Virus TrojanAide pour la lecture du Rapports
Fermé
COUCOU
-
13 nov. 2008 à 21:09
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 26 nov. 2008 à 13:16
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 - 26 nov. 2008 à 13:16
A voir également:
- Virus TrojanAide pour la lecture du Rapports
- Confirmation de lecture whatsapp - Guide
- Accusé de lecture gmail - Guide
- Svchost.exe virus - Guide
- Lecture du coran complet - Télécharger - Histoire & Religion
- Accusé de lecture outlook - Guide
25 réponses
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
13 nov. 2008 à 21:12
13 nov. 2008 à 21:12
slt ton infection est coriace
essaye ceci:
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
puis
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
essaye ceci:
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum
puis
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
13 nov. 2008 à 21:39
13 nov. 2008 à 21:39
essaye de faire sdfix et rsit si impossible tu diras on fera autrement
je me garde ceci:
C:\WINDOWS\system32\tdssmain.dll.vir
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\drivers\TDSSserv.sys
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssadw.dll.vir
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssinit.dll.vir
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdssl.dll.vir
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdsslog.dll.vir
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssmain.dll.vir
C:\WINDOWS\system32\tdssserf1.dll
C:\WINDOWS\system32\tdssserf1.dll.vir
je me garde ceci:
C:\WINDOWS\system32\tdssmain.dll.vir
C:\WINDOWS\system32\tdssserf.dll
C:\WINDOWS\system32\drivers\TDSSserv.sys
C:\WINDOWS\system32\tdssadw.dll
C:\WINDOWS\system32\tdssadw.dll.vir
C:\WINDOWS\system32\tdssinit.dll
C:\WINDOWS\system32\tdssinit.dll.vir
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdssl.dll.vir
C:\WINDOWS\system32\tdssl.dll
C:\WINDOWS\system32\tdsslog.dll
C:\WINDOWS\system32\tdsslog.dll.vir
C:\WINDOWS\system32\tdssmain.dll
C:\WINDOWS\system32\tdssmain.dll.vir
C:\WINDOWS\system32\tdssserf1.dll
C:\WINDOWS\system32\tdssserf1.dll.vir
coucou!
ca a maché, voila le rapport de SDfix :
[b]SDFix: Version 1.240 [/b]
Run by C‚lia Ukkola on 13/11/2008 at 22:13
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\TDSSerrors.log - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 22:19:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"="%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe:*:enabled:Java launcher"
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"="%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe:*:enabled:Java launcher"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe:*:Enabled:Java launcher "
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe:*:Enabled:Java launcher "
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\IBM\\Updater\\ucsmb.exe"="C:\\Program Files\\IBM\\Updater\\ucsmb.exe:*:Enabled:UC Tray Icon "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"="%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe:*:enabled:Java launcher"
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"="%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe:*:enabled:Java launcher"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe:*:Enabled:Java launcher "
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe:*:Enabled:Java launcher "
"C:\\Program Files\\IBM\\Updater\\ucsmb.exe"="C:\\Program Files\\IBM\\Updater\\ucsmb.exe:*:Enabled:UC Tray Icon "
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 20 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Mon 5 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 26 Oct 2005 10,198 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\OffA.tmp"
Wed 25 Jun 2008 98,816 A..H. --- "C:\RECYCLER\S-1-5-21-1523846078-3982075279-2358065233-1006\Dc543\recherche sc. resine\~WRL0435.tmp"
Wed 25 Jun 2008 45,056 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL0328.tmp"
Sat 28 Jun 2008 52,224 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL1100.tmp"
Sat 28 Jun 2008 53,248 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL1406.tmp"
Sat 28 Jun 2008 51,200 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL1827.tmp"
Sat 28 Jun 2008 54,784 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL2033.tmp"
Sat 28 Jun 2008 51,200 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL2087.tmp"
Wed 25 Jun 2008 117,760 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL2769.tmp"
Wed 23 May 2007 303,616 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL2917.tmp"
Sat 28 Jun 2008 54,272 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL3063.tmp"
Mon 21 Apr 2008 0 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL3129.tmp"
Sun 27 Apr 2008 332,288 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL3603.tmp"
Wed 25 Jun 2008 64,000 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL3660.tmp"
Sat 28 Jun 2008 52,736 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL3747.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\U3\temp\Launchpad Removal.exe"
Sat 15 Mar 2008 38,912 A..H. --- "C:\Documents and Settings\C‚lia Ukkola\Mes documents\Bordereau dossier doc\Bordereau 2 dossier doc\~WRL3123.tmp"
Wed 25 Jun 2008 98,816 A..H. --- "C:\Documents and Settings\C‚lia Ukkola\Mes documents\Stage Point doc\recherche sc. resine\~WRL0435.tmp"
Mon 2 Jun 2008 266,240 A..H. --- "C:\RECYCLER\S-1-5-21-1523846078-3982075279-2358065233-1006\Dc543\recherche sc. resine\resultats\~WRL2050.tmp"
Mon 2 Jun 2008 266,240 A..H. --- "C:\Documents and Settings\C‚lia Ukkola\Mes documents\Stage Point doc\recherche sc. resine\resultats\~WRL2050.tmp"
[b]Finished![/b]
ca a maché, voila le rapport de SDfix :
[b]SDFix: Version 1.240 [/b]
Run by C‚lia Ukkola on 13/11/2008 at 22:13
Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix
[b]Checking Services [/b]:
Restoring Default Security Values
Restoring Default Hosts File
Rebooting
[b]Checking Files [/b]:
Trojan Files Found:
C:\WINDOWS\system32\TDSSerrors.log - Deleted
Removing Temp Files
[b]ADS Check [/b]:
[b]Final Check [/b]:
catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-13 22:19:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden services & system hive ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0
[b]Remaining Services [/b]:
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"="%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe:*:enabled:Java launcher"
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"="%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe:*:enabled:Java launcher"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe:*:Enabled:Java launcher "
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe:*:Enabled:Java launcher "
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\mIRC\\mirc.exe"="C:\\Program Files\\mIRC\\mirc.exe:*:Enabled:mIRC"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe"="C:\\Program Files\\Microsoft ActiveSync\\WcesMgr.exe:*:Enabled:ActiveSync Application"
"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe"="C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe:*:Enabled:ActiveSync Connection Manager"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Disabled:Internet Explorer"
"C:\\Program Files\\IBM\\Updater\\ucsmb.exe"="C:\\Program Files\\IBM\\Updater\\ucsmb.exe:*:Enabled:UC Tray Icon "
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"="%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe:*:enabled:Java launcher"
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"="%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe:*:enabled:Java launcher"
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe:*:Enabled:Java launcher "
"C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"="C:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe:*:Enabled:Java launcher "
"C:\\Program Files\\IBM\\Updater\\ucsmb.exe"="C:\\Program Files\\IBM\\Updater\\ucsmb.exe:*:Enabled:UC Tray Icon "
[b]Remaining Files [/b]:
File Backups: - C:\SDFix\backups\backups.zip
[b]Files with Hidden Attributes [/b]:
Fri 20 Aug 2004 93,184 A.SH. --- "C:\Program Files\Internet Explorer\iexplore.exe"
Mon 5 Mar 2007 0 A.SH. --- "C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp"
Wed 26 Oct 2005 10,198 A..H. --- "C:\Program Files\Microsoft Office\Office\Gestionnaire Office\OffA.tmp"
Wed 25 Jun 2008 98,816 A..H. --- "C:\RECYCLER\S-1-5-21-1523846078-3982075279-2358065233-1006\Dc543\recherche sc. resine\~WRL0435.tmp"
Wed 25 Jun 2008 45,056 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL0328.tmp"
Sat 28 Jun 2008 52,224 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL1100.tmp"
Sat 28 Jun 2008 53,248 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL1406.tmp"
Sat 28 Jun 2008 51,200 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL1827.tmp"
Sat 28 Jun 2008 54,784 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL2033.tmp"
Sat 28 Jun 2008 51,200 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL2087.tmp"
Wed 25 Jun 2008 117,760 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL2769.tmp"
Wed 23 May 2007 303,616 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL2917.tmp"
Sat 28 Jun 2008 54,272 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL3063.tmp"
Mon 21 Apr 2008 0 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL3129.tmp"
Sun 27 Apr 2008 332,288 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL3603.tmp"
Wed 25 Jun 2008 64,000 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL3660.tmp"
Sat 28 Jun 2008 52,736 ...H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\Microsoft\Word\~WRL3747.tmp"
Mon 12 Feb 2007 3,096,576 A..H. --- "C:\Documents and Settings\C‚lia Ukkola\Application Data\U3\temp\Launchpad Removal.exe"
Sat 15 Mar 2008 38,912 A..H. --- "C:\Documents and Settings\C‚lia Ukkola\Mes documents\Bordereau dossier doc\Bordereau 2 dossier doc\~WRL3123.tmp"
Wed 25 Jun 2008 98,816 A..H. --- "C:\Documents and Settings\C‚lia Ukkola\Mes documents\Stage Point doc\recherche sc. resine\~WRL0435.tmp"
Mon 2 Jun 2008 266,240 A..H. --- "C:\RECYCLER\S-1-5-21-1523846078-3982075279-2358065233-1006\Dc543\recherche sc. resine\resultats\~WRL2050.tmp"
Mon 2 Jun 2008 266,240 A..H. --- "C:\Documents and Settings\C‚lia Ukkola\Mes documents\Stage Point doc\recherche sc. resine\resultats\~WRL2050.tmp"
[b]Finished![/b]
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
13 nov. 2008 à 22:33
13 nov. 2008 à 22:33
puis
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Télécharge ici :
http://images.malwareremoval.com/random/RSIT.exe
random's system information tool (RSIT) par andom/random et sauvegarde-le sur le Bureau.
Double-clique sur RSIT.exe afin de lancer RSIT.
Clique Continue à l'écran Disclaimer.
Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu, si demandé) et tu devras accepter la licence.
Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront.
Poste le contenu de log.txt (<<qui sera affiché)
ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
NB : Les rapports sont sauvegardés dans le dossier C:\rsit
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
voila les fichiers log et info:
Logfile of random's system information tool 1.04 (written by random/random)
Run by Célia Ukkola at 2008-11-13 22:31:47
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 6 GB (19%) free of 34 GB
Total RAM: 758 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:59, on 13/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Documents and Settings\Célia Ukkola\Bureau\RSIT.exe
C:\Program Files\trend micro\Célia Ukkola.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = WWW.GOOGLE.FR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT75\PRMTIE\prmtie.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe.oolll
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT75\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT75\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT75\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT75\PRMTIE\options.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
Logfile of random's system information tool 1.04 (written by random/random)
Run by Célia Ukkola at 2008-11-13 22:31:47
Microsoft Windows XP Professionnel Service Pack 2
System drive C: has 6 GB (19%) free of 34 GB
Total RAM: 758 MB (45% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:31:59, on 13/11/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\ibmpmsvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\TpKmpSVC.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\WINDOWS\system32\RunDll32.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\Program Files\ClamWin\bin\ClamTray.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\1XConfig.exe
C:\Documents and Settings\Célia Ukkola\Bureau\RSIT.exe
C:\Program Files\trend micro\Célia Ukkola.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = WWW.GOOGLE.FR
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Traducteur - {FF284F5C-7CF9-4682-8701-D467C1DBB99F} - C:\Program Files\PRMT75\PRMTIE\prmtie.dll
O4 - HKLM\..\Run: [S3TRAY2] S3Tray2.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [TPKMAPHELPER] C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
O4 - HKLM\..\Run: [TPHOTKEY] C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
O4 - HKLM\..\Run: [EZEJMNAP] C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
O4 - HKLM\..\Run: [UC_Start] C:\Program Files\IBM\Updater\\ucstartup.exe
O4 - HKLM\..\Run: [UpdateManager] "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe.oolll
O4 - HKLM\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
O4 - HKLM\..\Run: [IBMPRC] C:\IBMTOOLS\UTILS\ibmprc.exe
O4 - HKLM\..\Run: [QCWLICON] C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
O4 - HKLM\..\Run: [BMMGAG] RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
O4 - HKLM\..\Run: [BMMLREF] C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
O4 - HKLM\..\Run: [BMMMONWND] rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [LXCFCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKLM\..\Run: [QCTray] C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ibmmessages] C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [ClamWin] "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportar a Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT75\PRMTIE\prmtie5.htm
O9 - Extra 'Tools' menuitem: Traduire - {7A2EFD41-E6B3-11D2-89E3-00E0292EE574} - C:\Program Files\PRMT75\PRMTIE\prmtie5.htm
O9 - Extra button: (no name) - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT75\PRMTIE\options.htm
O9 - Extra 'Tools' menuitem: Personnaliser les options de traduction - {7A2EFD41-E6B3-11D2-89E3-00E0292EE575} - C:\Program Files\PRMT75\PRMTIE\options.htm
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O11 - Options group: [JAVA_IBM] Java (IBM)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: IBM Rapid Restore Ultra Service - Unknown owner - C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
O23 - Service: IBM PM Service (IBMPMSVC) - Unknown owner - C:\WINDOWS\System32\ibmpmsvc.exe
O23 - Service: lxcf_device - - C:\WINDOWS\system32\lxcfcoms.exe
O23 - Service: IBM PSA Access Driver Control (PsaSrv) - Unknown owner - C:\WINDOWS\system32\PsaSrv.exe (file missing)
O23 - Service: Spectrum24 Event Monitor (S24EventMonitor) - Intel Corporation - C:\WINDOWS\system32\S24EvMon.exe
O23 - Service: IBM KCU Service (TpKmpSVC) - Unknown owner - C:\WINDOWS\system32\TpKmpSVC.exe
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
13 nov. 2008 à 22:47
13 nov. 2008 à 22:47
ok tu as une infection Adoeber qui transit par les disques externe alors:
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
______________
ensuite comme tu n'as que clam win comme antivirus:
installe antivir et colle un rapport avec puis dis nous si encore des soucis
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
et
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
Telecharge UsbFix sur ton bureau
http://sd-1.archive-host.com/membres/up/116615172019703188/UsbFix.exe
--> Lance l installation avec les parametres par default
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptible d avoir été infectés sans les ouvrir
--> Double clic sur le raccourci UsbFix sur ton bureau
--> Le pc va redémarer
-->Apres redémarrage post le rapport UsbFix.txt
Note : le rapport UsbFix.txt est sauvegardé a la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tapes explorer.exe et valides
______________
ensuite comme tu n'as que clam win comme antivirus:
installe antivir et colle un rapport avec puis dis nous si encore des soucis
https://www.malekal.com/avira-free-security-antivirus-gratuit/ (merci Malekal)
et
mettre a jour internet explorer
https://www.01net.com/telecharger/windows/Internet/navigateur/fiches/33081.html
bonjour, je vous envoie le rapport d'Antivir qui a detecté 4 trojan agent; ainsi que le rapport de Clamwin que j'ai lancé après:
pensez vous que le virus est eradiqué? Pour ma part, non car il ne me laisse toujours pas acceder aux sites de telechargement des antivirus...
Avira AntiVir Personal
Report file date: vendredi 14 novembre 2008 14:01
Scanning for 1035523 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC_DE_CÉLIA
Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 12:58:54
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 12:58:57
ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 09/11/2008 12:58:58
ANTIVIR3.VDF : 7.1.0.87 209408 Bytes 14/11/2008 12:58:59
Engineversion : 8.2.0.31
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 14/11/2008 12:59:06
AESCN.DLL : 8.1.1.5 123251 Bytes 14/11/2008 12:59:06
AERDL.DLL : 8.1.1.3 438645 Bytes 14/11/2008 12:59:05
AEPACK.DLL : 8.1.3.4 393591 Bytes 14/11/2008 12:59:04
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 14/11/2008 12:59:03
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 14/11/2008 12:59:02
AEHELP.DLL : 8.1.1.3 119157 Bytes 14/11/2008 12:59:01
AEGEN.DLL : 8.1.1.0 319859 Bytes 14/11/2008 12:59:00
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 14/11/2008 12:59:00
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 14/11/2008 12:58:59
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 14 novembre 2008 14:01
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process '1XConfig.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'TpKmpSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'QCTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'ClamTray.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'QCWLICON.EXE' - '1' Module(s) have been scanned
Scan process 'ibmprc.exe' - '1' Module(s) have been scanned
Scan process 'ibmmessages.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'rrpcsb.exe' - '1' Module(s) have been scanned
Scan process 'TpScrex.exe' - '1' Module(s) have been scanned
Scan process 'TPONSCR.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'EzEjMnAp.Exe' - '1' Module(s) have been scanned
Scan process 'TPHKMGR.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '70' files ).
Starting the file scan:
Begin scan in 'C:\' <IBM_PRELOAD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\RECYCLER\S-1-5-21-1523846078-3982075279-2358065233-1006\Dc434\TDSS6aa1.tmp
[DETECTION] Is the TR/Agent.8704.76 Trojan
[NOTE] A backup was created as '49707d7c.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\tdssadw.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] A backup was created as '499082d2.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\tdsslog.dll.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.rfv back-door program
[NOTE] A backup was created as '499082da.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\tdssserf1.dll.vir
[DETECTION] Is the TR/Agent.8704.76 Trojan
[NOTE] A backup was created as '499082e1.qua' ( QUARANTINE )
[NOTE] The file was deleted!
End of the scan: vendredi 14 novembre 2008 14:54
Used time: 53:14 Minute(s)
The scan has been done completely.
6186 Scanning directories
441131 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
441125 Files not concerned
8260 Archives were scanned
2 Warnings
4 Notes
Scan Started Fri Nov 14 14:58:59 2008
-------------------------------------------------------------------------------
C:\Documents and Settings\Célia Ukkola\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Permission denied
C:\Documents and Settings\Célia Ukkola\NTUSER.DAT: Permission denied
C:\Documents and Settings\Jorma Ukkola\Mes documents\desktop.ini: Permission denied
C:\Documents and Settings\Jorma Ukkola\ntuser.ini: Permission denied
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Permission denied
C:\Documents and Settings\LocalService\NTUSER.DAT: Permission denied
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Permission denied
C:\Documents and Settings\NetworkService\NTUSER.DAT: Permission denied
C:\hiberfil.sys: Permission denied
C:\pagefile.sys: Permission denied
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb: Permission denied
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb: Permission denied
C:\WINDOWS\system32\config\DEFAULT: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\SOFTWARE: Permission denied
C:\WINDOWS\system32\config\SYSTEM: Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 459918
Engine version: 0.94
Scanned directories: 6032
Scanned files: 54060
Infected files: 0
Data scanned: 21475.33 MB
Time: 15103.527 sec (251 m 43 s)
--------------------------------------
Completed
--------------------------------------
pensez vous que le virus est eradiqué? Pour ma part, non car il ne me laisse toujours pas acceder aux sites de telechargement des antivirus...
Avira AntiVir Personal
Report file date: vendredi 14 novembre 2008 14:01
Scanning for 1035523 virus strains and unwanted programs.
Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Boot mode: Normally booted
Username: SYSTEM
Computer name: PC_DE_CÉLIA
Version information:
BUILD.DAT : 8.2.0.336 16933 Bytes 30/10/2008 11:40:00
AVSCAN.EXE : 8.1.4.7 315649 Bytes 26/06/2008 09:57:53
AVSCAN.DLL : 8.1.4.0 40705 Bytes 26/05/2008 08:56:40
LUKE.DLL : 8.1.4.5 164097 Bytes 12/06/2008 13:44:19
LUKERES.DLL : 8.1.4.0 12033 Bytes 26/05/2008 08:58:52
ANTIVIR0.VDF : 7.1.0.0 15603712 Bytes 27/10/2008 12:58:54
ANTIVIR1.VDF : 7.1.0.56 411136 Bytes 09/11/2008 12:58:57
ANTIVIR2.VDF : 7.1.0.57 2048 Bytes 09/11/2008 12:58:58
ANTIVIR3.VDF : 7.1.0.87 209408 Bytes 14/11/2008 12:58:59
Engineversion : 8.2.0.31
AEVDF.DLL : 8.1.0.6 102772 Bytes 14/10/2008 11:05:56
AESCRIPT.DLL : 8.1.1.15 332156 Bytes 14/11/2008 12:59:06
AESCN.DLL : 8.1.1.5 123251 Bytes 14/11/2008 12:59:06
AERDL.DLL : 8.1.1.3 438645 Bytes 14/11/2008 12:59:05
AEPACK.DLL : 8.1.3.4 393591 Bytes 14/11/2008 12:59:04
AEOFFICE.DLL : 8.1.0.30 196986 Bytes 14/11/2008 12:59:03
AEHEUR.DLL : 8.1.0.71 1487222 Bytes 14/11/2008 12:59:02
AEHELP.DLL : 8.1.1.3 119157 Bytes 14/11/2008 12:59:01
AEGEN.DLL : 8.1.1.0 319859 Bytes 14/11/2008 12:59:00
AEEMU.DLL : 8.1.0.9 393588 Bytes 14/10/2008 11:05:56
AECORE.DLL : 8.1.4.1 172405 Bytes 14/11/2008 12:59:00
AEBB.DLL : 8.1.0.3 53618 Bytes 14/10/2008 11:05:56
AVWINLL.DLL : 1.0.0.12 15105 Bytes 09/07/2008 09:40:05
AVPREF.DLL : 8.0.2.0 38657 Bytes 16/05/2008 10:28:01
AVREP.DLL : 8.0.0.2 98344 Bytes 14/11/2008 12:58:59
AVREG.DLL : 8.0.0.1 33537 Bytes 09/05/2008 12:26:40
AVARKT.DLL : 1.0.0.23 307457 Bytes 12/02/2008 09:29:23
AVEVTLOG.DLL : 8.0.0.16 119041 Bytes 12/06/2008 13:27:49
SQLITE3.DLL : 3.3.17.1 339968 Bytes 22/01/2008 18:28:02
SMTPLIB.DLL : 1.2.0.23 28929 Bytes 12/06/2008 13:49:40
NETNT.DLL : 8.0.0.1 7937 Bytes 25/01/2008 13:05:10
RCIMAGE.DLL : 8.0.0.51 2371841 Bytes 12/06/2008 14:48:07
RCTEXT.DLL : 8.0.52.0 86273 Bytes 27/06/2008 14:34:37
Configuration settings for the scan:
Jobname..........................: Complete system scan
Configuration file...............: c:\program files\avira\antivir personaledition classic\sysscan.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: on
Scan boot sector.................: on
Boot sectors.....................: C:,
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Start of the scan: vendredi 14 novembre 2008 14:01
The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'wuauclt.exe' - '1' Module(s) have been scanned
Scan process '1XConfig.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'CALMAIN.exe' - '1' Module(s) have been scanned
Scan process 'DLG.exe' - '1' Module(s) have been scanned
Scan process 'TeaTimer.exe' - '1' Module(s) have been scanned
Scan process 'ctfmon.exe' - '1' Module(s) have been scanned
Scan process 'TpKmpSvc.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'avgas.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'QCTRAY.EXE' - '1' Module(s) have been scanned
Scan process 'ClamTray.exe' - '1' Module(s) have been scanned
Scan process 'realsched.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'rundll32.exe' - '1' Module(s) have been scanned
Scan process 'QCWLICON.EXE' - '1' Module(s) have been scanned
Scan process 'ibmprc.exe' - '1' Module(s) have been scanned
Scan process 'ibmmessages.exe' - '1' Module(s) have been scanned
Scan process 'MDM.EXE' - '1' Module(s) have been scanned
Scan process 'rrpcsb.exe' - '1' Module(s) have been scanned
Scan process 'TpScrex.exe' - '1' Module(s) have been scanned
Scan process 'TPONSCR.exe' - '1' Module(s) have been scanned
Scan process 'guard.exe' - '1' Module(s) have been scanned
Scan process 'EzEjMnAp.Exe' - '1' Module(s) have been scanned
Scan process 'TPHKMGR.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'explorer.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'S24EvMon.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'ibmpmsvc.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
48 processes with 48 modules were scanned
Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Starting to scan the registry.
