Modified: 28/08/2001
Company: Microsoft Corporation
----------
Key: Pctspk
ImagePath: %SystemRoot%\system32\pctspk.exe
C:\WINDOWS\system32\pctspk.exe
86016 bytes
Created: 24/12/2002
Modified: 23/08/2001
Company: PCtel, Inc.
----------
Key: pfc
ImagePath: system32\drivers\pfc.sys
C:\WINDOWS\system32\drivers\pfc.sys
13780 bytes
Created: 02/01/2002
Modified: 09/03/2002
Company: Padus, Inc.
----------
Key: PhilCam8116
ImagePath: System32\DRIVERS\CamDrL21.sys
C:\WINDOWS\System32\DRIVERS\CamDrL21.sys
244096 bytes
Created: 05/08/2004
Modified: 14/02/2004
Company: Logitech Inc.
----------
Key: Planificateur LiveUpdate automatique
ImagePath: "C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe"
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
554352 bytes
Created: 26/07/2006
Modified: 26/09/2007
Company: Symantec Corporation
----------
Key: Pml Driver HPZ12
ImagePath: C:\WINDOWS\System32\HPZipm12.exe
C:\WINDOWS\System32\HPZipm12.exe
-R- 81920 bytes
Created: 13/12/2002
Modified: 15/03/2002
Company: HP
----------
Key: Ps2
ImagePath: System32\DRIVERS\PS2.sys
C:\WINDOWS\System32\DRIVERS\PS2.sys
14112 bytes
Created: 01/01/2002
Modified: 04/06/2001
Company: Hewlett-Packard Company
----------
Key: Ptserial
ImagePath: System32\DRIVERS\ptserial.sys
C:\WINDOWS\System32\DRIVERS\ptserial.sys
138160 bytes
Created: 05/06/2002
Modified: 05/06/2002
Company: PCTEL, INC.
----------
Key: Ptserlp
ImagePath: System32\DRIVERS\ptserlp.sys
C:\WINDOWS\System32\DRIVERS\ptserlp.sys
112574 bytes
Created: 24/12/2002
Modified: 17/08/2001
Company: PCTEL, INC.
----------
Key: PxHelp20
ImagePath: System32\DRIVERS\PxHelp20.sys
C:\WINDOWS\System32\DRIVERS\PxHelp20.sys
16288 bytes
Created: 18/04/2002
Modified: 18/04/2002
Company: VERITAS Software, Inc.
----------
Key: S3Psddr
ImagePath: System32\DRIVERS\s3gnbm.sys
C:\WINDOWS\System32\DRIVERS\s3gnbm.sys
155008 bytes
Created: 13/07/2002
Modified: 13/07/2002
Company: S3 Graphics, Inc.
----------
Key: Secdrv
ImagePath: System32\DRIVERS\secdrv.sys
C:\WINDOWS\System32\DRIVERS\secdrv.sys
20480 bytes
Created: 04/11/2002
Modified: 13/11/2007
Company: Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.
----------
Key: SimpTcp
ImagePath: %SystemRoot%\System32\tcpsvcs.exe
C:\WINDOWS\System32\tcpsvcs.exe
19456 bytes
Created: 04/11/2002
Modified: 28/08/2001
Company: Microsoft Corporation
----------
Key: SoftFax
ImagePath: System32\DRIVERS\faxnt.sys
C:\WINDOWS\System32\DRIVERS\faxnt.sys
-R- 216987 bytes
Created: 24/12/2002
Modified: 14/06/2001
Company: Conexant Systems
----------
Key: SPBBCDrv
ImagePath: \??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys
417592 bytes
Created: 03/01/2007
Modified: 03/01/2007
Company: Symantec Corporation
----------
Key: sr
ImagePath: \SystemRoot\System32\DRIVERS\sr.sys
C:\WINDOWS\System32\DRIVERS\sr.sys
73600 bytes
Created: 04/11/2002
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: SRTSP
ImagePath: System32\Drivers\SRTSP.SYS
C:\WINDOWS\System32\Drivers\SRTSP.SYS
279088 bytes
Created: 30/11/2007
Modified: 30/11/2007
Company: Symantec Corporation
