S.O.S. Infecté par win32/Theola. A trojan...

S.O.S. Infecté par win32/Theola. A trojan... - Virus/Spywares - Windows & Software

Marsh Posté le 21-03-2012 à 22:55:45    

Bonsoir, [:caleb2000]  
 
j'aimerai vous demander un coup de pouce car mon pc agit bizarrement depuis qu'il a été infecté par un trojan.
 
mon antivirus m'a signalé ce qui suit:
 
threat found in y memory!
 
object: operating memory services.exe (772)
 
threat: probably a variant of win32/Theola. A trojan
 
info: unable to clean

 
je me suis alors dégoté Trojan Remover et j'ai fait un scan complet avec l'option "rename" sensée renommer le trojan pour le rendre inactif d'après ce que j'ai saisi.
 
Pour ne rien vous cacher il a trouvé un truc que j'ai oublié de noter.  [:biboo_]  
 
Pas serieux du tout ça! Je sais, c'est pas bien!
 
Il me semble qu'il s'agissait d'une autre menace dont il s'est apparament chargé mais Theola (théo là) est toujours là !
 
J'ai au moins pensé à copier le "log" à la fin du scan :
 
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.3.2601. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 18:50:26 18 mars 2012
Using Database v7860
Operating System:  Windows XP Professional (SP3) [Build: 5.1.2600]
File System:       NTFS
UserData directory: C:\Documents and Settings\jo\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Documents and Settings\jo\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges
 
************************************************************
Carrying out scan on ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
(including subdirectories)
Archive files will be EXCLUDED.
The scan will also include files aready renamed by Trojan Remover.
------------------------------
C:\Documents and Settings\jo\Mes documents\Téléchargements\bdl39100-lf\bdl39100-lf\bdl3.9.10.0.exe appears to be in-use/locked
C:\Program Files\ESET\MiNODLogin\MiNODLoginLib.dll appears to be in-use/locked
------------------------------
115659 files scanned
Directory scan complete - no Malware files detected
Scan completed at: 23:53:10 18 mars 2012
Total Scan time: 05:02:43
************************************************************
 
 
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.3.2601. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 18:18:12 18 mars 2012
Using Database v7860
Operating System:  Windows XP Professional (SP3) [Build: 5.1.2600]
File System:       NTFS
UserData directory: C:\Documents and Settings\jo\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Documents and Settings\jo\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges
 
************************************************************
Carrying out scan on ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
(including subdirectories)
Archive files will be INCLUDED.
The scan will also include files aready renamed by Trojan Remover.
------------------------------
------------------------------
Scan stopped by user after 6415 files were checked
No Malware files detected
Scan stopped at: 18/03/2012 18:50:05
Total Scan time: 00:31:52
************************************************************
 
 
***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.3.2601. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 17:51:41 18 mars 2012
Using Database v7860
Operating System:  Windows XP Professional (SP3) [Build: 5.1.2600]
File System:       NTFS
UserData directory: C:\Documents and Settings\jo\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Documents and Settings\jo\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges
 
************************************************************
Carrying out scan on ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
(including subdirectories)
Archive files will be EXCLUDED.
------------------------------
------------------------------
Scan stopped by user after 4823 files were checked
No Malware files detected
Scan stopped at: 18/03/2012 18:16:26
Total Scan time: 00:24:44
************************************************************
 
 
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.3.2601. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 17:43:18 18 mars 2012
Using Database v7860
Operating System:  Windows XP Professional (SP3) [Build: 5.1.2600]
File System:       NTFS
UserData directory: C:\Documents and Settings\jo\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Documents and Settings\jo\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges
 
************************************************************
17:43:18: ----- CHECKING DEFAULT FILE ASSOCIATIONS -----
No modified default file associations detected
 
************************************************************
17:43:18: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
 