The registry was scanned ( '70' files ).
Starting the file scan:
Begin scan in 'C:\' <IBM_PRELOAD>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\RECYCLER\S-1-5-21-1523846078-3982075279-2358065233-1006\Dc434\TDSS6aa1.tmp
[DETECTION] Is the TR/Agent.8704.76 Trojan
[NOTE] A backup was created as '49707d7c.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\tdssadw.dll.vir
[DETECTION] Is the TR/Crypt.XPACK.Gen Trojan
[NOTE] A backup was created as '499082d2.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\tdsslog.dll.vir
[DETECTION] Contains a recognition pattern of the (harmful) BDS/Agent.rfv back-door program
[NOTE] A backup was created as '499082da.qua' ( QUARANTINE )
[NOTE] The file was deleted!
C:\WINDOWS\system32\tdssserf1.dll.vir
[DETECTION] Is the TR/Agent.8704.76 Trojan
[NOTE] A backup was created as '499082e1.qua' ( QUARANTINE )
[NOTE] The file was deleted!
End of the scan: vendredi 14 novembre 2008 14:54
Used time: 53:14 Minute(s)
The scan has been done completely.
6186 Scanning directories
441131 Files were scanned
4 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
4 files were deleted
0 files were repaired
4 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
441125 Files not concerned
8260 Archives were scanned
2 Warnings
4 Notes
Scan Started Fri Nov 14 14:58:59 2008
-------------------------------------------------------------------------------
C:\Documents and Settings\Célia Ukkola\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Permission denied
C:\Documents and Settings\Célia Ukkola\NTUSER.DAT: Permission denied
C:\Documents and Settings\Jorma Ukkola\Mes documents\desktop.ini: Permission denied
C:\Documents and Settings\Jorma Ukkola\ntuser.ini: Permission denied
C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Permission denied
C:\Documents and Settings\LocalService\NTUSER.DAT: Permission denied
C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat: Permission denied
C:\Documents and Settings\NetworkService\NTUSER.DAT: Permission denied
C:\hiberfil.sys: Permission denied
C:\pagefile.sys: Permission denied
C:\WINDOWS\SoftwareDistribution\DataStore\DataStore.edb: Permission denied
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb: Permission denied
C:\WINDOWS\system32\config\DEFAULT: Permission denied
C:\WINDOWS\system32\config\SAM: Permission denied
C:\WINDOWS\system32\config\SECURITY: Permission denied
C:\WINDOWS\system32\config\SOFTWARE: Permission denied
C:\WINDOWS\system32\config\SYSTEM: Permission denied
----------- SCAN SUMMARY -----------
Known viruses: 459918
Engine version: 0.94
Scanned directories: 6032
Scanned files: 54060
Infected files: 0
Data scanned: 21475.33 MB
Time: 15103.527 sec (251 m 43 s)
--------------------------------------
Completed
--------------------------------------
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 nov. 2008 à 20:02
15 nov. 2008 à 20:02
pour voir
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
télécharge combofix (par sUBs) ici :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et enregistre le sur le bureau.
déconnecte toi d'internet et ferme toutes tes applications.
désactive tes protections (antivirus, parefeu, garde en temps réel de l'antispyware)
double-clique sur combofix.exe et suis les instructions
à la fin, il va produire un rapport C:\ComboFix.txt
réactive ton parefeu, ton antivirus, la garde de ton antispyware
copie/colle le rapport C:\ComboFix.txt dans ta prochaine réponse.
Attention, n'utilise pas ta souris ni ton clavier (ni un autre système de pointage) pendant que le programme tourne. Cela pourrait figer l'ordi.
Tu as un tutoriel complet ici :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix
J'ai lancé ComboFix mais tout ne s'est pas passé comme prévu: avant de se lancer il m'a dit qu'il n'avait pas detecté de "console de recuperation Windows "'(Bootdisk dans le nom de fichier) sur mon PC et qu'il me recommandait fortement de la telecharger ce que j'ai fait, puis je me suis deconnecté d'Internet et cliqué pour le lancer; et surtout c'est que quand il a redemmarré Spybot et Avira se sont lancé (je n'arrive pas à les desactiver pour le redemmarrage).
Est ce que ca aurait faussé ComboFix?
En tout cas voici le rapport:
ComboFix 08-11-13.02 - Célia Ukkola 2008-11-15 20:58:37.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.476 [GMT 1:00]
Lancé depuis: c:\documents and settings\Célia Ukkola\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-15 au 2008-11-15 ))))))))))))))))))))))))))))))))))))
.
2008-11-15 21:08 . 2008-11-15 21:08 4,474 --a------ c:\windows\GATHER.KM
2008-11-14 20:21 . 2008-11-14 20:24 <REP> d-------- c:\windows\system32\fr-fr
2008-11-14 20:09 . 2008-10-03 18:12 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2008-11-14 20:09 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-14 20:09 . 2007-03-08 06:10 1,048,576 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-14 20:09 . 2008-08-26 09:11 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2008-11-14 20:09 . 2008-08-26 09:11 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-14 20:09 . 2008-08-26 09:11 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2008-11-14 20:09 . 2008-08-26 09:11 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2008-11-14 20:09 . 2008-08-26 09:11 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-14 20:09 . 2008-08-25 09:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2008-11-14 20:06 . 2008-11-14 20:07 <REP> d-------- C:\ef1d66f902976b4f586c5198906515d6
2008-11-14 13:55 . 2008-11-14 13:55 <REP> d-------- c:\program files\Avira
2008-11-14 13:55 . 2008-11-14 13:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-13 22:57 . 2008-11-15 20:35 <REP> d-------- c:\program files\UsbFix
2008-11-13 22:31 . 2008-11-13 22:53 <REP> d-------- C:\rsit
2008-11-13 22:31 . 2008-11-13 22:31 <REP> d-------- c:\program files\trend micro
2008-11-13 22:08 . 2008-11-13 22:08 <REP> d-------- c:\windows\ERUNT
2008-11-13 22:01 . 2008-11-13 22:24 <REP> d-------- C:\SDFix
2008-11-09 18:12 . 2008-11-09 18:12 <REP> d-------- c:\documents and settings\Célia Ukkola\.clamwin
2008-11-09 18:12 . 2008-11-09 18:12 <REP> d-------- c:\documents and settings\Célia Ukkola\.clamwin
2008-11-09 17:58 . 2008-11-09 17:58 210,055 --a------ C:\eG7
2008-11-05 11:35 . 2008-11-15 20:47 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-05 11:33 . 2008-11-05 11:33 <REP> d-------- c:\program files\Trojan Remover
2008-11-05 11:33 . 2008-11-05 11:33 <REP> d-------- c:\documents and settings\Célia Ukkola\Application Data\Simply Super Software
2008-11-05 11:33 . 2008-11-05 11:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-11-05 11:33 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-05 11:33 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-11-05 11:33 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-05 11:33 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-05 11:33 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-05 10:36 . 2008-11-05 11:03 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-11-05 10:34 . 2008-08-14 10:51 138,368 --------- c:\windows\system32\dllcache\afd.sys
2008-11-05 10:29 . 2008-05-01 15:31 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2008-11-02 15:17 . 2008-11-02 15:18 216,670 --a------ C:\eG6
2008-10-26 20:27 . 2008-10-26 20:28 205,938 --a------ C:\eG5
2008-10-19 12:35 . 2008-10-19 12:35 205,939 --a------ C:\eG4
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 19:15 --------- d-----w c:\program files\Lx_cats
2008-11-15 13:37 --------- d-----w c:\program files\IHMC CmapTools
2008-11-09 17:12 --------- d-----w c:\program files\ClamWin
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-20 15:39 0 ----a-w c:\program files\fr_Win_xp_pro_w_sp2.sdc
2008-10-15 16:59 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-02 11:37 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-02 08:34 --------- d-----w c:\program files\Uniblue
2008-10-01 14:28 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-10-01 14:27 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-10-01 13:40 90,112 ----a-w c:\windows\DUMP3208.tmp
2008-10-01 13:39 90,112 ----a-w c:\windows\DUMP3226.tmp
2008-10-01 12:23 --------- d-----w c:\documents and settings\Célia Ukkola\Application Data\AVG7
2008-10-01 11:21 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 05:57 53,395 ----a-w c:\windows\system32\tdssinit.dll.vir
2008-09-29 20:06 --------- d-----w c:\documents and settings\Célia Ukkola\Application Data\Grisoft
2008-09-29 11:07 --------- d-----w c:\documents and settings\Célia Ukkola\Application Data\MSN6
2008-09-22 17:06 --------- d-----w c:\documents and settings\Célia Ukkola\Application Data\ZoomBrowser EX
2008-09-22 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:39 1,846,144 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-05 22:30 952,360 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:45 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys
2008-08-27 13:41 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-20 05:37 474,624 ------w c:\windows\system32\dllcache\shlwapi.dll
2008-08-20 05:37 152,064 ------w c:\windows\system32\dllcache\cdfview.dll
2008-08-20 05:37 1,495,040 ------w c:\windows\system32\dllcache\shdocvw.dll
2008-08-20 05:37 1,056,768 ------w c:\windows\system32\dllcache\danim.dll
2008-08-20 05:37 1,024,000 ------w c:\windows\system32\dllcache\browseui.dll
2006-03-02 17:30 28,440 -c--a-w c:\documents and settings\Célia Ukkola\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-09-05 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe.oolll" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-30 118784]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-07 94208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-06-25 36864]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 81920]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-29 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 397824]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-03-13 151597]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-09-05 86016]
"QCTray"="c:\progra~1\ThinkPad\CONNEC~1\QCTray.exe" [2004-08-18 708608]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 c:\windows\system32\S3Tray2.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"="c:\windows\system32\advpack.dll" [2008-08-26 124928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-20 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-01-09 24576]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-08-18 11:30 258048 c:\windows\system32\QConGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli pwdmon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2002-09-04 09:05 53248 c:\windows\system32\TP4EX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackPointSrv]
--a------ 2003-11-13 11:12 94208 c:\windows\system32\tp4serv.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13319:TCP"= 13319:TCP:NortonAV
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2005-01-09 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2005-01-09 2432]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\Tppwr.sys [2005-01-09 16384]
R2 ibmfilter;ibmfilter;\??\c:\windows\system32\drivers\ibmfilter.sys [2004-09-24 64256]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [1980-01-01 13904]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\DRIVERS\LTSM.sys [2003-02-25 802683]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.SYS [2005-01-09 12288]
.
Contenu du dossier 'Tâches planifiées'
2005-06-02 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2004-07-29 09:37]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-IBM RecordNow! - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Célia Ukkola\Application Data\Mozilla\Firefox\Profiles\h4xqw0xv.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 21:05:45
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: c:\windows\system32\lsass.exe
-> c:\windows\system32\pwdmon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\S24EvMon.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\TpKmpSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\1XConfig.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-11-15 21:14:36 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-15 20:14:11
Avant-CF: 8 604 598 272 octets libres
Après-CF: 8,530,083,840 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
230 --- E O F --- 2008-11-14 20:02:09
Est ce que ca aurait faussé ComboFix?
En tout cas voici le rapport:
ComboFix 08-11-13.02 - Célia Ukkola 2008-11-15 20:58:37.1 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.476 [GMT 1:00]
Lancé depuis: c:\documents and settings\Célia Ukkola\Bureau\ComboFix.exe
* Un nouveau point de restauration a été créé
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_TDSSSERV
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-15 au 2008-11-15 ))))))))))))))))))))))))))))))))))))
.
2008-11-15 21:08 . 2008-11-15 21:08 4,474 --a------ c:\windows\GATHER.KM
2008-11-14 20:21 . 2008-11-14 20:24 <REP> d-------- c:\windows\system32\fr-fr
2008-11-14 20:09 . 2008-10-03 18:12 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2008-11-14 20:09 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-14 20:09 . 2007-03-08 06:10 1,048,576 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-14 20:09 . 2008-08-26 09:11 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2008-11-14 20:09 . 2008-08-26 09:11 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-14 20:09 . 2008-08-26 09:11 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2008-11-14 20:09 . 2008-08-26 09:11 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2008-11-14 20:09 . 2008-08-26 09:11 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-14 20:09 . 2008-08-25 09:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2008-11-14 20:06 . 2008-11-14 20:07 <REP> d-------- C:\ef1d66f902976b4f586c5198906515d6
2008-11-14 13:55 . 2008-11-14 13:55 <REP> d-------- c:\program files\Avira
2008-11-14 13:55 . 2008-11-14 13:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-13 22:57 . 2008-11-15 20:35 <REP> d-------- c:\program files\UsbFix
2008-11-13 22:31 . 2008-11-13 22:53 <REP> d-------- C:\rsit
2008-11-13 22:31 . 2008-11-13 22:31 <REP> d-------- c:\program files\trend micro
2008-11-13 22:08 . 2008-11-13 22:08 <REP> d-------- c:\windows\ERUNT
2008-11-13 22:01 . 2008-11-13 22:24 <REP> d-------- C:\SDFix
2008-11-09 18:12 . 2008-11-09 18:12 <REP> d-------- c:\documents and settings\Célia Ukkola\.clamwin
2008-11-09 18:12 . 2008-11-09 18:12 <REP> d-------- c:\documents and settings\Célia Ukkola\.clamwin
2008-11-09 17:58 . 2008-11-09 17:58 210,055 --a------ C:\eG7
2008-11-05 11:35 . 2008-11-15 20:47 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-05 11:33 . 2008-11-05 11:33 <REP> d-------- c:\program files\Trojan Remover
2008-11-05 11:33 . 2008-11-05 11:33 <REP> d-------- c:\documents and settings\Célia Ukkola\Application Data\Simply Super Software
2008-11-05 11:33 . 2008-11-05 11:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-11-05 11:33 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-05 11:33 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-11-05 11:33 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-05 11:33 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-05 11:33 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-05 10:36 . 2008-11-05 11:03 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-11-05 10:34 . 2008-08-14 10:51 138,368 --------- c:\windows\system32\dllcache\afd.sys
2008-11-05 10:29 . 2008-05-01 15:31 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2008-11-02 15:17 . 2008-11-02 15:18 216,670 --a------ C:\eG6
2008-10-26 20:27 . 2008-10-26 20:28 205,938 --a------ C:\eG5
2008-10-19 12:35 . 2008-10-19 12:35 205,939 --a------ C:\eG4
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-15 19:15 --------- d-----w c:\program files\Lx_cats
2008-11-15 13:37 --------- d-----w c:\program files\IHMC CmapTools
2008-11-09 17:12 --------- d-----w c:\program files\ClamWin
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-20 15:39 0 ----a-w c:\program files\fr_Win_xp_pro_w_sp2.sdc
2008-10-15 16:59 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-02 11:37 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-02 08:34 --------- d-----w c:\program files\Uniblue
2008-10-01 14:28 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-10-01 14:27 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-10-01 13:40 90,112 ----a-w c:\windows\DUMP3208.tmp
2008-10-01 13:39 90,112 ----a-w c:\windows\DUMP3226.tmp
2008-10-01 12:23 --------- d-----w c:\documents and settings\Célia Ukkola\Application Data\AVG7
2008-10-01 11:21 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 05:57 53,395 ----a-w c:\windows\system32\tdssinit.dll.vir
2008-09-29 20:06 --------- d-----w c:\documents and settings\Célia Ukkola\Application Data\Grisoft
2008-09-29 11:07 --------- d-----w c:\documents and settings\Célia Ukkola\Application Data\MSN6
2008-09-22 17:06 --------- d-----w c:\documents and settings\Célia Ukkola\Application Data\ZoomBrowser EX
2008-09-22 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:39 1,846,144 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-05 22:30 952,360 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:45 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys
2008-08-27 13:41 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-20 05:37 474,624 ------w c:\windows\system32\dllcache\shlwapi.dll
2008-08-20 05:37 152,064 ------w c:\windows\system32\dllcache\cdfview.dll
2008-08-20 05:37 1,495,040 ------w c:\windows\system32\dllcache\shdocvw.dll
2008-08-20 05:37 1,056,768 ------w c:\windows\system32\dllcache\danim.dll
2008-08-20 05:37 1,024,000 ------w c:\windows\system32\dllcache\browseui.dll
2006-03-02 17:30 28,440 -c--a-w c:\documents and settings\Célia Ukkola\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-09-05 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"dla"="c:\windows\system32\dla\tfswctrl.exe.oolll" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-30 118784]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-07 94208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-06-25 36864]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 81920]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-29 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 397824]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-03-13 151597]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-09-05 86016]
"QCTray"="c:\progra~1\ThinkPad\CONNEC~1\QCTray.exe" [2004-08-18 708608]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 c:\windows\system32\S3Tray2.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"="c:\windows\system32\advpack.dll" [2008-08-26 124928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-20 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-01-09 24576]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-08-18 11:30 258048 c:\windows\system32\QConGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli pwdmon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2002-09-04 09:05 53248 c:\windows\system32\TP4EX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackPointSrv]
--a------ 2003-11-13 11:12 94208 c:\windows\system32\tp4serv.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13319:TCP"= 13319:TCP:NortonAV
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2005-01-09 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2005-01-09 2432]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\Tppwr.sys [2005-01-09 16384]
R2 ibmfilter;ibmfilter;\??\c:\windows\system32\drivers\ibmfilter.sys [2004-09-24 64256]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [1980-01-01 13904]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\DRIVERS\LTSM.sys [2003-02-25 802683]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.SYS [2005-01-09 12288]
.
Contenu du dossier 'Tâches planifiées'
2005-06-02 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2004-07-29 09:37]
.
- - - - ORPHELINS SUPPRIMES - - - -
HKCU-Run-IBM RecordNow! - (no file)
.
------- Examen supplémentaire -------
.
FireFox -: Profile - c:\documents and settings\Célia Ukkola\Application Data\Mozilla\Firefox\Profiles\h4xqw0xv.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://www.google.fr
FF -: plugin - c:\program files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nppl3260.dll
FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nprjplug.dll
FF -: plugin - c:\program files\Real\RealOne Player\Netscape6\nprpjplug.dll
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-15 21:05:45
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: c:\windows\system32\lsass.exe
-> c:\windows\system32\pwdmon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\S24EvMon.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\TpKmpSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\1XConfig.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-11-15 21:14:36 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-15 20:14:11
Avant-CF: 8 604 598 272 octets libres
Après-CF: 8,530,083,840 octets libres
WindowsXP-KB310994-SP2-Pro-BootDisk-FRA.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect
230 --- E O F --- 2008-11-14 20:02:09
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
15 nov. 2008 à 22:31
15 nov. 2008 à 22:31
analyse ces fichiers sur virus total et colle les rapports: https://www.virustotal.com/gui/
c:\windows\system32\pwdmon.dll
c:\windows\system32\tdssinit.dll.vir
c:\windows\system32\pwdmon.dll
c:\windows\system32\tdssinit.dll.vir
coucou! voila les rapports de Virus Total pour les deux fichiers, le premier a l'air infecté :
Fichier tdssinit.dll.vir reçu le 2008.10.01 18:23:49 (CET)
Situation actuelle: terminé
Résultat: 2/36 (5.56%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - Vundo.DZC
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32 - - -
Norman - - Vundo.DZC
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Information additionnelle
MD5: 80edf7234168c45bef36c4996bc4cf88
SHA1: ee8156ce25f6d210257491fe41f4fb17bba987f4
SHA256: 37f4f632ae2132d26c273bab428ce92badbb496d4911fd54be18148211e585d9
SHA512: 8312ee5cbff56431ed49278affc82e119eccb3e2f75809669f332c878850389a2d7985f1d377b11dd4ba9b4f2f43c0daca5860ce7142183afea302d57025af9a
Fichier tdssinit.dll.vir reçu le 2008.10.01 18:23:49 (CET)
Situation actuelle: terminé
Résultat: 2/36 (5.56%)
Formaté
Impression des résultats
Antivirus Version Dernière mise à jour Résultat
AhnLab-V3 - - -
AntiVir - - -
Authentium - - -
Avast - - -
AVG - - -
BitDefender - - -
CAT-QuickHeal - - -
ClamAV - - -
DrWeb - - -
eSafe - - -
eTrust-Vet - - -
Ewido - - -
F-Prot - - -
F-Secure - - Vundo.DZC
Fortinet - - -
GData - - -
Ikarus - - -
K7AntiVirus - - -
Kaspersky - - -
McAfee - - -
Microsoft - - -
NOD32 - - -
Norman - - Vundo.DZC
Panda - - -
PCTools - - -
Prevx1 - - -
Rising - - -
SecureWeb-Gateway - - -
Sophos - - -
Sunbelt - - -
Symantec - - -
TheHacker - - -
TrendMicro - - -
VBA32 - - -
ViRobot - - -
VirusBuster - - -
Information additionnelle
MD5: 80edf7234168c45bef36c4996bc4cf88
SHA1: ee8156ce25f6d210257491fe41f4fb17bba987f4
SHA256: 37f4f632ae2132d26c273bab428ce92badbb496d4911fd54be18148211e585d9
SHA512: 8312ee5cbff56431ed49278affc82e119eccb3e2f75809669f332c878850389a2d7985f1d377b11dd4ba9b4f2f43c0daca5860ce7142183afea302d57025af9a
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 nov. 2008 à 13:23
16 nov. 2008 à 13:23
Ferme tous tes navigateurs (donc copie ou imprime les instructions avant)
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
c:\windows\system32\pwdmon.dll
c:\windows\system32\tdssinit.dll.vir
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Crée un nouveau document texte : clic droit de souris sur le bureau > Nouveau > Document Texte, et copie dedans les lignes suivantes :
File::
c:\windows\system32\pwdmon.dll
c:\windows\system32\tdssinit.dll.vir
Enregistre ce fichier sous le nom CFscript
Fait un glisser/déposer de ce fichier CFscrïpt sur le fichier ComboFix.exe
Clique sur le fichier CFScript, maintient le doigt enfoncé et glisse la souris pour que l'icône du CFScript vienne recouvrir l'icône de Combofix. Relache la souris. Combofix va démarrer.
Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
Ne touche à rien tant que le scan n'est pas terminé.
Une fois le scan achevé, un rapport va s'afficher: poste son contenu.
Remets aussi un rapport Hijackthis
Si le fichier ne s'ouvre pas, il se trouve ici > C:\ComboFix.txt
Voici le rapport de ComboFix, ainsi que celui deTrojan remover qui m'a trouvé des trucs.
Il me semble que j'ai HijackThis sur mon PC puisque Combofix en avait besoi pour s'installer, cependant je ne trouve pas le programme, quel nom a t il? Est ce que c'est Processscaner?
Merci beaucoup
ComboFix 08-11-13.02 - Célia Ukkola 2008-11-16 16:56:06.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.467 [GMT 1:00]
Lancé depuis: c:\documents and settings\Célia Ukkola\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Célia Ukkola\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
.
2008-11-14 20:21 . 2008-11-14 20:24 <REP> d-------- c:\windows\system32\fr-fr
2008-11-14 20:09 . 2008-10-03 18:12 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2008-11-14 20:09 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-14 20:09 . 2007-03-08 06:10 1,048,576 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-14 20:09 . 2008-08-26 09:11 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2008-11-14 20:09 . 2008-08-26 09:11 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-14 20:09 . 2008-08-26 09:11 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2008-11-14 20:09 . 2008-08-26 09:11 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2008-11-14 20:09 . 2008-08-26 09:11 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-14 20:09 . 2008-08-25 09:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2008-11-14 20:06 . 2008-11-14 20:07 <REP> d-------- C:\ef1d66f902976b4f586c5198906515d6
2008-11-14 13:55 . 2008-11-14 13:55 <REP> d-------- c:\program files\Avira
2008-11-14 13:55 . 2008-11-14 13:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-13 22:57 . 2008-11-15 20:35 <REP> d-------- c:\program files\UsbFix
2008-11-13 22:31 . 2008-11-13 22:53 <REP> d-------- C:\rsit
2008-11-13 22:31 . 2008-11-13 22:31 <REP> d-------- c:\program files\trend micro
2008-11-13 22:08 . 2008-11-13 22:08 <REP> d-------- c:\windows\ERUNT
2008-11-13 22:01 . 2008-11-13 22:24 <REP> d-------- C:\SDFix
2008-11-09 18:12 . 2008-11-09 18:12 <REP> d-------- c:\documents and settings\Célia Ukkola\.clamwin
2008-11-09 18:12 . 2008-11-09 18:12 <REP> d-------- c:\documents and settings\Célia Ukkola\.clamwin
2008-11-09 17:58 . 2008-11-09 17:58 210,055 --a------ C:\eG7
2008-11-05 11:35 . 2008-11-16 12:14 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-05 11:33 . 2008-11-05 11:33 <REP> d-------- c:\program files\Trojan Remover
2008-11-05 11:33 . 2008-11-05 11:33 <REP> d-------- c:\documents and settings\Célia Ukkola\Application Data\Simply Super Software
2008-11-05 11:33 . 2008-11-05 11:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-11-05 11:33 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-05 11:33 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-11-05 11:33 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-05 11:33 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-05 11:33 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-05 10:36 . 2008-11-05 11:03 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-11-05 10:34 . 2008-08-14 10:51 138,368 --------- c:\windows\system32\dllcache\afd.sys
2008-11-05 10:29 . 2008-05-01 15:31 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2008-11-02 15:17 . 2008-11-02 15:18 216,670 --a------ C:\eG6
2008-10-26 20:27 . 2008-10-26 20:28 205,938 --a------ C:\eG5
2008-10-19 12:35 . 2008-10-19 12:35 205,939 --a------ C:\eG4
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 15:50 --------- d-----w c:\program files\Lx_cats
2008-11-15 13:37 --------- d-----w c:\program files\IHMC CmapTools
2008-11-09 17:12 --------- d-----w c:\program files\ClamWin
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-20 15:39 0 ----a-w c:\program files\fr_Win_xp_pro_w_sp2.sdc
2008-10-15 16:59 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-02 11:37 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-02 08:34 --------- d-----w c:\program files\Uniblue
2008-10-01 14:28 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-10-01 14:27 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-10-01 13:40 90,112 ----a-w c:\windows\DUMP3208.tmp
2008-10-01 13:39 90,112 ----a-w c:\windows\DUMP3226.tmp
2008-10-01 12:23 --------- d-----w c:\documents and settings\Célia Ukkola\Application Data\AVG7
2008-10-01 11:21 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 05:57 53,395 ----a-w c:\windows\system32\tdssinit.dll.vir
2008-09-29 20:06 --------- d-----w c:\documents and settings\Célia Ukkola\Application Data\Grisoft
2008-09-29 11:07 --------- d-----w c:\documents and settings\Célia Ukkola\Application Data\MSN6
2008-09-22 17:06 --------- d-----w c:\documents and settings\Célia Ukkola\Application Data\ZoomBrowser EX
2008-09-22 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:39 1,846,144 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-05 22:30 952,360 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:45 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys
2008-08-27 13:41 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-20 05:37 474,624 ------w c:\windows\system32\dllcache\shlwapi.dll
2008-08-20 05:37 152,064 ------w c:\windows\system32\dllcache\cdfview.dll
2008-08-20 05:37 1,495,040 ------w c:\windows\system32\dllcache\shdocvw.dll
2008-08-20 05:37 1,056,768 ------w c:\windows\system32\dllcache\danim.dll
2008-08-20 05:37 1,024,000 ------w c:\windows\system32\dllcache\browseui.dll
2006-03-02 17:30 28,440 -c--a-w c:\documents and settings\Célia Ukkola\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-09-05 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-30 118784]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-07 94208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-06-25 36864]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 81920]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-29 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 397824]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-03-13 151597]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-09-05 86016]
"QCTray"="c:\progra~1\ThinkPad\CONNEC~1\QCTray.exe" [2004-08-18 708608]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-10-25 968072]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 c:\windows\system32\S3Tray2.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"="c:\windows\system32\advpack.dll" [2008-08-26 124928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-20 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-01-09 24576]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-08-18 11:30 258048 c:\windows\system32\QConGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli pwdmon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2002-09-04 09:05 53248 c:\windows\system32\TP4EX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackPointSrv]
--a------ 2003-11-13 11:12 94208 c:\windows\system32\tp4serv.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13319:TCP"= 13319:TCP:NortonAV
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2005-01-09 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2005-01-09 2432]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\Tppwr.sys [2005-01-09 16384]
R2 ibmfilter;ibmfilter;\??\c:\windows\system32\drivers\ibmfilter.sys [2004-09-24 64256]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [1980-01-01 13904]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\DRIVERS\LTSM.sys [2003-02-25 802683]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.SYS [2005-01-09 12288]
.
Contenu du dossier 'Tâches planifiées'
2005-06-02 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2004-07-29 09:37]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 17:02:32
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: c:\windows\system32\lsass.exe
-> c:\windows\system32\pwdmon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\S24EvMon.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\TpKmpSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
c:\program files\ThinkPad\Utilities\EzEjMnAp.Exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\ThinkPad\ConnectUtilities\QCTRAY.EXE
c:\windows\system32\1XConfig.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-11-16 17:12:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-16 16:12:17
ComboFix2.txt 2008-11-15 20:14:37
Avant-CF: 8 492 138 496 octets libres
Après-CF: 8,477,483,008 octets libres
209 --- E O F --- 2008-11-14 20:02:09
***** THE SYSTEM HAS BEEN RESTARTED *****
16/11/2008 12:04:37: Trojan Remover has been restarted
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[dla] - already deleted
HKLM\SYSTEM\CurrentControlSet\Services\PsaSrv\[ImagePath] - already deleted
=======================================================
Unable to rename C:\WINDOWS\system32\dla\tfswctrl.exe.oolll to C:\WINDOWS\system32\dla\tfswctrl.exe.oolll.vir
(C:\WINDOWS\system32\dla\tfswctrl.exe.oolll does not appear to exist)
Unable to rename C:\WINDOWS\system32\PsaSrv.exe to C:\WINDOWS\system32\PsaSrv.exe.vir
(C:\WINDOWS\system32\PsaSrv.exe does not appear to exist)
16/11/2008 12:04:37: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.3.2550. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 12:01:03 16 nov. 2008
Using Database v7178
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Célia Ukkola\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Célia Ukkola\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
[Alerts will be shown on Malware files AND files not found]
************************************************************
The following Anti-Malware program(s) are loaded:
Avira AntiVir
************************************************************
************************************************************
12:01:03: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
12:01:03: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
12:01:03: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
12:01:04: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 01/01/1980
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: S3TRAY2
Value Data: S3Tray2.exe
C:\WINDOWS\system32\S3Tray2.exe
69632 bytes
Created: 01/01/1980
Modified: 12/10/2001
Company: S3 Graphics, Inc.
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
118784 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
897024 bytes
Created: 09/01/2005
Modified: 05/02/2004
Company: IBM Corp.
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created: 01/01/1980
Modified: 07/08/2004
Company:
--------------------
Value Name: EZEJMNAP
Value Data: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
208896 bytes
Created: 09/01/2005
Modified: 25/12/2003
Company: IBM Corp.
--------------------
Value Name: UC_Start
Value Data: C:\Program Files\IBM\Updater\\ucstartup.exe
C:\Program Files\IBM\Updater\\ucstartup.exe
36864 bytes
Created: 25/06/2004
Modified: 25/06/2004
Company:
--------------------
Value Name: UpdateManager
Value Data: "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
110592 bytes
Created: 19/08/2003
Modified: 19/08/2003
Company: Sonic Solutions
--------------------
Value Name: dla
Value Data: C:\WINDOWS\system32\dla\tfswctrl.exe.oolll
C:\WINDOWS\system32\dla\tfswctrl.exe.oolll - this registry value has been removed [file not found to scan]
C:\WINDOWS\system32\dla\tfswctrl.exe.oolll - unable to take ownership/change permissions
C:\WINDOWS\system32\dla\tfswctrl.exe.oolll - marked for renaming when the PC is restarted (if it exists)
--------------------
Value Name: ibmmessages
Value Data: C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
442368 bytes
Created: 06/08/2004
Modified: 06/08/2004
Company: IBM
--------------------
Value Name: IBMPRC
Value Data: C:\IBMTOOLS\UTILS\ibmprc.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
90112 bytes
Created: 19/03/2004
Modified: 19/03/2004
Company: IBM Corp.
--------------------
Value Name: QCWLICON
Value Data: C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
81920 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
--------------------
Value Name: BMMGAG
Value Data: RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
110592 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: IBM Corp.
--------------------
Value Name: BMMLREF
Value Data: C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
20480 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company:
--------------------
Value Name: BMMMONWND
Value Data: rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll
397824 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: IBM Corp.
--------------------
Value Name: TkBellExe
Value Data: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
151597 bytes
Created: 13/03/2006
Modified: 13/03/2006
Company: RealNetworks, Inc.
--------------------
Value Name: LXCFCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll
73728 bytes
Created: 20/07/2005
Modified: 20/07/2005
Company:
--------------------
Value Name: ClamWin
Value Data: "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
C:\Program Files\ClamWin\bin\ClamTray.exe
86016 bytes
Created: 18/11/2007
Modified: 05/09/2008
Company: alch
--------------------
Value Name: QCTray
Value Data: C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
708608 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 01/08/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
--------------------
Value Name: !AVG Anti-Spyware
Value Data: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
6731312 bytes
Created: 11/06/2007
Modified: 11/06/2007
Company: GRISOFT s.r.o.
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
266497 bytes
Created: 14/11/2008
Modified: 12/06/2008
Company: Avira GmbH
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
968072 bytes
Created: 05/11/2008
Modified: 25/10/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: wextract_cleanup0
Value Data: rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\CLIAUK~1\LOCALS~1\Temp\IXP000.TMP\"
C:\WINDOWS\system32\advpack.dll
124928 bytes
Created: 01/01/1980
Modified: 26/08/2008
Company: Microsoft Corporation
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Value Name: ibmmessages
Value Data: C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
442368 bytes
Created: 06/08/2004
Modified: 06/08/2004
Company: IBM
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1460560 bytes
Created: 18/11/2007
Modified: 31/08/2007
Company: Safer Networking Limited
--------------------
Value Name: ClamWin
Value Data: "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
C:\Program Files\ClamWin\bin\ClamTray.exe
86016 bytes
Created: 18/11/2007
Modified: 05/09/2008
Company: alch
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
12:01:44: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
79408 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------
************************************************************
12:01:44: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
12:01:45: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
12:01:45: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company:
----------
************************************************************
12:01:46: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 25/02/2003
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: NWCWorkstation
Path: %SystemRoot%\System32\nwwks.dll
C:\WINDOWS\System32\nwwks.dll
65536 bytes
Created: 01/01/1980
Modified: 13/10/2006
Company: Microsoft Corporation
--------------------
************************************************************
12:01:47: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ADILOADER
ImagePath: System32\Drivers\adildr.sys
C:\WINDOWS\System32\Drivers\adildr.sys
46455 bytes
Created: 29/07/2005
Modified: 25/03/2003
Company: Analog Deivces
----------
Key: adiusbaw
ImagePath: system32\DRIVERS\adiusbaw.sys
C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
127145 bytes
Created: 29/07/2005
Modified: 27/03/2003
Company: Analog Devices Inc.
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
116176 bytes
Created: 01/01/1980
Modified: 07/04/2004
Company: Andrea Electronics Corporation
----------
Key: AegisP
ImagePath: system32\DRIVERS\AegisP.sys
C:\WINDOWS\system32\DRIVERS\AegisP.sys
16110 bytes
Created: 09/01/2005
Modified: 09/01/2005
Company: Meetinghouse Data Communications
----------
Key: ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
68865 bytes
Created: 14/11/2008
Modified: 15/10/2008
Company: Avira GmbH
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
151297 bytes
Created: 14/11/2008
Modified: 15/10/2008
Company: Avira GmbH
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
32768 bytes
Created: 15/07/2004
Modified: 15/07/2004
Company: Microsoft Corporation
----------
Key: AVG Anti-Spyware Driver
ImagePath: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
11000 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company:
----------
Key: AVG Anti-Spyware Guard
ImagePath: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
312880 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------
Key: AvgAsCln
ImagePath: System32\DRIVERS\AvgAsCln.sys
C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
10872 bytes
Created: 29/09/2008
Modified: 30/05/2007
Company: GRISOFT, s.r.o.
----------
Key: avgio
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
11840 bytes
Created: 14/11/2008
Modified: 27/02/2007
Company: Avira GmbH
----------
Key: avgntflt
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
52032 bytes
Created: 14/11/2008
Modified: 20/05/2008
Company: Avira GmbH
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\WINDOWS\system32\DRIVERS\avipbb.sys
75072 bytes
Created: 14/11/2008
Modified: 14/11/2008
Company: Avira GmbH
----------
Key: CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96341 bytes
Created: 30/09/2005
Modified: 30/09/2005
Company: Canon Inc.
----------
Key: drvmcdb
ImagePath: system32\drivers\drvmcdb.sys
C:\WINDOWS\system32\drivers\drvmcdb.sys
87168 bytes
Created: 09/01/2005
Modified: 17/08/2004
Company: Sonic Solutions
----------
Key: drvnddm
ImagePath: system32\drivers\drvnddm.sys
C:\WINDOWS\system32\drivers\drvnddm.sys
40448 bytes
Created: 09/01/2005
Modified: 14/07/2004
Company: Sonic Solutions
----------
Key: fbxusb
ImagePath: system32\DRIVERS\fbxusb32.sys
C:\WINDOWS\system32\DRIVERS\fbxusb32.sys
21344 bytes
Created: 20/10/2004
Modified: 20/10/2004
Company: FreeBox SA
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
197888 bytes
Created: 01/01/1980
Modified: 22/07/2004
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: System32\DRIVERS\ialmnt5.sys
C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
724989 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
----------
Key: IBM Rapid Restore Ultra Service
ImagePath: "C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
339968 bytes
Created: 19/03/2004
Modified: 19/03/2004
Company:
----------
Key: ibmfilter
ImagePath: \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
C:\WINDOWS\system32\drivers\ibmfilter.sys
64256 bytes
Created: 24/09/2004
Modified: 24/09/2004
Company: IBM
----------
Key: IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
11344 bytes
Created: 01/01/1980
Modified: 26/02/2004
Company: IBM Corp.
----------
Key: IBMPMSVC
ImagePath: %SystemRoot%\System32\ibmpmsvc.exe
C:\WINDOWS\System32\ibmpmsvc.exe
57344 bytes
Created: 01/01/1980
Modified: 26/02/2004
Company:
----------
Key: IBMTPCHK
ImagePath: System32\drivers\IBMBLDID.SYS
C:\WINDOWS\System32\drivers\IBMBLDID.SYS
2432 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company:
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: LucentSoftModem
ImagePath: System32\DRIVERS\LTSM.sys
C:\WINDOWS\System32\DRIVERS\LTSM.sys
802683 bytes
Created: 25/02/2003
Modified: 18/08/2001
Company: Lucent Technologies
----------
Key: lxcf_device
ImagePath: C:\WINDOWS\system32\lxcfcoms.exe -service
C:\WINDOWS\system32\lxcfcoms.exe
491520 bytes
Created: 25/07/2005
Modified: 25/07/2005
Company:
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/06/2003
Modified: 19/06/2003
Company: Microsoft Corporation
----------
Key: NSCIRDA
ImagePath: System32\DRIVERS\nscirda.sys
C:\WINDOWS\System32\DRIVERS\nscirda.sys
28672 bytes
Created: 25/02/2003
Modified: 04/08/2004
Company: National Semiconductor Corporation
----------
Key: NwlnkIpx
ImagePath: system32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
88448 bytes
Created: 01/01/1980
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: system32\DRIVERS\nwlnknb.sys
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 01/01/1980
Modified: 28/08/2001
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: system32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 01/01/1980
Modified: 28/08/2001
Company: Microsoft Corporation
----------
Key: NWRDR
ImagePath: system32\DRIVERS\nwrdr.sys
C:\WINDOWS\system32\DRIVERS\nwrdr.sys
163584 bytes
Created: 01/01/1980
Modified: 13/10/2006
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003
Modified: 28/07/2003
Company: Microsoft Corporation
----------
Key: PCANDIS5
ImagePath: \??\C:\WINDOWS\system32\PCANDIS5.SYS
C:\WINDOWS\system32\PCANDIS5.SYS
17134 bytes
Created: 20/09/2002
Modified: 20/09/2002
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: PMEM
ImagePath: \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
7012 bytes
Created: 01/06/2000
Modified: 01/06/2000
Company: Microsoft Corporation
----------
Key: psadd
ImagePath: \??\C:\WINDOWS\system32\Drivers\psadd.sys
C:\WINDOWS\system32\Drivers\psadd.sys
13312 bytes
Created: 09/01/2005
Modified: 09/01/2005
Company: Windows (R) 2000 DDK provider
----------
Key: PsaSrv
ImagePath: C:\WINDOWS\system32\PsaSrv.exe
C:\WINDOWS\system32\PsaSrv.exe - this registry value has been removed [file not found to scan]
C:\WINDOWS\system32\PsaSrv.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\PsaSrv.exe - unable to take ownership/change permissions
C:\WINDOWS\system32\PsaSrv.exe - marked for renaming when the PC is restarted (if it exists)
----------
Key: QCNDISIF
ImagePath: System32\drivers\qcndisif.SYS
C:\WINDOWS\System32\drivers\qcndisif.SYS
12288 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corporation.