----------
Key: SRTSPL
ImagePath: System32\Drivers\SRTSPL.SYS
C:\WINDOWS\System32\Drivers\SRTSPL.SYS
317616 bytes
Created: 30/11/2007
Modified: 30/11/2007
Company: Symantec Corporation
----------
Key: SRTSPX
ImagePath: System32\Drivers\SRTSPX.SYS
C:\WINDOWS\System32\Drivers\SRTSPX.SYS
43696 bytes
Created: 30/11/2007
Modified: 30/11/2007
Company: Symantec Corporation
----------
Key: sscdbhk5
ImagePath: system32\drivers\sscdbhk5.sys
C:\WINDOWS\system32\drivers\sscdbhk5.sys
5589 bytes
Created: 01/01/2002
Modified: 19/06/2002
Company: VERITAS Software, Inc.
----------
Key: ssrtln
ImagePath: system32\drivers\ssrtln.sys
C:\WINDOWS\system32\drivers\ssrtln.sys
22995 bytes
Created: 01/01/2002
Modified: 19/06/2002
Company: VERITAS Software, Inc.
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{E7E8D2E2-C653-4CB1-AC52-9A9AAB3DCDF1}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 04/11/2002
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: Symantec Core LC
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe"
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
1251720 bytes
Created: 07/02/2008
Modified: 07/02/2008
Company:
----------
Key: SymAppCore
ImagePath: "C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe"
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
47712 bytes
Created: 05/01/2007
Modified: 05/01/2007
Company: Symantec Corporation
----------
Key: SYMDNS
ImagePath: \SystemRoot\System32\Drivers\SYMDNS.SYS
C:\WINDOWS\System32\Drivers\SYMDNS.SYS
12848 bytes
Created: 30/10/2007
Modified: 30/10/2007
Company: Symantec Corporation
----------
Key: SymEvent
ImagePath: \??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
C:\WINDOWS\system32\Drivers\SYMEVENT.SYS
123952 bytes
Created: 07/05/2003
Modified: 07/02/2008
Company: Symantec Corporation
----------
Key: SYMFW
ImagePath: \SystemRoot\System32\Drivers\SYMFW.SYS
C:\WINDOWS\System32\Drivers\SYMFW.SYS
145968 bytes
Created: 30/10/2007
Modified: 30/10/2007
Company: Symantec Corporation
----------
Key: SYMIDS
ImagePath: \SystemRoot\System32\Drivers\SYMIDS.SYS
C:\WINDOWS\System32\Drivers\SYMIDS.SYS
39856 bytes
Created: 30/10/2007
Modified: 30/10/2007
Company: Symantec Corporation
----------
Key: SYMIDSCO
ImagePath: \??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\IDS-DI~1\20080215.002\SymIDSCo.sys
C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\IDS-DI~1\20080215.002\SymIDSCo.sys
240496 bytes
Created: 16/02/2008
Modified: 13/02/2008
Company: Symantec Corporation
----------
Key: SYMNDIS
ImagePath: \SystemRoot\System32\Drivers\SYMNDIS.SYS
C:\WINDOWS\System32\Drivers\SYMNDIS.SYS
35120 bytes
Created: 30/10/2007
Modified: 30/10/2007
Company: Symantec Corporation
----------
Key: SYMREDRV
ImagePath: \SystemRoot\System32\Drivers\SYMREDRV.SYS
C:\WINDOWS\System32\Drivers\SYMREDRV.SYS
27696 bytes
Created: 30/10/2007
Modified: 30/10/2007
Company: Symantec Corporation
----------
Key: SYMTDI
ImagePath: \SystemRoot\System32\Drivers\SYMTDI.SYS
C:\WINDOWS\System32\Drivers\SYMTDI.SYS
191536 bytes
Created: 30/10/2007