************************************************************
17:43:18: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
17676288 bytes
Created:  13/06/2009 04:05
Modified: 17/11/2008 09:08
Company:  Realtek Semiconductor Corp.
--------------------
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
57344 bytes
Created:  13/06/2009 04:05
Modified: 19/06/2008 09:20
Company:  Realtek Semiconductor Corp.
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
C:\Program Files\QuickTime\QTTask.exe
413696 bytes
Created:  06/09/2008 14:09
Modified: 06/09/2008 14:09
Company:  Apple Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
2474624 bytes
Created:  20/04/2011 08:47
Modified: 20/04/2011 08:47
Company:  ESET
--------------------
Value Name: gcasServ
Value Data: "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
446464 bytes
Created:  04/10/2004 23:20
Modified: 04/10/2004 23:20
Company:  GIANT Company Software inc.
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
16744256 bytes
Created:  16/10/2010 12:05
Modified: 08/10/2011 05:50
Company:  NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
C:\WINDOWS\system32\NvMCTray.dll
203072 bytes
Created:  16/10/2010 12:05
Modified: 08/10/2011 05:50
Company:  NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
1632360 bytes
Created:  13/11/2010 16:53
Modified: 08/10/2011 05:50
Company:  NVIDIA Corporation
--------------------
Value Name: SmcService
Value Data: C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
C:\PROGRA~1\Sygate\SPF\smc.exe
2532576 bytes
Created:  13/08/2004 19:05
Modified: 13/08/2004 19:05
Company:  Sygate Technologies, Inc.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
252296 bytes
Created:  30/09/2011 12:19
Modified: 30/09/2011 12:19
Company:  Sun Microsystems, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1238800 bytes
Created:  18/03/2012 17:27
Modified: 23/01/2012 14:12
Company:  Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: EPSON Stylus DX7400 Series (Copie 1)
Value Data: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\DOCUME~1\jo\LOCALS~1\Temp\E_SB20.tmp" /EF "HKCU"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE
182272 bytes
Created:  24/03/2010 13:10
Modified: 12/04/2007 15:00
Company:  SEIKO EPSON CORPORATION
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
 
************************************************************
17:43:21: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:      shell32.dll - this file is expected and has been left in place
----------
ValueName: {9EF34FF2-3396-4527-9D27-04C8C1C67806}
Value:     GIANT AntiSpyware Service Hook
File:      C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServHook.dll
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServHook.dll
61440 bytes
Created:  04/10/2004 15:20
Modified: 04/10/2004 15:20
Company:  GIANT Company Software inc.
----------
 
************************************************************
17:43:22: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
 
************************************************************
17:43:22: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
221696 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
 
************************************************************
17:43:22: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key:  {9C450606-ED24-4958-92BA-B8940C99D441}
Path: C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
8192 bytes
Created:  04/03/2009 16:32
Modified: 04/03/2009 16:32
Company:  
----------
 
************************************************************
17:43:23: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key:  getPlusHelper
Path: C:\Program Files\NOS\bin\getPlus_Helper.dll
C:\Program Files\NOS\bin\getPlus_Helper.dll
45816 bytes
Created:  14/08/2009 22:50
Modified: 07/08/2009 11:44
Company:  NOS Microsystems Ltd.
--------------------
 