----------
Key: QCONSVC
ImagePath: System32\QCONSVC.EXE
C:\WINDOWS\System32\QCONSVC.EXE
73728 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
----------
Key: RegSrvc
ImagePath: C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\RegSrvc.exe
122950 bytes
Created: 02/10/2004
Modified: 02/10/2004
Company: Intel Corporation
----------
Key: S24EventMonitor
ImagePath: C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\S24EvMon.exe
286787 bytes
Created: 02/10/2004
Modified: 02/10/2004
Company: Intel Corporation
----------
Key: s24trans
ImagePath: system32\DRIVERS\s24trans.sys
C:\WINDOWS\system32\DRIVERS\s24trans.sys
11258 bytes
Created: 02/06/2004
Modified: 02/06/2004
Company: Intel Corporation
----------
Key: S3SSavage
ImagePath: System32\DRIVERS\s3ssavm.sys
C:\WINDOWS\System32\DRIVERS\s3ssavm.sys
95104 bytes
Created: 01/01/1980
Modified: 01/11/2001
Company: S3 Graphics, Inc.
----------
Key: Secdrv
ImagePath: System32\DRIVERS\secdrv.sys
C:\WINDOWS\System32\DRIVERS\secdrv.sys
27440 bytes
Created: 01/01/1980
Modified: 26/03/2002
Company:
----------
Key: Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: Microsoft Corporation
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
266880 bytes
Created: 01/01/1980
Modified: 23/06/2004
Company: Analog Devices, Inc.
----------
Key: sscdbhk5
ImagePath: system32\drivers\sscdbhk5.sys
C:\WINDOWS\system32\drivers\sscdbhk5.sys
5627 bytes
Created: 09/01/2005
Modified: 14/07/2004
Company: Sonic Solutions
----------
Key: ssmdrv
ImagePath: system32\DRIVERS\ssmdrv.sys
C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
28352 bytes
Created: 14/11/2008
Modified: 01/03/2007
Company: Avira GmbH
----------
Key: ssrtln
ImagePath: system32\drivers\ssrtln.sys
C:\WINDOWS\system32\drivers\ssrtln.sys
23545 bytes
Created: 09/01/2005
Modified: 14/07/2004
Company: Sonic Solutions
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{69028B13-1FD8-4FAF-B7D8-040A91642270}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9341 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company:
----------
Key: tfsnboio
ImagePath: system32\dla\tfsnboio.sys
C:\WINDOWS\system32\dla\tfsnboio.sys
25723 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsncofs
ImagePath: system32\dla\tfsncofs.sys
C:\WINDOWS\system32\dla\tfsncofs.sys
34843 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsndrct
ImagePath: system32\dla\tfsndrct.sys
C:\WINDOWS\system32\dla\tfsndrct.sys
4123 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsndres
ImagePath: system32\dla\tfsndres.sys
C:\WINDOWS\system32\dla\tfsndres.sys
2271 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnifs
ImagePath: system32\dla\tfsnifs.sys
C:\WINDOWS\system32\dla\tfsnifs.sys
86202 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnopio
ImagePath: system32\dla\tfsnopio.sys
C:\WINDOWS\system32\dla\tfsnopio.sys
14715 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnpool
ImagePath: system32\dla\tfsnpool.sys
C:\WINDOWS\system32\dla\tfsnpool.sys
6363 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnudf
ImagePath: system32\dla\tfsnudf.sys
C:\WINDOWS\system32\dla\tfsnudf.sys
98714 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnudfa
ImagePath: system32\dla\tfsnudfa.sys
C:\WINDOWS\system32\dla\tfsnudfa.sys
100603 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: Tp4Track
ImagePath: System32\DRIVERS\tp4track.sys
C:\WINDOWS\System32\DRIVERS\tp4track.sys
13904 bytes
Created: 01/01/1980
Modified: 13/11/2003
Company: IBM Corporation
----------
Key: TpKmpSVC
ImagePath: C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpKmpSVC.exe
32768 bytes
Created: 09/01/2005
Modified: 12/07/2003
Company:
----------
Key: TPPWR
ImagePath: System32\drivers\Tppwr.sys
C:\WINDOWS\System32\drivers\Tppwr.sys
16384 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: IBM Corp.
----------
Key: TSMAPIP
ImagePath: System32\drivers\TSMAPIP.SYS
C:\WINDOWS\System32\drivers\TSMAPIP.SYS
7168 bytes
Created: 09/01/2005
Modified: 15/07/2004
Company:
----------
Key: TwoTrack
ImagePath: System32\DRIVERS\TwoTrack.sys
C:\WINDOWS\System32\DRIVERS\TwoTrack.sys
11520 bytes
Created: 25/02/2003
Modified: 18/08/2001
Company: IBM Corporation
----------
Key: w22n51
ImagePath: System32\DRIVERS\w22n51.sys
C:\WINDOWS\System32\DRIVERS\w22n51.sys
3151232 bytes
Created: 01/01/1980
Modified: 30/08/2004
Company: Intel® Corporation
----------
************************************************************
12:02:10: Scanning -----VXD ENTRIES-----
************************************************************
12:02:10: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
344064 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
----------
Key : QConGina
DLLName: QConGina.dll
C:\WINDOWS\system32\QConGina.dll
258048 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
----------
************************************************************
12:02:11: Scanning ----- CONTEXTMENUHANDLERS -----
Key: ClamWin
CLSID: {65713842-C410-4f44-8383-BFE01A398C90}
Path: C:\Program Files\ClamWin\bin\ExpShell.dll
C:\Program Files\ClamWin\bin\ExpShell.dll
81920 bytes
Created: 18/11/2007
Modified: 19/04/2008
Company:
----------
Key: Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
65793 bytes
Created: 14/11/2008
Modified: 12/06/2008
Company: Avira GmbH
----------
Key: ShellExtension
CLSID: [empty]
----------
************************************************************
12:02:11: Scanning ----- FOLDER\COLUMNHANDLERS -----
************************************************************
12:02:11: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
440384 bytes
Created: 09/03/2007
Modified: 26/10/2006
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
63128 bytes
Created: 12/01/2006
Modified: 12/01/2006
Company: Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
1122128 bytes
Created: 18/11/2007
Modified: 31/08/2007
Company: Safer Networking Limited
----------
Key: {5CA3D70E-1895-11CF-8E15-001234567890}
BHO: C:\WINDOWS\system32\dla\tfswshx.dll
C:\WINDOWS\system32\dla\tfswshx.dll
118842 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 01/08/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
----------
************************************************************
12:02:12: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------
************************************************************
12:02:12: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
12:02:12: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
12:02:12: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
12:02:13: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
12:02:13: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 25/02/2003
Modified: 25/02/2003
Company:
--------------------
C:\Program Files\Digital Line Detect\DLG.exe
24576 bytes
Created: 09/01/2005
Modified: 29/10/2003
Company: BVRP Software
Digital Line Detect.lnk - links to C:\Program Files\Digital Line Detect\DLG.exe
--------------------
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
29696 bytes
Created: 23/09/2005
Modified: 23/09/2005
Company: Adobe Systems Incorporated
Lancement rapide d'Adobe Reader.lnk - links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
12:02:13: Scanning ----- SCHEDULED TASKS -----
Taskname: BMMTask.job
File: C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
28672 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company:
Parameters: [blank]
Next Run Time: Never
Status: La tâche ne sera pas exécutée à l'heure prévue car elle a été désactivée
Creator: Administrateur
Comments: [blank]
----------
************************************************************
12:02:13: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
12:02:13: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Célia Ukkola\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Célia Ukkola\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 07/08/2005
Modified: 15/11/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Célia Ukkola\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 07/08/2005
Modified: 15/11/2008
Company:
----------
Additional checks completed
************************************************************
12:02:14: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\System32\ibmpmsvc.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\S24EvMon.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe - file already scanned
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - file already scanned
--------------------
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE - file already scanned
--------------------
C:\WINDOWS\system32\igfxtray.exe - file already scanned
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
--------------------
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe - file already scanned
--------------------
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
--------------------
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe - file already scanned
--------------------
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
--------------------
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe - file already scanned
--------------------
C:\IBMTOOLS\UTILS\ibmprc.exe - file already scanned
--------------------
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE - file already scanned
--------------------
C:\WINDOWS\system32\RunDll32.exe
--------------------
C:\WINDOWS\system32\rundll32.exe
--------------------
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe - file already scanned
--------------------
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe - file already scanned
--------------------
C:\WINDOWS\system32\TpKmpSVC.exe - file already scanned
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - file already scanned
--------------------
C:\Program Files\Canon\CAL\CALMAIN.exe - file already scanned
--------------------
C:\Program Files\Digital Line Detect\DLG.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\system32\1XConfig.exe
--------------------
C:\WINDOWS\system32\wuauclt.exe
--------------------
C:\WINDOWS\system32\lxcfcoms.exe - file already scanned
--------------------
C:\Documents and Settings\Célia Ukkola\Application Data\Simply Super Software\Trojan Remover\vxo25.exe
FileSize: 2618232
[This is a Trojan Remover component]
--------------------
--------------------
************************************************************
12:02:17: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
12:02:17: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
12:02:17: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
WWW.GOOGLE.FR
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
Il me semble que j'ai HijackThis sur mon PC puisque Combofix en avait besoi pour s'installer, cependant je ne trouve pas le programme, quel nom a t il? Est ce que c'est Processscaner?
Merci beaucoup
ComboFix 08-11-13.02 - Célia Ukkola 2008-11-16 16:56:06.2 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.2.1252.1.1036.18.467 [GMT 1:00]
Lancé depuis: c:\documents and settings\Célia Ukkola\Bureau\ComboFix.exe
Commutateurs utilisés :: c:\documents and settings\Célia Ukkola\Bureau\CFscript.txt
* Un nouveau point de restauration a été créé
.
((((((((((((((((((((((((((((( Fichiers créés du 2008-10-16 au 2008-11-16 ))))))))))))))))))))))))))))))))))))
.
2008-11-14 20:21 . 2008-11-14 20:24 <REP> d-------- c:\windows\system32\fr-fr
2008-11-14 20:09 . 2008-10-03 18:12 6,066,176 --------- c:\windows\system32\dllcache\ieframe.dll
2008-11-14 20:09 . 2007-04-17 10:32 2,455,488 --------- c:\windows\system32\dllcache\ieapfltr.dat
2008-11-14 20:09 . 2007-03-08 06:10 1,048,576 --------- c:\windows\system32\dllcache\ieframe.dll.mui
2008-11-14 20:09 . 2008-08-26 09:11 459,264 --------- c:\windows\system32\dllcache\msfeeds.dll
2008-11-14 20:09 . 2008-08-26 09:11 383,488 --------- c:\windows\system32\dllcache\ieapfltr.dll
2008-11-14 20:09 . 2008-08-26 09:11 267,776 --------- c:\windows\system32\dllcache\iertutil.dll
2008-11-14 20:09 . 2008-08-26 09:11 63,488 --------- c:\windows\system32\dllcache\icardie.dll
2008-11-14 20:09 . 2008-08-26 09:11 52,224 --------- c:\windows\system32\dllcache\msfeedsbs.dll
2008-11-14 20:09 . 2008-08-25 09:38 13,824 --------- c:\windows\system32\dllcache\ieudinit.exe
2008-11-14 20:06 . 2008-11-14 20:07 <REP> d-------- C:\ef1d66f902976b4f586c5198906515d6
2008-11-14 13:55 . 2008-11-14 13:55 <REP> d-------- c:\program files\Avira
2008-11-14 13:55 . 2008-11-14 13:55 <REP> d-------- c:\documents and settings\All Users\Application Data\Avira
2008-11-13 22:57 . 2008-11-15 20:35 <REP> d-------- c:\program files\UsbFix
2008-11-13 22:31 . 2008-11-13 22:53 <REP> d-------- C:\rsit
2008-11-13 22:31 . 2008-11-13 22:31 <REP> d-------- c:\program files\trend micro
2008-11-13 22:08 . 2008-11-13 22:08 <REP> d-------- c:\windows\ERUNT
2008-11-13 22:01 . 2008-11-13 22:24 <REP> d-------- C:\SDFix
2008-11-09 18:12 . 2008-11-09 18:12 <REP> d-------- c:\documents and settings\Célia Ukkola\.clamwin
2008-11-09 18:12 . 2008-11-09 18:12 <REP> d-------- c:\documents and settings\Célia Ukkola\.clamwin
2008-11-09 17:58 . 2008-11-09 17:58 210,055 --a------ C:\eG7
2008-11-05 11:35 . 2008-11-16 12:14 <REP> d-a------ c:\documents and settings\All Users\Application Data\TEMP
2008-11-05 11:33 . 2008-11-05 11:33 <REP> d-------- c:\program files\Trojan Remover
2008-11-05 11:33 . 2008-11-05 11:33 <REP> d-------- c:\documents and settings\Célia Ukkola\Application Data\Simply Super Software
2008-11-05 11:33 . 2008-11-05 11:33 <REP> d-------- c:\documents and settings\All Users\Application Data\Simply Super Software
2008-11-05 11:33 . 2006-05-25 15:52 162,304 --a------ c:\windows\system32\ztvunrar36.dll
2008-11-05 11:33 . 2003-02-02 20:06 153,088 --a------ c:\windows\system32\UNRAR3.dll
2008-11-05 11:33 . 2005-08-26 01:50 77,312 --a------ c:\windows\system32\ztvunace26.dll
2008-11-05 11:33 . 2002-03-06 01:00 75,264 --a------ c:\windows\system32\unacev2.dll
2008-11-05 11:33 . 2006-06-19 13:01 69,632 --a------ c:\windows\system32\ztvcabinet.dll
2008-11-05 10:36 . 2008-11-05 11:03 <REP> d-------- c:\windows\system32\CatRoot_bak
2008-11-05 10:34 . 2008-08-14 10:51 138,368 --------- c:\windows\system32\dllcache\afd.sys
2008-11-05 10:29 . 2008-05-01 15:31 331,776 --------- c:\windows\system32\dllcache\msadce.dll
2008-11-02 15:17 . 2008-11-02 15:18 216,670 --a------ C:\eG6
2008-10-26 20:27 . 2008-10-26 20:28 205,938 --a------ C:\eG5
2008-10-19 12:35 . 2008-10-19 12:35 205,939 --a------ C:\eG4
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-11-16 15:50 --------- d-----w c:\program files\Lx_cats
2008-11-15 13:37 --------- d-----w c:\program files\IHMC CmapTools
2008-11-09 17:12 --------- d-----w c:\program files\ClamWin
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-24 11:10 453,632 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-20 15:39 0 ----a-w c:\program files\fr_Win_xp_pro_w_sp2.sdc
2008-10-15 16:59 332,800 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-02 11:37 --------- d-----w c:\documents and settings\All Users\Application Data\Lavasoft
2008-10-02 08:34 --------- d-----w c:\program files\Uniblue
2008-10-01 14:28 --------- d-----w c:\documents and settings\All Users\Application Data\avg7
2008-10-01 14:27 --------- d-----w c:\documents and settings\All Users\Application Data\Grisoft
2008-10-01 13:40 90,112 ----a-w c:\windows\DUMP3208.tmp
2008-10-01 13:39 90,112 ----a-w c:\windows\DUMP3226.tmp
2008-10-01 12:23 --------- d-----w c:\documents and settings\Célia Ukkola\Application Data\AVG7
2008-10-01 11:21 --------- d-----w c:\documents and settings\LocalService\Application Data\AVG7
2008-09-30 15:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-30 05:57 53,395 ----a-w c:\windows\system32\tdssinit.dll.vir
2008-09-29 20:06 --------- d-----w c:\documents and settings\Célia Ukkola\Application Data\Grisoft
2008-09-29 11:07 --------- d-----w c:\documents and settings\Célia Ukkola\Application Data\MSN6
2008-09-22 17:06 --------- d-----w c:\documents and settings\Célia Ukkola\Application Data\ZoomBrowser EX
2008-09-22 16:35 --------- d-----w c:\documents and settings\All Users\Application Data\ZoomBrowser
2008-09-15 15:39 1,846,144 ----a-w c:\windows\system32\win32k.sys
2008-09-15 15:39 1,846,144 ------w c:\windows\system32\dllcache\win32k.sys
2008-09-05 22:30 952,360 ------w c:\windows\system32\dllcache\WgaTray.exe
2008-09-05 22:30 267,304 ------w c:\windows\system32\dllcache\wgaLogon.dll
2008-09-04 16:45 1,106,944 ----a-w c:\windows\system32\msxml3.dll
2008-09-04 16:45 1,106,944 ------w c:\windows\system32\dllcache\msxml3.dll
2008-08-28 10:04 333,056 ------w c:\windows\system32\dllcache\srv.sys
2008-08-27 13:41 3,593,216 ------w c:\windows\system32\dllcache\mshtml.dll
2008-08-25 08:39 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-08-23 05:56 635,848 ------w c:\windows\system32\dllcache\iexplore.exe
2008-08-23 05:54 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2008-08-20 05:37 474,624 ------w c:\windows\system32\dllcache\shlwapi.dll
2008-08-20 05:37 152,064 ------w c:\windows\system32\dllcache\cdfview.dll
2008-08-20 05:37 1,495,040 ------w c:\windows\system32\dllcache\shdocvw.dll
2008-08-20 05:37 1,056,768 ------w c:\windows\system32\dllcache\danim.dll
2008-08-20 05:37 1,024,000 ------w c:\windows\system32\dllcache\browseui.dll
2006-03-02 17:30 28,440 -c--a-w c:\documents and settings\Célia Ukkola\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\ctfmon.exe" [2004-08-20 15360]
"ibmmessages"="c:\program files\IBM\Messages By IBM\ibmmessages.exe" [2004-08-06 442368]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 1460560]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-09-05 86016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2004-07-30 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-07-30 118784]
"TPKMAPHELPER"="c:\program files\ThinkPad\Utilities\TpKmapAp.exe" [2004-02-05 897024]
"TPHOTKEY"="c:\progra~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe" [2004-08-07 94208]
"EZEJMNAP"="c:\progra~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe" [2003-12-25 208896]
"UC_Start"="c:\program files\IBM\Updater\\ucstartup.exe" [2004-06-25 36864]
"UpdateManager"="c:\program files\Fichiers communs\Sonic\Update Manager\sgtray.exe" [2003-08-19 110592]
"ibmmessages"="c:\program files\IBM\Messages By IBM\\ibmmessages.exe" [2004-08-06 442368]
"IBMPRC"="c:\ibmtools\UTILS\ibmprc.exe" [2004-03-19 90112]
"QCWLICON"="c:\program files\ThinkPad\ConnectUtilities\QCWLICON.EXE" [2004-08-18 81920]
"BMMGAG"="c:\progra~1\ThinkPad\UTILIT~1\pwrmonit.dll" [2004-07-29 110592]
"BMMLREF"="c:\program files\ThinkPad\Utilities\BMMLREF.EXE" [2004-07-29 20480]
"BMMMONWND"="c:\progra~1\ThinkPad\UTILIT~1\BatInfEx.dll" [2004-07-29 397824]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2006-03-13 151597]
"LXCFCATS"="c:\windows\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll" [2005-07-20 73728]
"ClamWin"="c:\program files\ClamWin\bin\ClamTray.exe" [2008-09-05 86016]
"QCTray"="c:\progra~1\ThinkPad\CONNEC~1\QCTray.exe" [2004-08-18 708608]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"!AVG Anti-Spyware"="c:\program files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 6731312]
"avgnt"="c:\program files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-06-12 266497]
"TrojanScanner"="c:\program files\Trojan Remover\Trjscan.exe" [2008-10-25 968072]
"S3TRAY2"="S3Tray2.exe" [2001-10-12 c:\windows\system32\S3Tray2.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"wextract_cleanup0"="c:\windows\system32\advpack.dll" [2008-08-26 124928]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-20 15360]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2005-01-09 24576]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-09-23 29696]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\QConGina]
2004-08-18 11:30 258048 c:\windows\system32\QConGina.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"MSACM.CEGSM"= mobilev.acm
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
Notification Packages REG_MULTI_SZ scecli pwdmon
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TP4EX]
--a------ 2002-09-04 09:05 53248 c:\windows\system32\TP4EX.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrackPointSrv]
--a------ 2003-11-13 11:12 94208 c:\windows\system32\tp4serv.exe
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"%ProgramFiles%\\IBM\\Updater\\jre\\bin\\java.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\java.exe"=
"c:\\Program Files\\IBM\\Updater\\jre\\bin\\javaw.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\IBM\\Updater\\ucsmb.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13319:TCP"= 13319:TCP:NortonAV
R1 ANC;ANC;c:\windows\system32\drivers\ANC.SYS [2005-01-09 11520]
R1 IBMTPCHK;IBMTPCHK;c:\windows\system32\drivers\IBMBLDID.SYS [2005-01-09 2432]
R1 TPPWR;TPPWR;c:\windows\system32\drivers\Tppwr.sys [2005-01-09 16384]
R2 ibmfilter;ibmfilter;\??\c:\windows\system32\drivers\ibmfilter.sys [2004-09-24 64256]
R3 Tp4Track;IBM PS/2 TrackPoint Driver;c:\windows\system32\DRIVERS\tp4track.sys [1980-01-01 13904]
S3 fbxusb;Carte réseau virtuelle FreeBox USB;c:\windows\system32\DRIVERS\fbxusb32.sys [2004-10-20 21344]
S3 LucentSoftModem;Lucent Technologies Soft Modem;c:\windows\system32\DRIVERS\LTSM.sys [2003-02-25 802683]
S3 QCNDISIF;QCNDISIF;c:\windows\system32\drivers\qcndisif.SYS [2005-01-09 12288]
.
Contenu du dossier 'Tâches planifiées'
2005-06-02 c:\windows\Tasks\BMMTask.job
- c:\progra~1\ThinkPad\UTILIT~1\BMMTASK.EXE [2004-07-29 09:37]
.
**************************************************************************
catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-16 17:02:32
Windows 5.1.2600 Service Pack 2 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
.
--------------------- DLLs chargées dans les processus actifs ---------------------
PROCESSUS: c:\windows\system32\lsass.exe
-> c:\windows\system32\pwdmon.dll
.