Modified: 30/10/2007
Company: Symantec Corporation
----------
Key: tfsnboio
ImagePath: system32\dla\tfsnboio.sys
C:\WINDOWS\system32\dla\tfsnboio.sys
23701 bytes
Created: 01/01/2002
Modified: 16/07/2002
Company: VERITAS Software, Inc.
----------
Key: tfsncofs
ImagePath: system32\dla\tfsncofs.sys
C:\WINDOWS\system32\dla\tfsncofs.sys
34805 bytes
Created: 01/01/2002
Modified: 16/07/2002
Company: VERITAS Software, Inc.
----------
Key: tfsndrct
ImagePath: system32\dla\tfsndrct.sys
C:\WINDOWS\system32\dla\tfsndrct.sys
4117 bytes
Created: 01/01/2002
Modified: 16/07/2002
Company: VERITAS Software, Inc.
----------
Key: tfsndres
ImagePath: system32\dla\tfsndres.sys
C:\WINDOWS\system32\dla\tfsndres.sys
2233 bytes
Created: 01/01/2002
Modified: 16/07/2002
Company: VERITAS Software, Inc.
----------
Key: tfsnifs
ImagePath: system32\dla\tfsnifs.sys
C:\WINDOWS\system32\dla\tfsnifs.sys
54900 bytes
Created: 01/01/2002
Modified: 16/07/2002
Company: VERITAS Software, Inc.
----------
Key: tfsnopio
ImagePath: system32\dla\tfsnopio.sys
C:\WINDOWS\system32\dla\tfsnopio.sys
14421 bytes
Created: 01/01/2002
Modified: 16/07/2002
Company: VERITAS Software, Inc.
----------
Key: tfsnpool
ImagePath: system32\dla\tfsnpool.sys
C:\WINDOWS\system32\dla\tfsnpool.sys
6325 bytes
Created: 01/01/2002
Modified: 16/07/2002
Company: VERITAS Software, Inc.
----------
Key: tfsnudf
ImagePath: system32\dla\tfsnudf.sys
C:\WINDOWS\system32\dla\tfsnudf.sys
91156 bytes
Created: 01/01/2002
Modified: 16/07/2002
Company: VERITAS Software, Inc.
----------
Key: tfsnudfa
ImagePath: system32\dla\tfsnudfa.sys
C:\WINDOWS\system32\dla\tfsnudfa.sys
95125 bytes
Created: 01/01/2002
Modified: 16/07/2002
Company: VERITAS Software, Inc.
----------
Key: Tones
ImagePath: System32\DRIVERS\tonesnt.sys
C:\WINDOWS\System32\DRIVERS\tonesnt.sys
-R- 56639 bytes
Created: 24/12/2002
Modified: 14/06/2001
Company: Conexant Systems
----------
Key: viaagp1
ImagePath: System32\DRIVERS\viaagp1.sys
C:\WINDOWS\System32\DRIVERS\viaagp1.sys
26880 bytes
Created: 04/03/2002
Modified: 27/12/2002
Company: VIA Technologies, Inc.
----------
Key: Vmodem
ImagePath: System32\DRIVERS\vmodem.sys
C:\WINDOWS\System32\DRIVERS\vmodem.sys
633533 bytes
Created: 05/06/2002
Modified: 05/06/2002
Company: PCTEL, INC.
----------
Key: Vpctcom
ImagePath: System32\DRIVERS\vpctcom.sys
C:\WINDOWS\System32\DRIVERS\vpctcom.sys
396458 bytes
Created: 05/06/2002
Modified: 05/06/2002
Company: PCTEL, INC.
----------
Key: Vvoice
ImagePath: System32\DRIVERS\vvoice.sys
C:\WINDOWS\System32\DRIVERS\vvoice.sys
65342 bytes
Created: 05/06/2002
Modified: 05/06/2002
Company: PCtel, Inc.
----------
Key: {6080A529-897E-4629-A488-ABA0C29B635E}
ImagePath: system32\drivers\ialmsbw.sys
C:\WINDOWS\system32\drivers\ialmsbw.sys
90336 bytes
Created: 23/05/2002
Modified: 23/05/2002
Company: Intel Corporation
----------
Key: {D31A0762-0CEB-444e-ACFF-B049A1F6FE91}
ImagePath: system32\drivers\ialmkchw.sys
C:\WINDOWS\system32\drivers\ialmkchw.sys
69504 bytes
Created: 23/05/2002
Modified: 23/05/2002
Company: Intel Corporation
----------