************************************************************
17:43:24: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created:  13/04/2008 10:40
Modified: 13/04/2008 10:40
Company:  Microsoft Corporation
----------
Key:       eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
153112 bytes
Created:  20/04/2011 08:46
Modified: 20/04/2011 08:46
Company:  ESET
----------
Key:       ehdrv
ImagePath: system32\DRIVERS\ehdrv.sys
C:\WINDOWS\system32\DRIVERS\ehdrv.sys
118104 bytes
Created:  20/04/2011 08:47
Modified: 20/04/2011 08:47
Company:  ESET
----------
Key:       ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
958464 bytes
Created:  20/04/2011 08:47
Modified: 20/04/2011 08:47
Company:  ESET
----------
Key:       epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
98456 bytes
Created:  20/04/2011 08:47
Modified: 20/04/2011 08:47
Company:  ESET
----------
Key:       ESHASRV
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe
183904 bytes
Created:  20/04/2011 08:48
Modified: 20/04/2011 08:48
Company:  ESET
----------
Key:       FLEXnet Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
651720 bytes
Created:  15/06/2009 15:46
Modified: 10/05/2010 13:21
Company:  Macrovision Europe Ltd.
----------
Key:       IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created:  04/04/2005 00:41
Modified: 04/04/2005 00:41
Company:  Macrovision Corporation
----------
Key:       JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre7\bin\jqs.exe
161664 bytes
Created:  13/01/2012 16:23
Modified: 13/01/2012 16:23
Company:  Oracle Corporation
----------
Key:       NVENETFD
ImagePath: system32\DRIVERS\NVENETFD.sys
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
54784 bytes
Created:  13/11/2010 16:43
Modified: 01/08/2008 11:36
Company:  NVIDIA Corporation
----------
Key:       nvgts
ImagePath: system32\DRIVERS\nvgts.sys
C:\WINDOWS\system32\DRIVERS\nvgts.sys
145952 bytes
Created:  13/06/2009 04:09
Modified: 18/08/2008 18:54
Company:  NVIDIA Corporation
----------
Key:       NVHDA
ImagePath: system32\drivers\nvhda32.sys
C:\WINDOWS\system32\drivers\nvhda32.sys
119656 bytes
Created:  13/11/2010 16:49
Modified: 08/07/2011 00:21
Company:  NVIDIA Corporation
----------
Key:       nvnetbus
ImagePath: system32\DRIVERS\nvnetbus.sys
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22016 bytes
Created:  13/11/2010 16:43
Modified: 01/08/2008 11:36
Company:  NVIDIA Corporation
----------
Key:       nvUpdatusService
ImagePath: C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
2253120 bytes
Created:  27/11/2011 01:50
Modified: 08/10/2011 05:50
Company:  NVIDIA Corporation
----------
Key:       rqpud.sys
ImagePath: \??\C:\WINDOWS\system32\drivers\rqpud.sys
C:\WINDOWS\system32\drivers\rqpud.sys - [file not found to scan]
----------
Key:       SmcService
ImagePath: C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Sygate\SPF\smc.exe
2532576 bytes
Created:  13/08/2004 19:05
Modified: 13/08/2004 19:05
Company:  Sygate Technologies, Inc.
----------
Key:       StMp3Rec
ImagePath: System32\Drivers\StMp3Rec.sys
C:\WINDOWS\System32\Drivers\StMp3Rec.sys
38422 bytes
Created:  02/07/2011 21:41
Modified: 16/08/2005 11:23
Company:  Generic
----------
Key:       SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{E7114086-8FB6-4C6D-B201-79B6E86E29EB}
C:\WINDOWS\system32\dllhost.exe  
5120 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
----------
Key:       TabletServiceWacom
ImagePath: C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
5010288 bytes
Created:  19/07/2010 22:11
Modified: 08/03/2010 14:47
Company:  Wacom Technology, Corp.
----------
Key:       tbhsd
ImagePath: system32\drivers\tbhsd.sys
C:\WINDOWS\system32\drivers\tbhsd.sys
37920 bytes
Created:  10/12/2009 15:45
Modified: 10/12/2009 15:45
Company:  RapidSolution Software AG
----------
Key:       Teefer
ImagePath: SYSTEM32\Drivers\Teefer.sys
C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys
59984 bytes
Created:  11/01/2012 11:55
Modified: 10/08/2004 16:51
Company:  Sygate Technologies, Inc.
----------
Key:       wacmoumonitor
ImagePath: system32\DRIVERS\wacmoumonitor.sys
C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
16168 bytes
Created:  13/06/2009 04:57
Modified: 24/01/2010 13:32
Company:  Wacom Technology
----------
Key:       wacommousefilter
ImagePath: system32\DRIVERS\wacommousefilter.sys
C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
11312 bytes
Created:  19/07/2010 22:11
Modified: 16/02/2007 09:12
Company:  Wacom Technology
----------
Key:       wacomvhid
ImagePath: system32\DRIVERS\wacomvhid.sys
C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
14120 bytes
Created:  19/07/2010 22:11
Modified: 21/09/2009 14:29
Company:  Wacom Technology
----------
Key:       wg3n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg3n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
14240 bytes
Created:  11/01/2012 11:55
Modified: 10/08/2004 17:05
Company:  Sygate Technologies, Inc.
----------
Key:       wg4n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg4n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys
14240 bytes
Created:  11/01/2012 11:55
Modified: 10/08/2004 17:05
Company:  Sygate Technologies, Inc.
----------
Key:       wg5n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg5n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys
14240 bytes
Created:  11/01/2012 11:55
Modified: 10/08/2004 17:05
Company:  Sygate Technologies, Inc.
----------
Key:       wg6n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg6n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys
14240 bytes
Created:  11/01/2012 11:55
Modified: 10/08/2004 17:05
Company:  Sygate Technologies, Inc.
----------
Key:       wpsdrvnt
ImagePath: \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
C:\WINDOWS\system32\drivers\wpsdrvnt.sys
21075 bytes
Created:  11/01/2012 11:55
Modified: 10/08/2004 16:53
Company:  Sygate Technologies, Inc.
----------
Key:       xcpip
ImagePath: \SystemRoot\system32\drivers\xcpip.sys
C:\WINDOWS\system32\drivers\xcpip.sys - [file not found to scan]
----------
Key:       xpsec
ImagePath: \SystemRoot\system32\drivers\xpsec.sys
C:\WINDOWS\system32\drivers\xpsec.sys - [file not found to scan]
----------
 