------------------------ Autres processus actifs ------------------------
.
c:\windows\system32\ibmpmsvc.exe
c:\windows\system32\S24EvMon.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\sched.exe
c:\program files\Avira\AntiVir PersonalEdition Classic\avguard.exe
c:\program files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
c:\program files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\TpKmpSvc.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
c:\program files\ThinkPad\Utilities\EzEjMnAp.Exe
c:\program files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
c:\program files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\program files\ThinkPad\ConnectUtilities\QCTRAY.EXE
c:\windows\system32\1XConfig.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Heure de fin: 2008-11-16 17:12:34 - La machine a redémarré
ComboFix-quarantined-files.txt 2008-11-16 16:12:17
ComboFix2.txt 2008-11-15 20:14:37
Avant-CF: 8 492 138 496 octets libres
Après-CF: 8,477,483,008 octets libres
209 --- E O F --- 2008-11-14 20:02:09
***** THE SYSTEM HAS BEEN RESTARTED *****
16/11/2008 12:04:37: Trojan Remover has been restarted
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\[dla] - already deleted
HKLM\SYSTEM\CurrentControlSet\Services\PsaSrv\[ImagePath] - already deleted
=======================================================
Unable to rename C:\WINDOWS\system32\dla\tfswctrl.exe.oolll to C:\WINDOWS\system32\dla\tfswctrl.exe.oolll.vir
(C:\WINDOWS\system32\dla\tfswctrl.exe.oolll does not appear to exist)
Unable to rename C:\WINDOWS\system32\PsaSrv.exe to C:\WINDOWS\system32\PsaSrv.exe.vir
(C:\WINDOWS\system32\PsaSrv.exe does not appear to exist)
16/11/2008 12:04:37: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.3.2550. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 12:01:03 16 nov. 2008
Using Database v7178
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Célia Ukkola\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Célia Ukkola\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
[Alerts will be shown on Malware files AND files not found]
************************************************************
The following Anti-Malware program(s) are loaded:
Avira AntiVir
************************************************************
************************************************************
12:01:03: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
12:01:03: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
12:01:03: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
12:01:04: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 01/01/1980
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: S3TRAY2
Value Data: S3Tray2.exe
C:\WINDOWS\system32\S3Tray2.exe
69632 bytes
Created: 01/01/1980
Modified: 12/10/2001
Company: S3 Graphics, Inc.
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
118784 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
897024 bytes
Created: 09/01/2005
Modified: 05/02/2004
Company: IBM Corp.
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created: 01/01/1980
Modified: 07/08/2004
Company:
--------------------
Value Name: EZEJMNAP
Value Data: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
208896 bytes
Created: 09/01/2005
Modified: 25/12/2003
Company: IBM Corp.
--------------------
Value Name: UC_Start
Value Data: C:\Program Files\IBM\Updater\\ucstartup.exe
C:\Program Files\IBM\Updater\\ucstartup.exe
36864 bytes
Created: 25/06/2004
Modified: 25/06/2004
Company:
--------------------
Value Name: UpdateManager
Value Data: "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
110592 bytes
Created: 19/08/2003
Modified: 19/08/2003
Company: Sonic Solutions
--------------------
Value Name: dla
Value Data: C:\WINDOWS\system32\dla\tfswctrl.exe.oolll
C:\WINDOWS\system32\dla\tfswctrl.exe.oolll - this registry value has been removed [file not found to scan]
C:\WINDOWS\system32\dla\tfswctrl.exe.oolll - unable to take ownership/change permissions
C:\WINDOWS\system32\dla\tfswctrl.exe.oolll - marked for renaming when the PC is restarted (if it exists)
--------------------
Value Name: ibmmessages
Value Data: C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
442368 bytes
Created: 06/08/2004
Modified: 06/08/2004
Company: IBM
--------------------
Value Name: IBMPRC
Value Data: C:\IBMTOOLS\UTILS\ibmprc.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
90112 bytes
Created: 19/03/2004
Modified: 19/03/2004
Company: IBM Corp.
--------------------
Value Name: QCWLICON
Value Data: C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
81920 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
--------------------
Value Name: BMMGAG
Value Data: RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
110592 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: IBM Corp.
--------------------
Value Name: BMMLREF
Value Data: C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
20480 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company:
--------------------
Value Name: BMMMONWND
Value Data: rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll
397824 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: IBM Corp.
--------------------
Value Name: TkBellExe
Value Data: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
151597 bytes
Created: 13/03/2006
Modified: 13/03/2006
Company: RealNetworks, Inc.
--------------------
Value Name: LXCFCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll
73728 bytes
Created: 20/07/2005
Modified: 20/07/2005
Company:
--------------------
Value Name: ClamWin
Value Data: "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
C:\Program Files\ClamWin\bin\ClamTray.exe
86016 bytes
Created: 18/11/2007
Modified: 05/09/2008
Company: alch
--------------------
Value Name: QCTray
Value Data: C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
708608 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 01/08/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
--------------------
Value Name: !AVG Anti-Spyware
Value Data: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
6731312 bytes
Created: 11/06/2007
Modified: 11/06/2007
Company: GRISOFT s.r.o.
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
266497 bytes
Created: 14/11/2008
Modified: 12/06/2008
Company: Avira GmbH
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
968072 bytes
Created: 05/11/2008
Modified: 25/10/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: wextract_cleanup0
Value Data: rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\CLIAUK~1\LOCALS~1\Temp\IXP000.TMP\"
C:\WINDOWS\system32\advpack.dll
124928 bytes
Created: 01/01/1980
Modified: 26/08/2008
Company: Microsoft Corporation
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Value Name: ibmmessages
Value Data: C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
442368 bytes
Created: 06/08/2004
Modified: 06/08/2004
Company: IBM
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1460560 bytes
Created: 18/11/2007
Modified: 31/08/2007
Company: Safer Networking Limited
--------------------
Value Name: ClamWin
Value Data: "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
C:\Program Files\ClamWin\bin\ClamTray.exe
86016 bytes
Created: 18/11/2007
Modified: 05/09/2008
Company: alch
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
12:01:44: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
79408 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------
************************************************************
12:01:44: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
12:01:45: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
12:01:45: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company:
----------
************************************************************
12:01:46: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 25/02/2003
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: NWCWorkstation
Path: %SystemRoot%\System32\nwwks.dll
C:\WINDOWS\System32\nwwks.dll
65536 bytes
Created: 01/01/1980
Modified: 13/10/2006
Company: Microsoft Corporation
--------------------
************************************************************
12:01:47: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ADILOADER
ImagePath: System32\Drivers\adildr.sys
C:\WINDOWS\System32\Drivers\adildr.sys
46455 bytes
Created: 29/07/2005
Modified: 25/03/2003
Company: Analog Deivces
----------
Key: adiusbaw
ImagePath: system32\DRIVERS\adiusbaw.sys
C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
127145 bytes
Created: 29/07/2005
Modified: 27/03/2003
Company: Analog Devices Inc.
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
116176 bytes
Created: 01/01/1980
Modified: 07/04/2004
Company: Andrea Electronics Corporation
----------
Key: AegisP
ImagePath: system32\DRIVERS\AegisP.sys
C:\WINDOWS\system32\DRIVERS\AegisP.sys
16110 bytes
Created: 09/01/2005
Modified: 09/01/2005
Company: Meetinghouse Data Communications
----------
Key: ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
68865 bytes
Created: 14/11/2008
Modified: 15/10/2008
Company: Avira GmbH
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
151297 bytes
Created: 14/11/2008
Modified: 15/10/2008
Company: Avira GmbH
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
32768 bytes
Created: 15/07/2004
Modified: 15/07/2004
Company: Microsoft Corporation
----------
Key: AVG Anti-Spyware Driver
ImagePath: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
11000 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company:
----------
Key: AVG Anti-Spyware Guard
ImagePath: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
312880 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------
Key: AvgAsCln
ImagePath: System32\DRIVERS\AvgAsCln.sys
C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
10872 bytes
Created: 29/09/2008
Modified: 30/05/2007
Company: GRISOFT, s.r.o.
----------
Key: avgio
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
11840 bytes
Created: 14/11/2008
Modified: 27/02/2007
Company: Avira GmbH
----------
Key: avgntflt
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
52032 bytes
Created: 14/11/2008
Modified: 20/05/2008
Company: Avira GmbH
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\WINDOWS\system32\DRIVERS\avipbb.sys
75072 bytes
Created: 14/11/2008
Modified: 14/11/2008
Company: Avira GmbH
----------
Key: CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96341 bytes
Created: 30/09/2005
Modified: 30/09/2005
Company: Canon Inc.
----------
Key: drvmcdb
ImagePath: system32\drivers\drvmcdb.sys
C:\WINDOWS\system32\drivers\drvmcdb.sys
87168 bytes
Created: 09/01/2005
Modified: 17/08/2004
Company: Sonic Solutions
----------
Key: drvnddm
ImagePath: system32\drivers\drvnddm.sys
C:\WINDOWS\system32\drivers\drvnddm.sys
40448 bytes
Created: 09/01/2005
Modified: 14/07/2004
Company: Sonic Solutions
----------
Key: fbxusb
ImagePath: system32\DRIVERS\fbxusb32.sys
C:\WINDOWS\system32\DRIVERS\fbxusb32.sys
21344 bytes
Created: 20/10/2004
Modified: 20/10/2004
Company: FreeBox SA
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
197888 bytes
Created: 01/01/1980
Modified: 22/07/2004
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: System32\DRIVERS\ialmnt5.sys
C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
724989 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
----------
Key: IBM Rapid Restore Ultra Service
ImagePath: "C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
339968 bytes
Created: 19/03/2004
Modified: 19/03/2004
Company:
----------
Key: ibmfilter
ImagePath: \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
C:\WINDOWS\system32\drivers\ibmfilter.sys
64256 bytes
Created: 24/09/2004
Modified: 24/09/2004
Company: IBM
----------
Key: IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
11344 bytes
Created: 01/01/1980
Modified: 26/02/2004
Company: IBM Corp.
----------
Key: IBMPMSVC
ImagePath: %SystemRoot%\System32\ibmpmsvc.exe
C:\WINDOWS\System32\ibmpmsvc.exe
57344 bytes
Created: 01/01/1980
Modified: 26/02/2004
Company:
----------
Key: IBMTPCHK
ImagePath: System32\drivers\IBMBLDID.SYS
C:\WINDOWS\System32\drivers\IBMBLDID.SYS
2432 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company:
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: LucentSoftModem
ImagePath: System32\DRIVERS\LTSM.sys
C:\WINDOWS\System32\DRIVERS\LTSM.sys
802683 bytes
Created: 25/02/2003
Modified: 18/08/2001
Company: Lucent Technologies
----------
Key: lxcf_device
ImagePath: C:\WINDOWS\system32\lxcfcoms.exe -service
C:\WINDOWS\system32\lxcfcoms.exe
491520 bytes
Created: 25/07/2005
Modified: 25/07/2005
Company:
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/06/2003
Modified: 19/06/2003
Company: Microsoft Corporation
----------
Key: NSCIRDA
ImagePath: System32\DRIVERS\nscirda.sys
C:\WINDOWS\System32\DRIVERS\nscirda.sys
28672 bytes
Created: 25/02/2003
Modified: 04/08/2004
Company: National Semiconductor Corporation
----------
Key: NwlnkIpx
ImagePath: system32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
88448 bytes
Created: 01/01/1980
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: system32\DRIVERS\nwlnknb.sys
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 01/01/1980
Modified: 28/08/2001
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: system32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 01/01/1980
Modified: 28/08/2001
Company: Microsoft Corporation
----------
Key: NWRDR
ImagePath: system32\DRIVERS\nwrdr.sys
C:\WINDOWS\system32\DRIVERS\nwrdr.sys
163584 bytes
Created: 01/01/1980
Modified: 13/10/2006
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003
Modified: 28/07/2003
Company: Microsoft Corporation
----------
Key: PCANDIS5
ImagePath: \??\C:\WINDOWS\system32\PCANDIS5.SYS
C:\WINDOWS\system32\PCANDIS5.SYS
17134 bytes
Created: 20/09/2002
Modified: 20/09/2002
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: PMEM
ImagePath: \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
7012 bytes
Created: 01/06/2000
Modified: 01/06/2000
Company: Microsoft Corporation
----------
Key: psadd
ImagePath: \??\C:\WINDOWS\system32\Drivers\psadd.sys
C:\WINDOWS\system32\Drivers\psadd.sys
13312 bytes
Created: 09/01/2005
Modified: 09/01/2005
Company: Windows (R) 2000 DDK provider
----------
Key: PsaSrv
ImagePath: C:\WINDOWS\system32\PsaSrv.exe
C:\WINDOWS\system32\PsaSrv.exe - this registry value has been removed [file not found to scan]
C:\WINDOWS\system32\PsaSrv.exe - process is either not running or could not be terminated
C:\WINDOWS\system32\PsaSrv.exe - unable to take ownership/change permissions
C:\WINDOWS\system32\PsaSrv.exe - marked for renaming when the PC is restarted (if it exists)
----------
Key: QCNDISIF
ImagePath: System32\drivers\qcndisif.SYS
C:\WINDOWS\System32\drivers\qcndisif.SYS
12288 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corporation.
----------
Key: QCONSVC
ImagePath: System32\QCONSVC.EXE
C:\WINDOWS\System32\QCONSVC.EXE
73728 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
----------
Key: RegSrvc
ImagePath: C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\RegSrvc.exe
122950 bytes
Created: 02/10/2004
Modified: 02/10/2004
Company: Intel Corporation
----------
Key: S24EventMonitor
ImagePath: C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\S24EvMon.exe
286787 bytes
Created: 02/10/2004
Modified: 02/10/2004
Company: Intel Corporation
----------
Key: s24trans
ImagePath: system32\DRIVERS\s24trans.sys
C:\WINDOWS\system32\DRIVERS\s24trans.sys
11258 bytes
Created: 02/06/2004
Modified: 02/06/2004
Company: Intel Corporation
----------
Key: S3SSavage
ImagePath: System32\DRIVERS\s3ssavm.sys
C:\WINDOWS\System32\DRIVERS\s3ssavm.sys
95104 bytes
Created: 01/01/1980
Modified: 01/11/2001
Company: S3 Graphics, Inc.
----------
Key: Secdrv
ImagePath: System32\DRIVERS\secdrv.sys
C:\WINDOWS\System32\DRIVERS\secdrv.sys
27440 bytes
Created: 01/01/1980
Modified: 26/03/2002
Company:
----------
Key: Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: Microsoft Corporation
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
266880 bytes
Created: 01/01/1980
Modified: 23/06/2004
Company: Analog Devices, Inc.
----------
Key: sscdbhk5
ImagePath: system32\drivers\sscdbhk5.sys
C:\WINDOWS\system32\drivers\sscdbhk5.sys
5627 bytes
Created: 09/01/2005
Modified: 14/07/2004
Company: Sonic Solutions
----------
Key: ssmdrv
ImagePath: system32\DRIVERS\ssmdrv.sys
C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
28352 bytes
Created: 14/11/2008
Modified: 01/03/2007
Company: Avira GmbH
----------
Key: ssrtln
ImagePath: system32\drivers\ssrtln.sys
C:\WINDOWS\system32\drivers\ssrtln.sys
23545 bytes
Created: 09/01/2005
Modified: 14/07/2004
Company: Sonic Solutions
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{69028B13-1FD8-4FAF-B7D8-040A91642270}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9341 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company:
----------
Key: tfsnboio
ImagePath: system32\dla\tfsnboio.sys
C:\WINDOWS\system32\dla\tfsnboio.sys
25723 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsncofs
ImagePath: system32\dla\tfsncofs.sys
C:\WINDOWS\system32\dla\tfsncofs.sys
34843 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsndrct
ImagePath: system32\dla\tfsndrct.sys
C:\WINDOWS\system32\dla\tfsndrct.sys
4123 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsndres
ImagePath: system32\dla\tfsndres.sys
C:\WINDOWS\system32\dla\tfsndres.sys
2271 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnifs
ImagePath: system32\dla\tfsnifs.sys
C:\WINDOWS\system32\dla\tfsnifs.sys
86202 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnopio
ImagePath: system32\dla\tfsnopio.sys
C:\WINDOWS\system32\dla\tfsnopio.sys
14715 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnpool
ImagePath: system32\dla\tfsnpool.sys
C:\WINDOWS\system32\dla\tfsnpool.sys
6363 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnudf
ImagePath: system32\dla\tfsnudf.sys
C:\WINDOWS\system32\dla\tfsnudf.sys
98714 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnudfa
ImagePath: system32\dla\tfsnudfa.sys
C:\WINDOWS\system32\dla\tfsnudfa.sys
100603 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: Tp4Track
ImagePath: System32\DRIVERS\tp4track.sys
C:\WINDOWS\System32\DRIVERS\tp4track.sys
13904 bytes
Created: 01/01/1980
Modified: 13/11/2003
Company: IBM Corporation
----------
Key: TpKmpSVC
ImagePath: C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpKmpSVC.exe
32768 bytes
Created: 09/01/2005
Modified: 12/07/2003
Company:
----------
Key: TPPWR
ImagePath: System32\drivers\Tppwr.sys
C:\WINDOWS\System32\drivers\Tppwr.sys
16384 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: IBM Corp.
----------
Key: TSMAPIP
ImagePath: System32\drivers\TSMAPIP.SYS
C:\WINDOWS\System32\drivers\TSMAPIP.SYS
7168 bytes
Created: 09/01/2005
Modified: 15/07/2004
Company:
----------
Key: TwoTrack
ImagePath: System32\DRIVERS\TwoTrack.sys
C:\WINDOWS\System32\DRIVERS\TwoTrack.sys
11520 bytes
Created: 25/02/2003
Modified: 18/08/2001
Company: IBM Corporation
----------
Key: w22n51
ImagePath: System32\DRIVERS\w22n51.sys
C:\WINDOWS\System32\DRIVERS\w22n51.sys
3151232 bytes
Created: 01/01/1980
Modified: 30/08/2004
Company: Intel® Corporation
----------
************************************************************
12:02:10: Scanning -----VXD ENTRIES-----
************************************************************
12:02:10: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
344064 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
----------
Key : QConGina
DLLName: QConGina.dll
C:\WINDOWS\system32\QConGina.dll
258048 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
----------
************************************************************
12:02:11: Scanning ----- CONTEXTMENUHANDLERS -----
Key: ClamWin
CLSID: {65713842-C410-4f44-8383-BFE01A398C90}
Path: C:\Program Files\ClamWin\bin\ExpShell.dll
C:\Program Files\ClamWin\bin\ExpShell.dll
81920 bytes
Created: 18/11/2007
Modified: 19/04/2008
Company:
----------
Key: Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
65793 bytes
Created: 14/11/2008
Modified: 12/06/2008
Company: Avira GmbH
----------
Key: ShellExtension
CLSID: [empty]
----------
************************************************************
12:02:11: Scanning ----- FOLDER\COLUMNHANDLERS -----
************************************************************
12:02:11: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
440384 bytes
Created: 09/03/2007
Modified: 26/10/2006
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
63128 bytes
Created: 12/01/2006
Modified: 12/01/2006
Company: Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
1122128 bytes
Created: 18/11/2007
Modified: 31/08/2007
Company: Safer Networking Limited
----------
Key: {5CA3D70E-1895-11CF-8E15-001234567890}
BHO: C:\WINDOWS\system32\dla\tfswshx.dll
C:\WINDOWS\system32\dla\tfswshx.dll
118842 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 01/08/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
----------
************************************************************
12:02:12: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------
************************************************************
12:02:12: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
12:02:12: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
12:02:12: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
12:02:13: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
12:02:13: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 25/02/2003
Modified: 25/02/2003
Company:
--------------------
C:\Program Files\Digital Line Detect\DLG.exe
24576 bytes
Created: 09/01/2005
Modified: 29/10/2003
Company: BVRP Software
Digital Line Detect.lnk - links to C:\Program Files\Digital Line Detect\DLG.exe
--------------------
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
29696 bytes
Created: 23/09/2005
Modified: 23/09/2005
Company: Adobe Systems Incorporated
Lancement rapide d'Adobe Reader.lnk - links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
12:02:13: Scanning ----- SCHEDULED TASKS -----
Taskname: BMMTask.job
File: C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
28672 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company:
Parameters: [blank]
Next Run Time: Never
Status: La tâche ne sera pas exécutée à l'heure prévue car elle a été désactivée
Creator: Administrateur
Comments: [blank]
----------
************************************************************
12:02:13: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
12:02:13: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Célia Ukkola\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Célia Ukkola\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 07/08/2005
Modified: 15/11/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Célia Ukkola\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 07/08/2005
Modified: 15/11/2008
Company:
----------
Additional checks completed
************************************************************
12:02:14: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\System32\ibmpmsvc.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\S24EvMon.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe - file already scanned
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - file already scanned
--------------------
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE - file already scanned
--------------------
C:\WINDOWS\system32\igfxtray.exe - file already scanned
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
--------------------
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe - file already scanned
--------------------
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
--------------------
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe - file already scanned
--------------------
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
--------------------
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe - file already scanned
--------------------
C:\IBMTOOLS\UTILS\ibmprc.exe - file already scanned
--------------------
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE - file already scanned
--------------------
C:\WINDOWS\system32\RunDll32.exe
--------------------
C:\WINDOWS\system32\rundll32.exe
--------------------
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe - file already scanned
--------------------
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe - file already scanned
--------------------
C:\WINDOWS\system32\TpKmpSVC.exe - file already scanned
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - file already scanned
--------------------
C:\Program Files\Canon\CAL\CALMAIN.exe - file already scanned
--------------------
C:\Program Files\Digital Line Detect\DLG.exe
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\system32\1XConfig.exe
--------------------
C:\WINDOWS\system32\wuauclt.exe
--------------------
C:\WINDOWS\system32\lxcfcoms.exe - file already scanned
--------------------
C:\Documents and Settings\Célia Ukkola\Application Data\Simply Super Software\Trojan Remover\vxo25.exe
FileSize: 2618232
[This is a Trojan Remover component]
--------------------
--------------------
************************************************************
12:02:17: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
12:02:17: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
12:02:17: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://www.google.com/toolbar/ie8/sidebar.html
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
WWW.GOOGLE.FR
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
En fait, HijachThis figure quand je regarde dans panneau de configuration > ajout/ suppression de programme mais il n'y a rien d'affiché concernant sa taille et date...