**************************************************
10:47:08: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
C:\WINDOWS\system32\JAVASUP.VXD
7315 bytes
Created: 12/09/2003
Modified: 28/02/2003
Company:
VxD Key = JAVASUP
----------
----------

**************************************************
10:47:08: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key: igfxcui
DLL: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
270336 bytes
Created: 15/05/2002
Modified: 08/08/2001
Company: Intel Corporation
----------

**************************************************
10:47:08: Scanning ----- CONTEXTMENUHANDLERS -----
Key: Offline Files
CLSID: {750fdf0e-2a26-11d1-a3ea-080036587f03}
Path: %SystemRoot%\System32\cscui.dll
C:\WINDOWS\System32\cscui.dll
337920 bytes
Created: 04/11/2002
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: Open With
CLSID: {09799AFB-AD67-11d1-ABCD-00C04FC30936}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/07/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: Open With EncryptionMenu
CLSID: {A470F8CF-A1E8-4f65-8335-227475AA5C46}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/07/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: Symantec.Norton.Antivirus.IEContextMenu
CLSID: {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
Path: C:\DOCUME~1\NavShExt.dll
C:\DOCUME~1\NavShExt.dll
173680 bytes
Created: 14/01/2007
Modified: 14/01/2007
Company: Symantec Corporation
----------
Key: Trojan Remover
CLSID: {52B87208-9CCF-42C9-B88E-069281105805}
Path: C:\PROGRA~1\TROJAN~1\Trshlex.dll
C:\PROGRA~1\TROJAN~1\Trshlex.dll
467552 bytes
Created: 19/02/2008
Modified: 05/02/2007
Company: Simply Super Software
----------
Key: WinRAR
CLSID: {B41DB860-8EE4-11D2-9906-E49FADC173CA}
Path: C:\Program Files\WinRAR\rarext.dll
C:\Program Files\WinRAR\rarext.dll
126464 bytes
Created: 05/10/2006
Modified: 13/09/2006
Company:
----------
Key: WinZip
CLSID: {E0D79304-84BE-11CE-9641-444553540000}
Path: C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
C:\PROGRA~1\WINZIP\WZSHLSTB.DLL
20552 bytes
Created: 05/08/2004
Modified: 05/08/2004
Company: WinZip Computing, Inc.
----------
Key: {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/07/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------

**************************************************
10:47:09: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/07/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {24F14F01-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/07/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {24F14F02-7B1C-11d1-838f-0000F80461CF}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/07/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: {66742402-F9B9-11D1-A202-0000F81FEDEE}
File: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/07/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------

**************************************************
10:47:10: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
440384 bytes
Created: 18/02/2008
Modified: 26/10/2006
Company: Yahoo! Inc.
----------
Key: {243B17DE-77C7-46BF-B94B-0B5F309A0E64}
BHO: C:\Program Files\Microsoft Money\System\mnyside.dll
C:\Program Files\Microsoft Money\System\mnyside.dll
163906 bytes
Created: 17/07/2002
Modified: 17/07/2002
Company: Microsoft Corporation
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - this BHO was being loaded by the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - this key has been removed [file not found to scan]
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - this BHO was referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - this key has been removed
----------
Key: {AA58ED58-01DD-4d91-8333-CF10577473F7}
BHO: c:\program files\google\googletoolbar2.dll
c:\program files\google\googletoolbar2.dll
-R- 2436160 bytes
Created: 17/05/2007
Modified: 17/05/2007
Company: Google Inc.
----------