************************************************************
17:43:34: Scanning -----VXD ENTRIES-----
 
************************************************************
17:43:34: Scanning ----- WINLOGON\NOTIFY DLLS -----
 
************************************************************
17:43:34: Scanning ----- CONTEXTMENUHANDLERS -----
Key:   AIMPClassic
CLSID: {1F77B17B-F531-44DB-ACA4-76ABB5010A28}
Path:  C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
60416 bytes
Created:  28/11/2007 08:32
Modified: 28/11/2007 08:32
Company:  AIMP DevTeam
----------
Key:   ESET Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path:  C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
179784 bytes
Created:  20/04/2011 08:48
Modified: 20/04/2011 08:48
Company:  ESET
----------
 
************************************************************
17:43:34: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key:  {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"
C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
339968 bytes
Created:  21/01/2008 15:48
Modified: 21/01/2008 15:48
Company:  Sun Microsystems, Inc.
----------
 
************************************************************
17:43:34: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre7\bin\jp2ssv.dll
C:\Program Files\Java\jre7\bin\jp2ssv.dll
59272 bytes
Created:  13/01/2012 16:23
Modified: 13/01/2012 16:23
Company:  Oracle Corporation
----------
 
************************************************************
17:43:34: Scanning ----- SHELLSERVICEOBJECTS -----
 
************************************************************
17:43:34: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
 
************************************************************
17:43:34: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
 
************************************************************
17:43:34: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
 
************************************************************
17:43:35: Scanning ----- SECURITY PROVIDER DLLS -----
 
************************************************************
17:43:35: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created:  13/06/2009 02:28
Modified: 13/06/2009 00:38
Company:  [no info]
--------------------
WiziWYG XP Startup.lnk - links to C:\PROGRA~1\PRAXIS~1\WIZIWY~1\WIZIWY~1.EXE
C:\PROGRA~1\PRAXIS~1\WIZIWY~1\WIZIWY~1.EXE
6029369 bytes
Created:  11/02/2012 21:37
Modified: 20/02/2002 18:33
Company:  Praxisoft LLC
--------------------
 