Ensuite, l'installation et la mise à jour d'Internet Explorer n'a pas maché, je sais pas ce qui s'est Windows a été hyper long pour l'installer. Ce qui fait que je n'ai pas le programme mais pareil, il est present dans le ajout/ suppression de programme.
Qu'est ce qu'il fait que je fasse? je le reinstalle?
Ensuite, l'installation et la mise à jour d'Internet Explorer n'a pas maché, je sais pas ce qui s'est Windows a été hyper long pour l'installer. Ce qui fait que je n'ai pas le programme mais pareil, il est present dans le ajout/ suppression de programme.
Qu'est ce qu'il fait que je fasse? je le reinstalle?
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
16 nov. 2008 à 19:46
16 nov. 2008 à 19:46
télécharge OTMoveIt
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
:files
c:\windows\system32\pwdmon.dll
c:\windows\system32\tdssinit.dll.vir
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
____________________________
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
http://oldtimer.geekstogo.com/OTMoveIt3.exe (de Old_Timer) sur ton Bureau.
double-clique sur OTMoveIt.exe pour le lancer.
copie la liste qui se trouve en citation ci-dessous,
et colle-la dans le cadre de gauche de OTMoveIt :Paste List of Files/Folders to be moved.
:files
c:\windows\system32\pwdmon.dll
c:\windows\system32\tdssinit.dll.vir
clique sur MoveIt! pour lancer la suppression.
le résultat apparaitra dans le cadre "Results".
clique sur Exit pour fermer.
poste le rapport situé dans C:\_OTMoveIt\MovedFiles.
il te sera peut-être demander de redémarrer le pc pour achever la suppression.si c'est le cas accepte par Yes.
____________________________
scan avec
MalwareByte's Anti-Malware et vire ce qui est trouvé et colle le rapport
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
le MoveIt ne veut pas marcher:
Results =
Error: Unable to interpret <c:\windows\system32\pwdmon.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\tdssinit.dll.vir > in the current context!
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11172008_093318
porquoi? je vais scannner avec l'autre
Results =
Error: Unable to interpret <c:\windows\system32\pwdmon.dll> in the current context!
Error: Unable to interpret <c:\windows\system32\tdssinit.dll.vir > in the current context!
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11172008_093318
porquoi? je vais scannner avec l'autre
voici le rapport de Malwarebytes, il a trouvé deux elements Trojan (dont un par rapport auquel Spybot m'avertit d'un changement à chaque fois que j'allume le PC: valeur supprimée: wextract_cleanup0; ancienne version : rundll32.exe advpackdllDelNodeRunDLL32) est ce que je continue à lui refuser la modification?
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1403
Windows 5.1.2600 Service Pack 2
17/11/2008 10:51:42
mbam-log-2008-11-17 (10-51-42).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 95587
Temps écoulé: 1 hour(s), 13 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\wextract_cleanup0 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\advpack.dll (Trojan.Agent) -> Delete on reboot.
Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1403
Windows 5.1.2600 Service Pack 2
17/11/2008 10:51:42
mbam-log-2008-11-17 (10-51-42).txt
Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 95587
Temps écoulé: 1 hour(s), 13 minute(s), 12 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Runonce\wextract_cleanup0 (Trojan.Agent) -> Quarantined and deleted successfully.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
C:\WINDOWS\system32\advpack.dll (Trojan.Agent) -> Delete on reboot.
jlpjlp
Messages postés
51580
Date d'inscription
vendredi 18 mai 2007
Statut
Contributeur sécurité
Dernière intervention
3 mai 2022
5 040
17 nov. 2008 à 13:17
17 nov. 2008 à 13:17
pour otmovit as tu bien mis avant les deux fichiers :files ? C'est important pour que otmovit marche
Ok, voici le rapport de MoveIt,
sinon est ce que tu a une idée de ce que c'est ce "advpack rundll32" qui bug avec Spybot???
========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\pwdmon.dll
c:\windows\system32\pwdmon.dll NOT unregistered.
c:\windows\system32\pwdmon.dll moved successfully.
c:\windows\system32\tdssinit.dll.vir moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11172008_174356
sinon est ce que tu a une idée de ce que c'est ce "advpack rundll32" qui bug avec Spybot???
========== FILES ==========
DllUnregisterServer procedure not found in c:\windows\system32\pwdmon.dll
c:\windows\system32\pwdmon.dll NOT unregistered.
c:\windows\system32\pwdmon.dll moved successfully.
c:\windows\system32\tdssinit.dll.vir moved successfully.
OTMoveIt3 by OldTimer - Version 1.0.7.1 log created on 11172008_174356
je viens de lancer trojan remover qui m'a deecté ce fichier advpack comme suspect, apparement il a pas reussi à le virer completement:
***** THE SYSTEM HAS BEEN RESTARTED *****
17/11/2008 17:53:30: Trojan Remover has been restarted
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\[wextract_cleanup0] - already deleted
=======================================================
Unable to rename C:\WINDOWS\system32\advpack.dll to C:\WINDOWS\system32\advpack.dll.vir
(C:\WINDOWS\system32\advpack.dll does not appear to exist)
17/11/2008 17:53:30: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.3.2550. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 17:50:23 17 nov. 2008
Using Database v7178
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Célia Ukkola\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Célia Ukkola\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
[Alerts will be shown on Malware files AND files not found]
************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Spyware
Avira AntiVir
************************************************************
************************************************************
17:50:23: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
17:50:23: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
17:50:23: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
17:50:24: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 01/01/1980
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: S3TRAY2
Value Data: S3Tray2.exe
C:\WINDOWS\system32\S3Tray2.exe
69632 bytes
Created: 01/01/1980
Modified: 12/10/2001
Company: S3 Graphics, Inc.
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
118784 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
897024 bytes
Created: 09/01/2005
Modified: 05/02/2004
Company: IBM Corp.
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created: 01/01/1980
Modified: 07/08/2004
Company:
--------------------
Value Name: EZEJMNAP
Value Data: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
208896 bytes
Created: 09/01/2005
Modified: 25/12/2003
Company: IBM Corp.
--------------------
Value Name: UC_Start
Value Data: C:\Program Files\IBM\Updater\\ucstartup.exe
C:\Program Files\IBM\Updater\\ucstartup.exe
36864 bytes
Created: 25/06/2004
Modified: 25/06/2004
Company:
--------------------
Value Name: UpdateManager
Value Data: "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
110592 bytes
Created: 19/08/2003
Modified: 19/08/2003
Company: Sonic Solutions
--------------------
Value Name: ibmmessages
Value Data: C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
442368 bytes
Created: 06/08/2004
Modified: 06/08/2004
Company: IBM
--------------------
Value Name: IBMPRC
Value Data: C:\IBMTOOLS\UTILS\ibmprc.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
90112 bytes
Created: 19/03/2004
Modified: 19/03/2004
Company: IBM Corp.
--------------------
Value Name: QCWLICON
Value Data: C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
81920 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
--------------------
Value Name: BMMGAG
Value Data: RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
110592 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: IBM Corp.
--------------------
Value Name: BMMLREF
Value Data: C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
20480 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company:
--------------------
Value Name: BMMMONWND
Value Data: rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll
397824 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: IBM Corp.
--------------------
Value Name: TkBellExe
Value Data: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
151597 bytes
Created: 13/03/2006
Modified: 13/03/2006
Company: RealNetworks, Inc.
--------------------
Value Name: LXCFCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll
73728 bytes
Created: 20/07/2005
Modified: 20/07/2005
Company:
--------------------
Value Name: ClamWin
Value Data: "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
C:\Program Files\ClamWin\bin\ClamTray.exe
86016 bytes
Created: 18/11/2007
Modified: 05/09/2008
Company: alch
--------------------
Value Name: QCTray
Value Data: C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
708608 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 01/08/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
--------------------
Value Name: !AVG Anti-Spyware
Value Data: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
6731312 bytes
Created: 11/06/2007
Modified: 11/06/2007
Company: GRISOFT s.r.o.
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
266497 bytes
Created: 14/11/2008
Modified: 12/06/2008
Company: Avira GmbH
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
968072 bytes
Created: 05/11/2008
Modified: 25/10/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: wextract_cleanup0
Value Data: rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\CLIAUK~1\LOCALS~1\Temp\IXP000.TMP\"
C:\WINDOWS\system32\advpack.dll - unable to take ownership/change permissions
C:\WINDOWS\system32\advpack.dll - this reference has been removed
C:\WINDOWS\system32\advpack.dll - marked for renaming when the PC is restarted (if it exists)
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Value Name: ibmmessages
Value Data: C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
442368 bytes
Created: 06/08/2004
Modified: 06/08/2004
Company: IBM
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1460560 bytes
Created: 18/11/2007
Modified: 31/08/2007
Company: Safer Networking Limited
--------------------
Value Name: ClamWin
Value Data: "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
C:\Program Files\ClamWin\bin\ClamTray.exe
86016 bytes
Created: 18/11/2007
Modified: 05/09/2008
Company: alch
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
17:50:49: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
79408 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------
************************************************************
17:50:49: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
17:50:49: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
17:50:49: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company:
----------
************************************************************
17:50:50: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 25/02/2003
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: NWCWorkstation
Path: %SystemRoot%\System32\nwwks.dll
C:\WINDOWS\System32\nwwks.dll
65536 bytes
Created: 01/01/1980
Modified: 13/10/2006
Company: Microsoft Corporation
--------------------
************************************************************
17:50:50: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ADILOADER
ImagePath: System32\Drivers\adildr.sys
C:\WINDOWS\System32\Drivers\adildr.sys
46455 bytes
Created: 29/07/2005
Modified: 25/03/2003
Company: Analog Deivces
----------
Key: adiusbaw
ImagePath: system32\DRIVERS\adiusbaw.sys
C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
127145 bytes
Created: 29/07/2005
Modified: 27/03/2003
Company: Analog Devices Inc.
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
116176 bytes
Created: 01/01/1980
Modified: 07/04/2004
Company: Andrea Electronics Corporation
----------
Key: AegisP
ImagePath: system32\DRIVERS\AegisP.sys
C:\WINDOWS\system32\DRIVERS\AegisP.sys
16110 bytes
Created: 09/01/2005
Modified: 09/01/2005
Company: Meetinghouse Data Communications
----------
Key: ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
68865 bytes
Created: 14/11/2008
Modified: 15/10/2008
Company: Avira GmbH
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
151297 bytes
Created: 14/11/2008
Modified: 15/10/2008
Company: Avira GmbH
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
32768 bytes
Created: 15/07/2004
Modified: 15/07/2004
Company: Microsoft Corporation
----------
Key: AVG Anti-Spyware Driver
ImagePath: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
11000 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company:
----------
Key: AVG Anti-Spyware Guard
ImagePath: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
312880 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------
Key: AvgAsCln
ImagePath: System32\DRIVERS\AvgAsCln.sys
C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
10872 bytes
Created: 29/09/2008
Modified: 30/05/2007
Company: GRISOFT, s.r.o.
----------
Key: avgio
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
11840 bytes
Created: 14/11/2008
Modified: 27/02/2007
Company: Avira GmbH
----------
Key: avgntflt
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
52032 bytes
Created: 14/11/2008
Modified: 20/05/2008
Company: Avira GmbH
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\WINDOWS\system32\DRIVERS\avipbb.sys
75072 bytes
Created: 14/11/2008
Modified: 14/11/2008
Company: Avira GmbH
----------
Key: catchme
ImagePath: \??\C:\ComboFix\catchme.sys - this file is globally excluded
----------
Key: CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96341 bytes
Created: 30/09/2005
Modified: 30/09/2005
Company: Canon Inc.
----------
Key: drvmcdb
ImagePath: system32\drivers\drvmcdb.sys
C:\WINDOWS\system32\drivers\drvmcdb.sys
87168 bytes
Created: 09/01/2005
Modified: 17/08/2004
Company: Sonic Solutions
----------
Key: drvnddm
ImagePath: system32\drivers\drvnddm.sys
C:\WINDOWS\system32\drivers\drvnddm.sys
40448 bytes
Created: 09/01/2005
Modified: 14/07/2004
Company: Sonic Solutions
----------
Key: fbxusb
ImagePath: system32\DRIVERS\fbxusb32.sys
C:\WINDOWS\system32\DRIVERS\fbxusb32.sys
21344 bytes
Created: 20/10/2004
Modified: 20/10/2004
Company: FreeBox SA
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
197888 bytes
Created: 01/01/1980
Modified: 22/07/2004
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: System32\DRIVERS\ialmnt5.sys
C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
724989 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
----------
Key: IBM Rapid Restore Ultra Service
ImagePath: "C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
339968 bytes
Created: 19/03/2004
Modified: 19/03/2004
Company:
----------
Key: ibmfilter
ImagePath: \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
C:\WINDOWS\system32\drivers\ibmfilter.sys
64256 bytes
Created: 24/09/2004
Modified: 24/09/2004
Company: IBM
----------
Key: IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
11344 bytes
Created: 01/01/1980
Modified: 26/02/2004
Company: IBM Corp.
----------
Key: IBMPMSVC
ImagePath: %SystemRoot%\System32\ibmpmsvc.exe
C:\WINDOWS\System32\ibmpmsvc.exe
57344 bytes
Created: 01/01/1980
Modified: 26/02/2004
Company:
----------
Key: IBMTPCHK
ImagePath: System32\drivers\IBMBLDID.SYS
C:\WINDOWS\System32\drivers\IBMBLDID.SYS
2432 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company:
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: LucentSoftModem
ImagePath: System32\DRIVERS\LTSM.sys
C:\WINDOWS\System32\DRIVERS\LTSM.sys
802683 bytes
Created: 25/02/2003
Modified: 18/08/2001
Company: Lucent Technologies
----------
Key: lxcf_device
ImagePath: C:\WINDOWS\system32\lxcfcoms.exe -service
C:\WINDOWS\system32\lxcfcoms.exe
491520 bytes
Created: 25/07/2005
Modified: 25/07/2005
Company:
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/06/2003
Modified: 19/06/2003
Company: Microsoft Corporation
----------
Key: NSCIRDA
ImagePath: System32\DRIVERS\nscirda.sys
C:\WINDOWS\System32\DRIVERS\nscirda.sys
28672 bytes
Created: 25/02/2003
Modified: 04/08/2004
Company: National Semiconductor Corporation
----------
Key: NwlnkIpx
ImagePath: system32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
88448 bytes
Created: 01/01/1980
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: system32\DRIVERS\nwlnknb.sys
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 01/01/1980
Modified: 28/08/2001
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: system32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 01/01/1980
Modified: 28/08/2001
Company: Microsoft Corporation
----------
Key: NWRDR
ImagePath: system32\DRIVERS\nwrdr.sys
C:\WINDOWS\system32\DRIVERS\nwrdr.sys
163584 bytes
Created: 01/01/1980
Modified: 13/10/2006
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003
Modified: 28/07/2003
Company: Microsoft Corporation
----------
Key: PCANDIS5
ImagePath: \??\C:\WINDOWS\system32\PCANDIS5.SYS
C:\WINDOWS\system32\PCANDIS5.SYS
17134 bytes
Created: 20/09/2002
Modified: 20/09/2002
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: PMEM
ImagePath: \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
7012 bytes
Created: 01/06/2000
Modified: 01/06/2000
Company: Microsoft Corporation
----------
Key: psadd
ImagePath: \??\C:\WINDOWS\system32\Drivers\psadd.sys
C:\WINDOWS\system32\Drivers\psadd.sys
13312 bytes
Created: 09/01/2005
Modified: 09/01/2005
Company: Windows (R) 2000 DDK provider
----------
Key: QCNDISIF
ImagePath: System32\drivers\qcndisif.SYS
C:\WINDOWS\System32\drivers\qcndisif.SYS
12288 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corporation.
----------
Key: QCONSVC
ImagePath: System32\QCONSVC.EXE
C:\WINDOWS\System32\QCONSVC.EXE
73728 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
----------
Key: RegSrvc
ImagePath: C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\RegSrvc.exe
122950 bytes
Created: 02/10/2004
Modified: 02/10/2004
Company: Intel Corporation
----------
Key: S24EventMonitor
ImagePath: C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\S24EvMon.exe
286787 bytes
Created: 02/10/2004
Modified: 02/10/2004
Company: Intel Corporation
----------
Key: s24trans
ImagePath: system32\DRIVERS\s24trans.sys
C:\WINDOWS\system32\DRIVERS\s24trans.sys
11258 bytes
Created: 02/06/2004
Modified: 02/06/2004
Company: Intel Corporation
----------
Key: S3SSavage
ImagePath: System32\DRIVERS\s3ssavm.sys
C:\WINDOWS\System32\DRIVERS\s3ssavm.sys
95104 bytes
Created: 01/01/1980
Modified: 01/11/2001
Company: S3 Graphics, Inc.
----------
Key: Secdrv
ImagePath: System32\DRIVERS\secdrv.sys
C:\WINDOWS\System32\DRIVERS\secdrv.sys
27440 bytes
Created: 01/01/1980
Modified: 26/03/2002
Company:
----------
Key: Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: Microsoft Corporation
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
266880 bytes
Created: 01/01/1980
Modified: 23/06/2004
Company: Analog Devices, Inc.
----------
Key: sscdbhk5
ImagePath: system32\drivers\sscdbhk5.sys
C:\WINDOWS\system32\drivers\sscdbhk5.sys
5627 bytes
Created: 09/01/2005
Modified: 14/07/2004
Company: Sonic Solutions
----------
Key: ssmdrv
ImagePath: system32\DRIVERS\ssmdrv.sys
C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
28352 bytes
Created: 14/11/2008
Modified: 01/03/2007
Company: Avira GmbH
----------
Key: ssrtln
ImagePath: system32\drivers\ssrtln.sys
C:\WINDOWS\system32\drivers\ssrtln.sys
23545 bytes
Created: 09/01/2005
Modified: 14/07/2004
Company: Sonic Solutions
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{69028B13-1FD8-4FAF-B7D8-040A91642270}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9341 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company:
----------
Key: tfsnboio
ImagePath: system32\dla\tfsnboio.sys
C:\WINDOWS\system32\dla\tfsnboio.sys
25723 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsncofs
ImagePath: system32\dla\tfsncofs.sys
C:\WINDOWS\system32\dla\tfsncofs.sys
34843 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsndrct
ImagePath: system32\dla\tfsndrct.sys
C:\WINDOWS\system32\dla\tfsndrct.sys
4123 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsndres
ImagePath: system32\dla\tfsndres.sys
C:\WINDOWS\system32\dla\tfsndres.sys
2271 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnifs
ImagePath: system32\dla\tfsnifs.sys
C:\WINDOWS\system32\dla\tfsnifs.sys
86202 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnopio
ImagePath: system32\dla\tfsnopio.sys
C:\WINDOWS\system32\dla\tfsnopio.sys
14715 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnpool
ImagePath: system32\dla\tfsnpool.sys
C:\WINDOWS\system32\dla\tfsnpool.sys
6363 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnudf
ImagePath: system32\dla\tfsnudf.sys
C:\WINDOWS\system32\dla\tfsnudf.sys
98714 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnudfa
ImagePath: system32\dla\tfsnudfa.sys
C:\WINDOWS\system32\dla\tfsnudfa.sys
100603 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: Tp4Track
ImagePath: System32\DRIVERS\tp4track.sys
C:\WINDOWS\System32\DRIVERS\tp4track.sys
13904 bytes
Created: 01/01/1980
Modified: 13/11/2003
Company: IBM Corporation
----------
Key: TpKmpSVC
ImagePath: C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpKmpSVC.exe
32768 bytes
Created: 09/01/2005
Modified: 12/07/2003
Company:
----------
Key: TPPWR
ImagePath: System32\drivers\Tppwr.sys
C:\WINDOWS\System32\drivers\Tppwr.sys
16384 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: IBM Corp.