**************************************************
10:47:16: Scanning ----- SHELLSERVICEOBJECTS -----
Key: PostBootReminder
CLSID: {7849596a-48ea-486e-8937-a2a3009f31a9}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/07/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: CDBurn
CLSID: {fbeb8a05-beee-4442-804e-409d6c4515e9}
Path: %SystemRoot%\system32\SHELL32.dll
C:\WINDOWS\system32\SHELL32.dll
8516608 bytes
Created: 16/07/2004
Modified: 25/10/2007
Company: Microsoft Corporation
----------
Key: WebCheck
CLSID: {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
Path: C:\WINDOWS\system32\webcheck.dll
C:\WINDOWS\system32\webcheck.dll
232960 bytes
Created: 30/08/2002
Modified: 11/10/2007
Company: Microsoft Corporation
----------
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: C:\WINDOWS\System32\stobject.dll
C:\WINDOWS\System32\stobject.dll
122368 bytes
Created: 04/11/2002
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------

**************************************************
10:47:16: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value: {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment: Pré-chargeur Browseui
File: %SystemRoot%\System32\browseui.dll
C:\WINDOWS\System32\browseui.dll
1022976 bytes
Created: 21/01/2004
Modified: 23/09/2006
Company: Microsoft Corporation
----------
Value: {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment: Démon de cache des catégories de composant
File: %SystemRoot%\System32\browseui.dll
C:\WINDOWS\System32\browseui.dll
1022976 bytes
Created: 21/01/2004
Modified: 23/09/2006
Company: Microsoft Corporation
----------

**************************************************
10:47:17: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
10:47:17: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

**************************************************
10:47:17: Scanning ----- SECURITY PROVIDER DLLS -----
DLL: msapsspc.dll
C:\WINDOWS\system32\msapsspc.dll
86016 bytes
Created: 04/11/2002
Modified: 20/08/2004
Company: Microsoft Corporation
----------
DLL: schannel.dll
C:\WINDOWS\system32\schannel.dll
144896 bytes
Created: 04/11/2002
Modified: 25/04/2007
Company: Microsoft Corporation
----------
DLL: digest.dll
C:\WINDOWS\system32\digest.dll
68608 bytes
Created: 30/08/2002
Modified: 20/08/2004
Company: Microsoft Corporation
----------
DLL: msnsspc.dll
C:\WINDOWS\system32\msnsspc.dll
290816 bytes
Created: 04/11/2002
Modified: 20/08/2004
Company: Microsoft Corporation
----------

**************************************************
10:47:17: Scanning ------ USER STARTUP GROUPS ------
Checking Startup Group for All Users
[C:\WINDOWS\Profiles\All Users\Start Menu\Programs\StartUp]
No Startup files for All Users were located to check