************************************************************
No User Startup Groups were located to check
 
************************************************************
17:43:35: Scanning ----- SCHEDULED TASKS -----
Taskname:      AppleSoftwareUpdate
File:          C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created:  30/07/2008 11:34
Modified: 30/07/2008 11:34
Company:  Apple Inc.
Parameters:    -task
Schedule:      à 09:27 tous les jeu. de chaque semaine, début : 13/06/2009
Next Run Time: 22/03/2012 09:27:00
Status:        Ready
Creator:       SYSTEM
Comments:      
----------
Taskname:      Scheduled Update for Ask Toolbar
File:          C:\Program Files\Ask.com\UpdateTask.exe
Schedule:      Chaque 1 heure(s) à partir de 01:01 pendant 24 heure(s) tous les jours, début : 01/01/2008
Next Run Time: 18/03/2012 18:01:00
Status:        Has not run
Creator:       jo
Comments:      
C:\Program Files\Ask.com\UpdateTask.exe - [file not found to scan]
----------
 
************************************************************
17:43:36: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
 
************************************************************
17:43:36: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.tscc
File:  tsccvid.dll
C:\WINDOWS\system32\tsccvid.dll
107864 bytes
Created:  23/12/2009 13:38
Modified: 19/08/2009 05:18
Company:  TechSmith Corporation
----------
 
************************************************************
17:43:36: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
6220854 bytes
Created:  15/06/2009 17:26
Modified: 11/02/2012 13:44
Company:  [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
6220854 bytes
Created:  15/06/2009 17:26
Modified: 11/02/2012 13:44
Company:  [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed
 
************************************************************
17:43:37: Scanning ----- RUNNING PROCESSES -----
 
C:\WINDOWS\System32\smss.exe
50688 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
512000 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
109056 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\WINDOWS\system32\RunDLL32.exe
33792 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
839680 bytes
Created:  05/10/2004 12:37
Modified: 05/10/2004 12:37
Company:  GIANT Company Software inc.
--------------------
C:\Documents and Settings\jo\Application Data\Simply Super Software\Trojan Remover\ykw2.exe
FileSize:          4746488
[This is a Trojan Remover component]
--------------------
--------------------
 
************************************************************
17:43:40: Checking HOSTS file
No malicious entries were found in the HOSTS file
 
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/red [...] ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/red [...] r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/red [...] ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/red [...] r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1 [...] chcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1 [...] chasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/red [...] ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/red [...] r=iesearch
 
************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 17:43:40 18 mars 2012
Total Scan time: 00:00:22
************************************************************
 
 
***** THE SYSTEM HAS BEEN RESTARTED *****
18/03/2012 17:42:51: Trojan Remover has been restarted
18/03/2012 17:42:51: Trojan Remover closed
************************************************************
 
 
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.3.2601. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 17:31:38 18 mars 2012
Using Database v7860
Operating System:  Windows XP Professional (SP3) [Build: 5.1.2600]
File System:       NTFS
UserData directory: C:\Documents and Settings\jo\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory:  C:\Documents and Settings\jo\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory:  C:\Program Files\Trojan Remover\
Running with Administrator privileges
 
************************************************************
17:31:38: ----- CHECKING DEFAULT FILE ASSOCIATIONS -----
StartMenuInternet\IEXPLORE.EXE entry: ["C:\Program Files\Internet Explorer\iexplore.exe"]
This entry loads the following file:
C:\Program Files\Internet Explorer\iexplore.exe
93184 bytes
Created:  13/06/2009 00:36
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
C:\Program Files\Internet Explorer\iexplore.exe - process is either not running or could not be terminated
C:\Program Files\Internet Explorer\iexplore.exe - file renamed to: C:\Program Files\Internet Explorer\iexplore.exe.vir
The SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command registry entry has been reset to its default
 
************************************************************
17:31:57: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
 