----------
Key: TSMAPIP
ImagePath: System32\drivers\TSMAPIP.SYS
C:\WINDOWS\System32\drivers\TSMAPIP.SYS
7168 bytes
Created: 09/01/2005
Modified: 15/07/2004
Company:
----------
Key: TwoTrack
ImagePath: System32\DRIVERS\TwoTrack.sys
C:\WINDOWS\System32\DRIVERS\TwoTrack.sys
11520 bytes
Created: 25/02/2003
Modified: 18/08/2001
Company: IBM Corporation
----------
Key: w22n51
ImagePath: System32\DRIVERS\w22n51.sys
C:\WINDOWS\System32\DRIVERS\w22n51.sys
3151232 bytes
Created: 01/01/1980
Modified: 30/08/2004
Company: Intel® Corporation
----------
************************************************************
17:51:01: Scanning -----VXD ENTRIES-----
************************************************************
17:51:01: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
344064 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
----------
Key : QConGina
DLLName: QConGina.dll
C:\WINDOWS\system32\QConGina.dll
258048 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
----------
************************************************************
17:51:01: Scanning ----- CONTEXTMENUHANDLERS -----
Key: ClamWin
CLSID: {65713842-C410-4f44-8383-BFE01A398C90}
Path: C:\Program Files\ClamWin\bin\ExpShell.dll
C:\Program Files\ClamWin\bin\ExpShell.dll
81920 bytes
Created: 18/11/2007
Modified: 19/04/2008
Company:
----------
Key: Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
65793 bytes
Created: 14/11/2008
Modified: 12/06/2008
Company: Avira GmbH
----------
Key: ShellExtension
CLSID: [empty]
----------
************************************************************
17:51:01: Scanning ----- FOLDER\COLUMNHANDLERS -----
************************************************************
17:51:01: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
440384 bytes
Created: 09/03/2007
Modified: 26/10/2006
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
63128 bytes
Created: 12/01/2006
Modified: 12/01/2006
Company: Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
1122128 bytes
Created: 18/11/2007
Modified: 31/08/2007
Company: Safer Networking Limited
----------
Key: {5CA3D70E-1895-11CF-8E15-001234567890}
BHO: C:\WINDOWS\system32\dla\tfswshx.dll
C:\WINDOWS\system32\dla\tfswshx.dll
118842 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 01/08/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
----------
************************************************************
17:51:01: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------
************************************************************
17:51:02: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
17:51:02: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
17:51:02: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
17:51:02: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
17:51:02: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 25/02/2003
Modified: 25/02/2003
Company:
--------------------
C:\Program Files\Digital Line Detect\DLG.exe
24576 bytes
Created: 09/01/2005
Modified: 29/10/2003
Company: BVRP Software
Digital Line Detect.lnk - links to C:\Program Files\Digital Line Detect\DLG.exe
--------------------
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
29696 bytes
Created: 23/09/2005
Modified: 23/09/2005
Company: Adobe Systems Incorporated
Lancement rapide d'Adobe Reader.lnk - links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
17:51:02: Scanning ----- SCHEDULED TASKS -----
Taskname: BMMTask.job
File: C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
28672 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company:
Parameters: [blank]
Next Run Time: Never
Status: La tâche ne sera pas exécutée à l'heure prévue car elle a été désactivée
Creator: Administrateur
Comments: [blank]
----------
************************************************************
17:51:02: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
17:51:02: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Célia Ukkola\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Célia Ukkola\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 07/08/2005
Modified: 17/11/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Célia Ukkola\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 07/08/2005
Modified: 17/11/2008
Company:
----------
Additional checks completed
************************************************************
17:51:03: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\System32\ibmpmsvc.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\S24EvMon.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe - file already scanned
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe - file already scanned
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - file already scanned
--------------------
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\TpKmpSVC.exe - file already scanned
--------------------
C:\Program Files\Canon\CAL\CALMAIN.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\system32\igfxtray.exe - file already scanned
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
--------------------
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe - file already scanned
--------------------
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe - file already scanned
--------------------
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
--------------------
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
--------------------
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe - file already scanned
--------------------
C:\IBMTOOLS\UTILS\ibmprc.exe - file already scanned
--------------------
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE - file already scanned
--------------------
C:\WINDOWS\system32\RunDll32.exe
--------------------
C:\WINDOWS\system32\rundll32.exe
--------------------
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe - file already scanned
--------------------
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe - file already scanned
--------------------
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe - file already scanned
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Digital Line Detect\DLG.exe
--------------------
C:\WINDOWS\system32\1XConfig.exe
--------------------
C:\WINDOWS\system32\wuauclt.exe
--------------------
C:\Documents and Settings\Célia Ukkola\Application Data\Simply Super Software\Trojan Remover\sdu27.exe
FileSize: 2618232
[This is a Trojan Remover component]
--------------------
--------------------
************************************************************
17:51:06: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
17:51:06: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
17:51:06: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
WWW.GOOGLE.FR
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl
************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 17:51:06 17 nov. 2008
Total Scan time: 00:00:42
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
17/11/2008 17:51:09: restart commenced
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.3.2550. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 12:15:11 16 nov. 2008
Using Database v7178
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Célia Ukkola\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Célia Ukkola\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
[Alerts will be shown on Malware files AND files not found]
************************************************************
PC appears to be in SAFE MODE.
************************************************************
************************************************************
12:15:11: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
12:15:12: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
12:15:12: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
12:15:12: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 01/01/1980
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: S3TRAY2
Value Data: S3Tray2.exe
C:\WINDOWS\system32\S3Tray2.exe
69632 bytes
Created: 01/01/1980
Modified: 12/10/2001
Company: S3 Graphics, Inc.
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
118784 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
897024 bytes
Created: 09/01/2005
Modified: 05/02/2004
Company: IBM Corp.
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created: 01/01/1980
Modified: 07/08/2004
Company:
--------------------
Value Name: EZEJMNAP
Value Data: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
208896 bytes
Created: 09/01/2005
Modified: 25/12/2003
Company: IBM Corp.
--------------------
Value Name: UC_Start
Value Data: C:\Program Files\IBM\Updater\\ucstartup.exe
C:\Program Files\IBM\Updater\\ucstartup.exe
36864 bytes
Created: 25/06/2004
Modified: 25/06/2004
Company:
--------------------
Value Name: UpdateManager
Value Data: "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
110592 bytes
Created: 19/08/2003
Modified: 19/08/2003
Company: Sonic Solutions
--------------------
Value Name: ibmmessages
Value Data: C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
442368 bytes
Created: 06/08/2004
Modified: 06/08/2004
Company: IBM
--------------------
Value Name: IBMPRC
Value Data: C:\IBMTOOLS\UTILS\ibmprc.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
90112 bytes
Created: 19/03/2004
Modified: 19/03/2004
Company: IBM Corp.
--------------------
Value Name: QCWLICON
Value Data: C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
81920 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
--------------------
Value Name: BMMGAG
Value Data: RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
110592 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: IBM Corp.
--------------------
Value Name: BMMLREF
Value Data: C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
20480 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company:
--------------------
Value Name: BMMMONWND
Value Data: rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll
397824 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: IBM Corp.
--------------------
Value Name: TkBellExe
Value Data: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
151597 bytes
Created: 13/03/2006
Modified: 13/03/2006
Company: RealNetworks, Inc.
--------------------
Value Name: LXCFCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll
73728 bytes
Created: 20/07/2005
Modified: 20/07/2005
Company:
--------------------
Value Name: ClamWin
Value Data: "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
C:\Program Files\ClamWin\bin\ClamTray.exe
86016 bytes
Created: 18/11/2007
Modified: 05/09/2008
Company: alch
--------------------
Value Name: QCTray
Value Data: C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
708608 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 01/08/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
--------------------
Value Name: !AVG Anti-Spyware
Value Data: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
6731312 bytes
Created: 11/06/2007
Modified: 11/06/2007
Company: GRISOFT s.r.o.
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
266497 bytes
Created: 14/11/2008
Modified: 12/06/2008
Company: Avira GmbH
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
968072 bytes
Created: 05/11/2008
Modified: 25/10/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: wextract_cleanup0
Value Data: rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\CLIAUK~1\LOCALS~1\Temp\IXP000.TMP\"
C:\WINDOWS\system32\advpack.dll
124928 bytes
Created: 01/01/1980
Modified: 26/08/2008
Company: Microsoft Corporation
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Value Name: ibmmessages
Value Data: C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
442368 bytes
Created: 06/08/2004
Modified: 06/08/2004
Company: IBM
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1460560 bytes
Created: 18/11/2007
Modified: 31/08/2007
Company: Safer Networking Limited
--------------------
Value Name: ClamWin
Value Data: "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
C:\Program Files\ClamWin\bin\ClamTray.exe
86016 bytes
Created: 18/11/2007
Modified: 05/09/2008
Company: alch
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
12:15:20: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
79408 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------
************************************************************
12:15:20: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
12:15:21: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
12:15:21: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company:
----------
************************************************************
12:15:21: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 25/02/2003
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: NWCWorkstation
Path: %SystemRoot%\System32\nwwks.dll
C:\WINDOWS\System32\nwwks.dll
65536 bytes
Created: 01/01/1980
Modified: 13/10/2006
Company: Microsoft Corporation
--------------------
************************************************************
12:15:24: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ADILOADER
ImagePath: System32\Drivers\adildr.sys
C:\WINDOWS\System32\Drivers\adildr.sys
46455 bytes
Created: 29/07/2005
Modified: 25/03/2003
Company: Analog Deivces
----------
Key: adiusbaw
ImagePath: system32\DRIVERS\adiusbaw.sys
C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
127145 bytes
Created: 29/07/2005
Modified: 27/03/2003
Company: Analog Devices Inc.
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
116176 bytes
Created: 01/01/1980
Modified: 07/04/2004
Company: Andrea Electronics Corporation
----------
Key: AegisP
ImagePath: system32\DRIVERS\AegisP.sys
C:\WINDOWS\system32\DRIVERS\AegisP.sys
16110 bytes
Created: 09/01/2005
Modified: 09/01/2005
Company: Meetinghouse Data Communications
----------
Key: ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
68865 bytes
Created: 14/11/2008
Modified: 15/10/2008
Company: Avira GmbH
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
151297 bytes
Created: 14/11/2008
Modified: 15/10/2008
Company: Avira GmbH
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
32768 bytes
Created: 15/07/2004
Modified: 15/07/2004
Company: Microsoft Corporation
----------
Key:
***** THE SYSTEM HAS BEEN RESTARTED *****
17/11/2008 17:53:30: Trojan Remover has been restarted
=======================================================
Deleting the following registry value(s):
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\[wextract_cleanup0] - already deleted
=======================================================
Unable to rename C:\WINDOWS\system32\advpack.dll to C:\WINDOWS\system32\advpack.dll.vir
(C:\WINDOWS\system32\advpack.dll does not appear to exist)
17/11/2008 17:53:30: Trojan Remover closed
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.3.2550. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 17:50:23 17 nov. 2008
Using Database v7178
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Célia Ukkola\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Célia Ukkola\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
[Alerts will be shown on Malware files AND files not found]
************************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Spyware
Avira AntiVir
************************************************************
************************************************************
17:50:23: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
17:50:23: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
17:50:23: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
17:50:24: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 01/01/1980
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: S3TRAY2
Value Data: S3Tray2.exe
C:\WINDOWS\system32\S3Tray2.exe
69632 bytes
Created: 01/01/1980
Modified: 12/10/2001
Company: S3 Graphics, Inc.
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
118784 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
897024 bytes
Created: 09/01/2005
Modified: 05/02/2004
Company: IBM Corp.
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created: 01/01/1980
Modified: 07/08/2004
Company:
--------------------
Value Name: EZEJMNAP
Value Data: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
208896 bytes
Created: 09/01/2005
Modified: 25/12/2003
Company: IBM Corp.
--------------------
Value Name: UC_Start
Value Data: C:\Program Files\IBM\Updater\\ucstartup.exe
C:\Program Files\IBM\Updater\\ucstartup.exe
36864 bytes
Created: 25/06/2004
Modified: 25/06/2004
Company:
--------------------
Value Name: UpdateManager
Value Data: "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
110592 bytes
Created: 19/08/2003
Modified: 19/08/2003
Company: Sonic Solutions
--------------------
Value Name: ibmmessages
Value Data: C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
442368 bytes
Created: 06/08/2004
Modified: 06/08/2004
Company: IBM
--------------------
Value Name: IBMPRC
Value Data: C:\IBMTOOLS\UTILS\ibmprc.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
90112 bytes
Created: 19/03/2004
Modified: 19/03/2004
Company: IBM Corp.
--------------------
Value Name: QCWLICON
Value Data: C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
81920 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
--------------------
Value Name: BMMGAG
Value Data: RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
110592 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: IBM Corp.
--------------------
Value Name: BMMLREF
Value Data: C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
20480 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company:
--------------------
Value Name: BMMMONWND
Value Data: rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll
397824 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: IBM Corp.
--------------------
Value Name: TkBellExe
Value Data: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
151597 bytes
Created: 13/03/2006
Modified: 13/03/2006
Company: RealNetworks, Inc.
--------------------
Value Name: LXCFCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll
73728 bytes
Created: 20/07/2005
Modified: 20/07/2005
Company:
--------------------
Value Name: ClamWin
Value Data: "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
C:\Program Files\ClamWin\bin\ClamTray.exe
86016 bytes
Created: 18/11/2007
Modified: 05/09/2008
Company: alch
--------------------
Value Name: QCTray
Value Data: C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
708608 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 01/08/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
--------------------
Value Name: !AVG Anti-Spyware
Value Data: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
6731312 bytes
Created: 11/06/2007
Modified: 11/06/2007
Company: GRISOFT s.r.o.
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
266497 bytes
Created: 14/11/2008
Modified: 12/06/2008
Company: Avira GmbH
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
968072 bytes
Created: 05/11/2008
Modified: 25/10/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: wextract_cleanup0
Value Data: rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\CLIAUK~1\LOCALS~1\Temp\IXP000.TMP\"
C:\WINDOWS\system32\advpack.dll - unable to take ownership/change permissions
C:\WINDOWS\system32\advpack.dll - this reference has been removed
C:\WINDOWS\system32\advpack.dll - marked for renaming when the PC is restarted (if it exists)
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Value Name: ibmmessages
Value Data: C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
442368 bytes
Created: 06/08/2004
Modified: 06/08/2004
Company: IBM
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1460560 bytes
Created: 18/11/2007
Modified: 31/08/2007
Company: Safer Networking Limited
--------------------
Value Name: ClamWin
Value Data: "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
C:\Program Files\ClamWin\bin\ClamTray.exe
86016 bytes
Created: 18/11/2007
Modified: 05/09/2008
Company: alch
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
17:50:49: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
79408 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------
************************************************************
17:50:49: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
17:50:49: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
17:50:49: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company:
----------
************************************************************
17:50:50: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 25/02/2003
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: NWCWorkstation
Path: %SystemRoot%\System32\nwwks.dll
C:\WINDOWS\System32\nwwks.dll
65536 bytes
Created: 01/01/1980
Modified: 13/10/2006
Company: Microsoft Corporation
--------------------
************************************************************
17:50:50: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ADILOADER
ImagePath: System32\Drivers\adildr.sys
C:\WINDOWS\System32\Drivers\adildr.sys
46455 bytes
Created: 29/07/2005
Modified: 25/03/2003
Company: Analog Deivces
----------
Key: adiusbaw
ImagePath: system32\DRIVERS\adiusbaw.sys
C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
127145 bytes
Created: 29/07/2005
Modified: 27/03/2003
Company: Analog Devices Inc.
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
116176 bytes
Created: 01/01/1980
Modified: 07/04/2004
Company: Andrea Electronics Corporation
----------
Key: AegisP
ImagePath: system32\DRIVERS\AegisP.sys
C:\WINDOWS\system32\DRIVERS\AegisP.sys
16110 bytes
Created: 09/01/2005
Modified: 09/01/2005
Company: Meetinghouse Data Communications
----------
Key: ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
68865 bytes
Created: 14/11/2008
Modified: 15/10/2008
Company: Avira GmbH
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
151297 bytes
Created: 14/11/2008
Modified: 15/10/2008
Company: Avira GmbH
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
32768 bytes
Created: 15/07/2004
Modified: 15/07/2004
Company: Microsoft Corporation
----------
Key: AVG Anti-Spyware Driver
ImagePath: \??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys
11000 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company:
----------
Key: AVG Anti-Spyware Guard
ImagePath: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
312880 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------
Key: AvgAsCln
ImagePath: System32\DRIVERS\AvgAsCln.sys
C:\WINDOWS\System32\DRIVERS\AvgAsCln.sys
10872 bytes
Created: 29/09/2008
Modified: 30/05/2007
Company: GRISOFT, s.r.o.
----------
Key: avgio
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys
11840 bytes
Created: 14/11/2008
Modified: 27/02/2007
Company: Avira GmbH
----------
Key: avgntflt
ImagePath: \??\C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys
52032 bytes
Created: 14/11/2008
Modified: 20/05/2008
Company: Avira GmbH
----------
Key: avipbb
ImagePath: system32\DRIVERS\avipbb.sys
C:\WINDOWS\system32\DRIVERS\avipbb.sys
75072 bytes
Created: 14/11/2008
Modified: 14/11/2008
Company: Avira GmbH
----------
Key: catchme
ImagePath: \??\C:\ComboFix\catchme.sys - this file is globally excluded
----------
Key: CCALib8
ImagePath: C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
96341 bytes
Created: 30/09/2005
Modified: 30/09/2005
Company: Canon Inc.
----------
Key: drvmcdb
ImagePath: system32\drivers\drvmcdb.sys
C:\WINDOWS\system32\drivers\drvmcdb.sys
87168 bytes
Created: 09/01/2005
Modified: 17/08/2004
Company: Sonic Solutions
----------
Key: drvnddm
ImagePath: system32\drivers\drvnddm.sys
C:\WINDOWS\system32\drivers\drvnddm.sys
40448 bytes
Created: 09/01/2005
Modified: 14/07/2004
Company: Sonic Solutions
----------
Key: fbxusb
ImagePath: system32\DRIVERS\fbxusb32.sys
C:\WINDOWS\system32\DRIVERS\fbxusb32.sys
21344 bytes
Created: 20/10/2004
Modified: 20/10/2004
Company: FreeBox SA
----------
Key: HSFHWICH
ImagePath: system32\DRIVERS\HSFHWICH.sys
C:\WINDOWS\system32\DRIVERS\HSFHWICH.sys
197888 bytes
Created: 01/01/1980
Modified: 22/07/2004
Company: Conexant Systems, Inc.
----------
Key: ialm
ImagePath: System32\DRIVERS\ialmnt5.sys
C:\WINDOWS\System32\DRIVERS\ialmnt5.sys
724989 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
----------
Key: IBM Rapid Restore Ultra Service
ImagePath: "C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe"
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe
339968 bytes
Created: 19/03/2004
Modified: 19/03/2004
Company:
----------
Key: ibmfilter
ImagePath: \??\C:\WINDOWS\system32\drivers\ibmfilter.sys
C:\WINDOWS\system32\drivers\ibmfilter.sys
64256 bytes
Created: 24/09/2004
Modified: 24/09/2004
Company: IBM
----------
Key: IBMPMDRV
ImagePath: System32\DRIVERS\ibmpmdrv.sys
C:\WINDOWS\System32\DRIVERS\ibmpmdrv.sys
11344 bytes
Created: 01/01/1980
Modified: 26/02/2004
Company: IBM Corp.
----------
Key: IBMPMSVC
ImagePath: %SystemRoot%\System32\ibmpmsvc.exe
C:\WINDOWS\System32\ibmpmsvc.exe
57344 bytes
Created: 01/01/1980
Modified: 26/02/2004
Company:
----------
Key: IBMTPCHK
ImagePath: System32\drivers\IBMBLDID.SYS
C:\WINDOWS\System32\drivers\IBMBLDID.SYS
2432 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company:
----------
Key: ImapiService
ImagePath: %systemroot%\system32\imapi.exe
C:\WINDOWS\system32\imapi.exe
150016 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: LucentSoftModem
ImagePath: System32\DRIVERS\LTSM.sys
C:\WINDOWS\System32\DRIVERS\LTSM.sys
802683 bytes
Created: 25/02/2003
Modified: 18/08/2001
Company: Lucent Technologies
----------
Key: lxcf_device
ImagePath: C:\WINDOWS\system32\lxcfcoms.exe -service
C:\WINDOWS\system32\lxcfcoms.exe
491520 bytes
Created: 25/07/2005
Modified: 25/07/2005
Company:
----------
Key: MDM
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
322120 bytes
Created: 19/06/2003
Modified: 19/06/2003
Company: Microsoft Corporation
----------
Key: NSCIRDA
ImagePath: System32\DRIVERS\nscirda.sys
C:\WINDOWS\System32\DRIVERS\nscirda.sys
28672 bytes
Created: 25/02/2003
Modified: 04/08/2004
Company: National Semiconductor Corporation
----------
Key: NwlnkIpx
ImagePath: system32\DRIVERS\nwlnkipx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys
88448 bytes
Created: 01/01/1980
Modified: 04/08/2004
Company: Microsoft Corporation
----------
Key: NwlnkNb
ImagePath: system32\DRIVERS\nwlnknb.sys
C:\WINDOWS\system32\DRIVERS\nwlnknb.sys
63232 bytes
Created: 01/01/1980
Modified: 28/08/2001
Company: Microsoft Corporation
----------
Key: NwlnkSpx
ImagePath: system32\DRIVERS\nwlnkspx.sys
C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys
55936 bytes
Created: 01/01/1980
Modified: 28/08/2001
Company: Microsoft Corporation
----------
Key: NWRDR
ImagePath: system32\DRIVERS\nwrdr.sys
C:\WINDOWS\system32\DRIVERS\nwrdr.sys
163584 bytes
Created: 01/01/1980
Modified: 13/10/2006
Company: Microsoft Corporation
----------
Key: ose
ImagePath: "C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE"
C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE
89136 bytes
Created: 28/07/2003
Modified: 28/07/2003
Company: Microsoft Corporation
----------
Key: PCANDIS5
ImagePath: \??\C:\WINDOWS\system32\PCANDIS5.SYS
C:\WINDOWS\system32\PCANDIS5.SYS
17134 bytes
Created: 20/09/2002
Modified: 20/09/2002
Company: Printing Communications Assoc., Inc. (PCAUSA)
----------
Key: PMEM
ImagePath: \??\C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
C:\WINDOWS\SYSTEM32\Drivers\PMEMNT.SYS
7012 bytes
Created: 01/06/2000
Modified: 01/06/2000
Company: Microsoft Corporation
----------
Key: psadd
ImagePath: \??\C:\WINDOWS\system32\Drivers\psadd.sys
C:\WINDOWS\system32\Drivers\psadd.sys
13312 bytes
Created: 09/01/2005
Modified: 09/01/2005
Company: Windows (R) 2000 DDK provider
----------
Key: QCNDISIF
ImagePath: System32\drivers\qcndisif.SYS
C:\WINDOWS\System32\drivers\qcndisif.SYS
12288 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corporation.
----------
Key: QCONSVC
ImagePath: System32\QCONSVC.EXE
C:\WINDOWS\System32\QCONSVC.EXE
73728 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
----------
Key: RegSrvc
ImagePath: C:\WINDOWS\system32\RegSrvc.exe
C:\WINDOWS\system32\RegSrvc.exe
122950 bytes
Created: 02/10/2004
Modified: 02/10/2004
Company: Intel Corporation
----------
Key: S24EventMonitor
ImagePath: C:\WINDOWS\system32\S24EvMon.exe
C:\WINDOWS\system32\S24EvMon.exe
286787 bytes
Created: 02/10/2004
Modified: 02/10/2004
Company: Intel Corporation
----------
Key: s24trans
ImagePath: system32\DRIVERS\s24trans.sys
C:\WINDOWS\system32\DRIVERS\s24trans.sys
11258 bytes
Created: 02/06/2004
Modified: 02/06/2004
Company: Intel Corporation
----------
Key: S3SSavage
ImagePath: System32\DRIVERS\s3ssavm.sys
C:\WINDOWS\System32\DRIVERS\s3ssavm.sys
95104 bytes
Created: 01/01/1980
Modified: 01/11/2001
Company: S3 Graphics, Inc.