**************************************************
10:47:17: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 02/01/2002
Modified: 02/01/2002
Company:
--------------------
C:\Program Files\Hewlett-Packard\FotoStation Easy AutoLaunch.exe
49152 bytes
Created: 01/04/2003
Modified: 25/02/2002
Company:
FotoStation Easy AutoLaunch.lnk - links to C:\Program Files\Hewlett-Packard\FotoStation Easy AutoLaunch.exe
--------------------
C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
16384 bytes
Created: 02/01/2002
Modified: 02/01/2002
Company:
hp center.lnk - links to C:\Program Files\hp center\137903\Program\BackWeb-137903.exe
--------------------
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
323646 bytes
Created: 29/05/2002
Modified: 29/05/2002
Company: Hewlett-Packard Co.
hp psc 2000 Series.lnk - links to C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpobnz08.exe
--------------------
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
67128 bytes
Created: 13/03/2007
Modified: 13/03/2007
Company: Logitech Inc.
Logitech Desktop Messenger.lnk - links to C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
--------------------
C:\Program Files\Microsoft Office\Office10\OSA.EXE
83360 bytes
Created: 13/02/2001
Modified: 13/02/2001
Company: Microsoft Corporation
Microsoft Office.lnk - links to C:\Program Files\Microsoft Office\Office10\OSA.EXE
--------------------
C:\Program Files\Hewlett-Packard\NkvMon.exe
233472 bytes
Created: 01/04/2003
Modified: 23/07/2002
Company: Nikon Corporation
NkvMon.exe.lnk - links to C:\Program Files\Hewlett-Packard\NkvMon.exe
--------------------
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
147456 bytes
Created: 29/05/2002
Modified: 29/05/2002
Company: Hewlett-Packard Co.
officejet 6100.lnk - links to C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hposol08.exe
--------------------
C:\Program Files\WinZip\WZQKPICK.EXE
122880 bytes
Created: 07/10/2004
Modified: 07/04/2006
Company: WinZip Computing LP
WinZip Quick Pick.lnk - links to C:\Program Files\WinZip\WZQKPICK.EXE
--------------------

**************************************************
No User Startup Groups were located to check

**************************************************
10:47:19: Scanning ----- SCHEDULED TASKS -----
Taskname: Norton AntiVirus - Analyse système complète - Propriétaire.job
File: C:\Documents and Settings\Navw32.exe
C:\Documents and Settings\Navw32.exe
226928 bytes
Created: 14/01/2007
Modified: 14/01/2007
Company: Symantec Corporation
Parameters: /TASK:"C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
Next Run Time: 25/02/2008 20:00:00
Status: La tâche n'a pas encore été exécutée
Creator: Propriétaire
Comments: Il s'agit d'une tâche de programmation d'analyse de Norton AntiVirus.
----------

**************************************************
10:47:19: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
---------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
C:\Documents and Settings\Propriétaire\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
1440054 bytes
Created: 16/03/2007
Modified: 19/03/2007
Company:
----------
Additional file checks completed
---------

**************************************************
10:47:19: Scanning ----- RUNNING PROCESSES -----
[Only loaded modules not scanned already
during this scan will be scanned here]

C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[10 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[79 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[26 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[49 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[38 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[41 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[65 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE
[71 loaded modules in total]
--------------------
C:\Documents and Settings\Propriétaire\Application Data\Simply Super Software\Trojan Remover\oif1.exe
FileSize: 2503232
[This is a Trojan Remover component]
[24 loaded modules in total]
--------------------

**************************************************
10:47:44: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

**************************************************
10:47:44: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file

**************************************************
10:47:44: Checking HOSTS file
No malicious entries were found in the HOSTS file

**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://runonce.msn.com/
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
This value is blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.free.fr/freebox/index.html
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl

**************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 21/02/2008 10:47:44
************************************************************
0
Réponse 2 / 2
Powax Messages postés 544 Date d'inscription jeudi 31 janvier 2008 Statut Membre Dernière intervention 17 avril 2009 92
24 févr. 2008 à 16:17
Poste un nouveau rapport HiJack stp
0

Discussions similaires

Impossible d'afficher le rapport de tableau croisé dynamique sur un rapport
Utilisateur anonyme -
TomH. -

13 réponses
écrire un rapport de travail
asi -
REGINALD -

3 réponses
impossible d'afficher le tableau dynamique sur un rapport existant
Pierre -
Adrien71 -

3 réponses
1fichier.com et bloqueur de pub
anthea1309 -
Patoche12 -

60 réponses
Probleme bogue
Ines -
Pimmer -

1 réponse