----------
Key: Secdrv
ImagePath: System32\DRIVERS\secdrv.sys
C:\WINDOWS\System32\DRIVERS\secdrv.sys
27440 bytes
Created: 01/01/1980
Modified: 26/03/2002
Company:
----------
Key: Smapint
ImagePath: System32\drivers\Smapint.sys
C:\WINDOWS\System32\drivers\Smapint.sys
14848 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: Microsoft Corporation
----------
Key: smwdm
ImagePath: system32\drivers\smwdm.sys
C:\WINDOWS\system32\drivers\smwdm.sys
266880 bytes
Created: 01/01/1980
Modified: 23/06/2004
Company: Analog Devices, Inc.
----------
Key: sscdbhk5
ImagePath: system32\drivers\sscdbhk5.sys
C:\WINDOWS\system32\drivers\sscdbhk5.sys
5627 bytes
Created: 09/01/2005
Modified: 14/07/2004
Company: Sonic Solutions
----------
Key: ssmdrv
ImagePath: system32\DRIVERS\ssmdrv.sys
C:\WINDOWS\system32\DRIVERS\ssmdrv.sys
28352 bytes
Created: 14/11/2008
Modified: 01/03/2007
Company: Avira GmbH
----------
Key: ssrtln
ImagePath: system32\drivers\ssrtln.sys
C:\WINDOWS\system32\drivers\ssrtln.sys
23545 bytes
Created: 09/01/2005
Modified: 14/07/2004
Company: Sonic Solutions
----------
Key: SwPrv
ImagePath: C:\WINDOWS\System32\dllhost.exe /Processid:{69028B13-1FD8-4FAF-B7D8-040A91642270}
C:\WINDOWS\System32\dllhost.exe
5120 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: TDSMAPI
ImagePath: System32\drivers\TDSMAPI.SYS
C:\WINDOWS\System32\drivers\TDSMAPI.SYS
9341 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company:
----------
Key: tfsnboio
ImagePath: system32\dla\tfsnboio.sys
C:\WINDOWS\system32\dla\tfsnboio.sys
25723 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsncofs
ImagePath: system32\dla\tfsncofs.sys
C:\WINDOWS\system32\dla\tfsncofs.sys
34843 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsndrct
ImagePath: system32\dla\tfsndrct.sys
C:\WINDOWS\system32\dla\tfsndrct.sys
4123 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsndres
ImagePath: system32\dla\tfsndres.sys
C:\WINDOWS\system32\dla\tfsndres.sys
2271 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnifs
ImagePath: system32\dla\tfsnifs.sys
C:\WINDOWS\system32\dla\tfsnifs.sys
86202 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnopio
ImagePath: system32\dla\tfsnopio.sys
C:\WINDOWS\system32\dla\tfsnopio.sys
14715 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnpool
ImagePath: system32\dla\tfsnpool.sys
C:\WINDOWS\system32\dla\tfsnpool.sys
6363 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnudf
ImagePath: system32\dla\tfsnudf.sys
C:\WINDOWS\system32\dla\tfsnudf.sys
98714 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: tfsnudfa
ImagePath: system32\dla\tfsnudfa.sys
C:\WINDOWS\system32\dla\tfsnudfa.sys
100603 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: Tp4Track
ImagePath: System32\DRIVERS\tp4track.sys
C:\WINDOWS\System32\DRIVERS\tp4track.sys
13904 bytes
Created: 01/01/1980
Modified: 13/11/2003
Company: IBM Corporation
----------
Key: TpKmpSVC
ImagePath: C:\WINDOWS\system32\TpKmpSVC.exe
C:\WINDOWS\system32\TpKmpSVC.exe
32768 bytes
Created: 09/01/2005
Modified: 12/07/2003
Company:
----------
Key: TPPWR
ImagePath: System32\drivers\Tppwr.sys
C:\WINDOWS\System32\drivers\Tppwr.sys
16384 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: IBM Corp.
----------
Key: TSMAPIP
ImagePath: System32\drivers\TSMAPIP.SYS
C:\WINDOWS\System32\drivers\TSMAPIP.SYS
7168 bytes
Created: 09/01/2005
Modified: 15/07/2004
Company:
----------
Key: TwoTrack
ImagePath: System32\DRIVERS\TwoTrack.sys
C:\WINDOWS\System32\DRIVERS\TwoTrack.sys
11520 bytes
Created: 25/02/2003
Modified: 18/08/2001
Company: IBM Corporation
----------
Key: w22n51
ImagePath: System32\DRIVERS\w22n51.sys
C:\WINDOWS\System32\DRIVERS\w22n51.sys
3151232 bytes
Created: 01/01/1980
Modified: 30/08/2004
Company: Intel® Corporation
----------
************************************************************
17:51:01: Scanning -----VXD ENTRIES-----
************************************************************
17:51:01: Scanning ----- WINLOGON\NOTIFY DLLS -----
Key : igfxcui
DLLName: igfxsrvc.dll
C:\WINDOWS\system32\igfxsrvc.dll
344064 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
----------
Key : QConGina
DLLName: QConGina.dll
C:\WINDOWS\system32\QConGina.dll
258048 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
----------
************************************************************
17:51:01: Scanning ----- CONTEXTMENUHANDLERS -----
Key: ClamWin
CLSID: {65713842-C410-4f44-8383-BFE01A398C90}
Path: C:\Program Files\ClamWin\bin\ExpShell.dll
C:\Program Files\ClamWin\bin\ExpShell.dll
81920 bytes
Created: 18/11/2007
Modified: 19/04/2008
Company:
----------
Key: Shell Extension for Malware scanning
CLSID: {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
Path: C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
C:\Program Files\Avira\AntiVir PersonalEdition Classic\shlext.dll
65793 bytes
Created: 14/11/2008
Modified: 12/06/2008
Company: Avira GmbH
----------
Key: ShellExtension
CLSID: [empty]
----------
************************************************************
17:51:01: Scanning ----- FOLDER\COLUMNHANDLERS -----
************************************************************
17:51:01: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {02478D38-C3F9-4EFB-9B51-7695ECA05670}
BHO: C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
440384 bytes
Created: 09/03/2007
Modified: 26/10/2006
Company: Yahoo! Inc.
----------
Key: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
BHO: C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
63128 bytes
Created: 12/01/2006
Modified: 12/01/2006
Company: Adobe Systems Incorporated
----------
Key: {53707962-6F74-2D53-2644-206D7942484F}
BHO: C:\PROGRA~1\SPYBOT~1\SDHelper.dll
C:\PROGRA~1\SPYBOT~1\SDHelper.dll
1122128 bytes
Created: 18/11/2007
Modified: 31/08/2007
Company: Safer Networking Limited
----------
Key: {5CA3D70E-1895-11CF-8E15-001234567890}
BHO: C:\WINDOWS\system32\dla\tfswshx.dll
C:\WINDOWS\system32\dla\tfswshx.dll
118842 bytes
Created: 09/01/2005
Modified: 02/09/2004
Company: Sonic Solutions
----------
Key: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
BHO: C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
509328 bytes
Created: 01/08/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
----------
************************************************************
17:51:01: Scanning ----- SHELLSERVICEOBJECTS -----
Key: SysTray
CLSID: {35CEC8A3-2BE6-11D2-8773-92E220524153}
Path: %systemroot%\system32\stobject.dll
C:\WINDOWS\system32\stobject.dll
122368 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
Key: WPDShServiceObj
CLSID: {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
Path: C:\WINDOWS\system32\WPDShServiceObj.dll
C:\WINDOWS\system32\WPDShServiceObj.dll
133632 bytes
Created: 18/10/2006
Modified: 18/10/2006
Company: Microsoft Corporation
----------
************************************************************
17:51:02: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
************************************************************
17:51:02: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
************************************************************
17:51:02: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
************************************************************
17:51:02: Scanning ----- SECURITY PROVIDER DLLS -----
************************************************************
17:51:02: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 25/02/2003
Modified: 25/02/2003
Company:
--------------------
C:\Program Files\Digital Line Detect\DLG.exe
24576 bytes
Created: 09/01/2005
Modified: 29/10/2003
Company: BVRP Software
Digital Line Detect.lnk - links to C:\Program Files\Digital Line Detect\DLG.exe
--------------------
C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
29696 bytes
Created: 23/09/2005
Modified: 23/09/2005
Company: Adobe Systems Incorporated
Lancement rapide d'Adobe Reader.lnk - links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
--------------------
************************************************************
No User Startup Groups were located to check
************************************************************
17:51:02: Scanning ----- SCHEDULED TASKS -----
Taskname: BMMTask.job
File: C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
C:\PROGRA~1\ThinkPad\UTILIT~1\BMMTASK.EXE
28672 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company:
Parameters: [blank]
Next Run Time: Never
Status: La tâche ne sera pas exécutée à l'heure prévue car elle a été désactivée
Creator: Administrateur
Comments: [blank]
----------
************************************************************
17:51:02: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
************************************************************
17:51:02: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\Célia Ukkola\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Célia Ukkola\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 07/08/2005
Modified: 17/11/2008
Company:
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\Célia Ukkola\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
1440054 bytes
Created: 07/08/2005
Modified: 17/11/2008
Company:
----------
Additional checks completed
************************************************************
17:51:03: Scanning ----- RUNNING PROCESSES -----
C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\System32\ibmpmsvc.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\S24EvMon.exe - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe - file already scanned
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe - file already scanned
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - file already scanned
--------------------
C:\Program Files\IBM\IBM Rapid Restore Ultra\rrpcsb.exe - file already scanned
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE - file already scanned
--------------------
C:\WINDOWS\System32\svchost.exe - file already scanned
--------------------
C:\WINDOWS\Explorer.EXE - file already scanned
--------------------
C:\WINDOWS\system32\TpKmpSVC.exe - file already scanned
--------------------
C:\Program Files\Canon\CAL\CALMAIN.exe - file already scanned
--------------------
C:\WINDOWS\System32\alg.exe
--------------------
C:\WINDOWS\system32\igfxtray.exe - file already scanned
--------------------
C:\WINDOWS\system32\hkcmd.exe - file already scanned
--------------------
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe - file already scanned
--------------------
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe - file already scanned
--------------------
C:\Program Files\ThinkPad\PkgMgr\HOTKEY\TPONSCR.exe
--------------------
C:\Program Files\ThinkPad\PkgMgr\HOTKEY_1\TpScrex.exe
--------------------
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe - file already scanned
--------------------
C:\IBMTOOLS\UTILS\ibmprc.exe - file already scanned
--------------------
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE - file already scanned
--------------------
C:\WINDOWS\system32\RunDll32.exe
--------------------
C:\WINDOWS\system32\rundll32.exe
--------------------
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe - file already scanned
--------------------
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe - file already scanned
--------------------
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe - file already scanned
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe - file already scanned
--------------------
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe - file already scanned
--------------------
C:\WINDOWS\system32\ctfmon.exe - file already scanned
--------------------
C:\Program Files\Digital Line Detect\DLG.exe
--------------------
C:\WINDOWS\system32\1XConfig.exe
--------------------
C:\WINDOWS\system32\wuauclt.exe
--------------------
C:\Documents and Settings\Célia Ukkola\Application Data\Simply Super Software\Trojan Remover\sdu27.exe
FileSize: 2618232
[This is a Trojan Remover component]
--------------------
--------------------
************************************************************
17:51:06: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file
************************************************************
17:51:06: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
************************************************************
17:51:06: Checking HOSTS file
No malicious entries were found in the HOSTS file
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
https://www.msn.com/fr-fr/?ocid=iehp
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
WWW.GOOGLE.FR
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
https://www.google.com/?gws_rd=ssl
************************************************************
=== CHANGES WERE MADE TO THE WINDOWS REGISTRY ===
Scan completed at: 17:51:06 17 nov. 2008
Total Scan time: 00:00:42
-------------------------------------------------------------------------
One or more files could not be moved or renamed as requested.
They may be in use by Windows, so Trojan Remover needs
to restart the system in order to deal with these files.
17/11/2008 17:51:09: restart commenced
************************************************************
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.7.3.2550. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 12:15:11 16 nov. 2008
Using Database v7178
Operating System: Windows XP SP2 [Windows XP Professional Service Pack 2 (Build 2600)]
File System: NTFS
Data directory: C:\Documents and Settings\Célia Ukkola\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Program Files\Trojan Remover\
Logfile directory: C:\Documents and Settings\Célia Ukkola\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges
[Alerts will be shown on Malware files AND files not found]
************************************************************
PC appears to be in SAFE MODE.
************************************************************
************************************************************
12:15:11: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS
************************************************************
12:15:12: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS
************************************************************
12:15:12: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
************************************************************
12:15:12: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037312 bytes
Created: 01/01/1980
Modified: 13/06/2007
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
25088 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: S3TRAY2
Value Data: S3Tray2.exe
C:\WINDOWS\system32\S3Tray2.exe
69632 bytes
Created: 01/01/1980
Modified: 12/10/2001
Company: S3 Graphics, Inc.
--------------------
Value Name: IgfxTray
Value Data: C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\igfxtray.exe
155648 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
--------------------
Value Name: HotKeysCmds
Value Data: C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\hkcmd.exe
118784 bytes
Created: 01/01/1980
Modified: 30/07/2004
Company: Intel Corporation
--------------------
Value Name: TPKMAPHELPER
Value Data: C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe -helper
C:\Program Files\ThinkPad\Utilities\TpKmapAp.exe
897024 bytes
Created: 09/01/2005
Modified: 05/02/2004
Company: IBM Corp.
--------------------
Value Name: TPHOTKEY
Value Data: C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
C:\PROGRA~1\ThinkPad\PkgMgr\HOTKEY\TPHKMGR.exe
94208 bytes
Created: 01/01/1980
Modified: 07/08/2004
Company:
--------------------
Value Name: EZEJMNAP
Value Data: C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
C:\PROGRA~1\ThinkPad\UTILIT~1\EzEjMnAp.Exe
208896 bytes
Created: 09/01/2005
Modified: 25/12/2003
Company: IBM Corp.
--------------------
Value Name: UC_Start
Value Data: C:\Program Files\IBM\Updater\\ucstartup.exe
C:\Program Files\IBM\Updater\\ucstartup.exe
36864 bytes
Created: 25/06/2004
Modified: 25/06/2004
Company:
--------------------
Value Name: UpdateManager
Value Data: "C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe" /r
C:\Program Files\Fichiers communs\Sonic\Update Manager\sgtray.exe
110592 bytes
Created: 19/08/2003
Modified: 19/08/2003
Company: Sonic Solutions
--------------------
Value Name: ibmmessages
Value Data: C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
C:\Program Files\IBM\Messages By IBM\\ibmmessages.exe
442368 bytes
Created: 06/08/2004
Modified: 06/08/2004
Company: IBM
--------------------
Value Name: IBMPRC
Value Data: C:\IBMTOOLS\UTILS\ibmprc.exe
C:\IBMTOOLS\UTILS\ibmprc.exe
90112 bytes
Created: 19/03/2004
Modified: 19/03/2004
Company: IBM Corp.
--------------------
Value Name: QCWLICON
Value Data: C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
C:\Program Files\ThinkPad\ConnectUtilities\QCWLICON.EXE
81920 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
--------------------
Value Name: BMMGAG
Value Data: RunDll32 C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll,StartPwrMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\pwrmonit.dll
110592 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: IBM Corp.
--------------------
Value Name: BMMLREF
Value Data: C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
C:\Program Files\ThinkPad\Utilities\BMMLREF.EXE
20480 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company:
--------------------
Value Name: BMMMONWND
Value Data: rundll32.exe C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll,BMMAutonomicMonitor
C:\PROGRA~1\ThinkPad\UTILIT~1\BatInfEx.dll
397824 bytes
Created: 09/01/2005
Modified: 29/07/2004
Company: IBM Corp.
--------------------
Value Name: TkBellExe
Value Data: "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
151597 bytes
Created: 13/03/2006
Modified: 13/03/2006
Company: RealNetworks, Inc.
--------------------
Value Name: LXCFCATS
Value Data: rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll,_RunDLLEntry@16
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCFtime.dll
73728 bytes
Created: 20/07/2005
Modified: 20/07/2005
Company:
--------------------
Value Name: ClamWin
Value Data: "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
C:\Program Files\ClamWin\bin\ClamTray.exe
86016 bytes
Created: 18/11/2007
Modified: 05/09/2008
Company: alch
--------------------
Value Name: QCTray
Value Data: C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
C:\PROGRA~1\ThinkPad\CONNEC~1\QCTray.exe
708608 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
144784 bytes
Created: 01/08/2008
Modified: 10/06/2008
Company: Sun Microsystems, Inc.
--------------------
Value Name: !AVG Anti-Spyware
Value Data: "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
6731312 bytes
Created: 11/06/2007
Modified: 11/06/2007
Company: GRISOFT s.r.o.
--------------------
Value Name: avgnt
Value Data: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
266497 bytes
Created: 14/11/2008
Modified: 12/06/2008
Company: Avira GmbH
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
968072 bytes
Created: 05/11/2008
Modified: 25/10/2008
Company: Simply Super Software
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
Value Name: wextract_cleanup0
Value Data: rundll32.exe C:\WINDOWS\system32\advpack.dll,DelNodeRunDLL32 "C:\DOCUME~1\CLIAUK~1\LOCALS~1\Temp\IXP000.TMP\"
C:\WINDOWS\system32\advpack.dll
124928 bytes
Created: 01/01/1980
Modified: 26/08/2008
Company: Microsoft Corporation
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: CTFMON.EXE
Value Data: C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\ctfmon.exe
15360 bytes
Created: 01/01/1980
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Value Name: ibmmessages
Value Data: C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
C:\Program Files\IBM\Messages By IBM\ibmmessages.exe
442368 bytes
Created: 06/08/2004
Modified: 06/08/2004
Company: IBM
--------------------
Value Name: SpybotSD TeaTimer
Value Data: C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
1460560 bytes
Created: 18/11/2007
Modified: 31/08/2007
Company: Safer Networking Limited
--------------------
Value Name: ClamWin
Value Data: "C:\Program Files\ClamWin\bin\ClamTray.exe" --logon
C:\Program Files\ClamWin\bin\ClamTray.exe
86016 bytes
Created: 18/11/2007
Modified: 05/09/2008
Company: alch
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
************************************************************
12:15:20: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
79408 bytes
Created: 30/05/2007
Modified: 30/05/2007
Company: GRISOFT s.r.o.
----------
************************************************************
12:15:20: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
************************************************************
12:15:21: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.
************************************************************
12:15:21: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {6BF52A52-394A-11d3-B153-00C04F79FAA6}
Path: rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\wmp11.inf,PerUserStub
C:\WINDOWS\INF\wmp11.inf
2441 bytes
Created: 03/11/2006
Modified: 03/11/2006
Company:
----------
************************************************************
12:15:21: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: BITS
Path: %systemroot%\system32\qmgr.dll
C:\WINDOWS\system32\qmgr.dll
382464 bytes
Created: 25/02/2003
Modified: 20/08/2004
Company: Microsoft Corporation
--------------------
Key: HidServ
%SystemRoot%\System32\hidserv.dll - file is globally excluded (file cannot be found)
--------------------
Key: NWCWorkstation
Path: %SystemRoot%\System32\nwwks.dll
C:\WINDOWS\System32\nwwks.dll
65536 bytes
Created: 01/01/1980
Modified: 13/10/2006
Company: Microsoft Corporation
--------------------
************************************************************
12:15:24: Scanning ----- SERVICES REGISTRY KEYS -----
Key: ADILOADER
ImagePath: System32\Drivers\adildr.sys
C:\WINDOWS\System32\Drivers\adildr.sys
46455 bytes
Created: 29/07/2005
Modified: 25/03/2003
Company: Analog Deivces
----------
Key: adiusbaw
ImagePath: system32\DRIVERS\adiusbaw.sys
C:\WINDOWS\system32\DRIVERS\adiusbaw.sys
127145 bytes
Created: 29/07/2005
Modified: 27/03/2003
Company: Analog Devices Inc.
----------
Key: aeaudio
ImagePath: system32\drivers\aeaudio.sys
C:\WINDOWS\system32\drivers\aeaudio.sys
116176 bytes
Created: 01/01/1980
Modified: 07/04/2004
Company: Andrea Electronics Corporation
----------
Key: AegisP
ImagePath: system32\DRIVERS\AegisP.sys
C:\WINDOWS\system32\DRIVERS\AegisP.sys
16110 bytes
Created: 09/01/2005
Modified: 09/01/2005
Company: Meetinghouse Data Communications
----------
Key: ANC
ImagePath: System32\drivers\ANC.SYS
C:\WINDOWS\System32\drivers\ANC.SYS
11520 bytes
Created: 09/01/2005
Modified: 18/08/2004
Company: IBM Corp.
----------
Key: AntiVirScheduler
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
68865 bytes
Created: 14/11/2008
Modified: 15/10/2008
Company: Avira GmbH
----------
Key: AntiVirService
ImagePath: "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe"
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
151297 bytes
Created: 14/11/2008
Modified: 15/10/2008
Company: Avira GmbH
----------
Key: aspnet_state
ImagePath: %SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
32768 bytes
Created: 15/07/2004
Modified: 15/07/2004
Company: Microsoft Corporation
----------
Key:
13 nov. 2008 à 21:31
mais le truc c'est que le virus ne me laisse pas telecharger ni acceder aux pages de telechargement des antivirus y'a toujours une erreur et il ne me laisse pas non plus demarrer en mode sans echec!! J'ai essayé plusieurs fois et impossible...
elle est vraiment tenace cette saloperie...