************************************************************
17:31:58: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
17676288 bytes
Created:  13/06/2009 04:05
Modified: 17/11/2008 09:08
Company:  Realtek Semiconductor Corp.
--------------------
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
57344 bytes
Created:  13/06/2009 04:05
Modified: 19/06/2008 09:20
Company:  Realtek Semiconductor Corp.
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
C:\Program Files\QuickTime\QTTask.exe
413696 bytes
Created:  06/09/2008 14:09
Modified: 06/09/2008 14:09
Company:  Apple Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
2474624 bytes
Created:  20/04/2011 08:47
Modified: 20/04/2011 08:47
Company:  ESET
--------------------
Value Name: gcasServ
Value Data: "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
446464 bytes
Created:  04/10/2004 23:20
Modified: 04/10/2004 23:20
Company:  GIANT Company Software inc.
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
16744256 bytes
Created:  16/10/2010 12:05
Modified: 08/10/2011 05:50
Company:  NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
C:\WINDOWS\system32\NvMCTray.dll
203072 bytes
Created:  16/10/2010 12:05
Modified: 08/10/2011 05:50
Company:  NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
1632360 bytes
Created:  13/11/2010 16:53
Modified: 08/10/2011 05:50
Company:  NVIDIA Corporation
--------------------
Value Name: SmcService
Value Data: C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
C:\PROGRA~1\Sygate\SPF\smc.exe
2532576 bytes
Created:  13/08/2004 19:05
Modified: 13/08/2004 19:05
Company:  Sygate Technologies, Inc.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
252296 bytes
Created:  30/09/2011 12:19
Modified: 30/09/2011 12:19
Company:  Sun Microsystems, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1238800 bytes
Created:  18/03/2012 17:27
Modified: 23/01/2012 14:12
Company:  Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: EPSON Stylus DX7400 Series (Copie 1)
Value Data: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\DOCUME~1\jo\LOCALS~1\Temp\E_SB20.tmp" /EF "HKCU"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE
182272 bytes
Created:  24/03/2010 13:10
Modified: 12/04/2007 15:00
Company:  SEIKO EPSON CORPORATION
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
 
************************************************************
17:32:13: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File:      shell32.dll - this file is expected and has been left in place
----------
ValueName: {9EF34FF2-3396-4527-9D27-04C8C1C67806}
Value:     GIANT AntiSpyware Service Hook
File:      C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServHook.dll
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServHook.dll
61440 bytes
Created:  04/10/2004 15:20
Modified: 04/10/2004 15:20
Company:  GIANT Company Software inc.
----------
 
************************************************************
17:32:14: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------
 
************************************************************
17:32:14: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
221696 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
 
************************************************************
17:32:14: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key:  {9C450606-ED24-4958-92BA-B8940C99D441}
Path: C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
8192 bytes
Created:  04/03/2009 16:32
Modified: 04/03/2009 16:32
Company:  
----------
 
************************************************************
17:32:16: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key:  getPlusHelper
Path: C:\Program Files\NOS\bin\getPlus_Helper.dll
C:\Program Files\NOS\bin\getPlus_Helper.dll
45816 bytes
Created:  14/08/2009 22:50
Modified: 07/08/2009 11:44
Company:  NOS Microsystems Ltd.
--------------------
 
************************************************************
17:32:21: Scanning ----- SERVICES REGISTRY KEYS -----
Key:       atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created:  13/04/2008 10:40
Modified: 13/04/2008 10:40
Company:  Microsoft Corporation
----------
Key:       eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
153112 bytes
Created:  20/04/2011 08:46
Modified: 20/04/2011 08:46
Company:  ESET
----------
Key:       ehdrv
ImagePath: system32\DRIVERS\ehdrv.sys
C:\WINDOWS\system32\DRIVERS\ehdrv.sys
118104 bytes
Created:  20/04/2011 08:47
Modified: 20/04/2011 08:47
Company:  ESET
----------
Key:       ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
958464 bytes
Created:  20/04/2011 08:47
Modified: 20/04/2011 08:47
Company:  ESET
----------
Key:       epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
98456 bytes
Created:  20/04/2011 08:47
Modified: 20/04/2011 08:47
Company:  ESET
----------
Key:       ESHASRV
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe
183904 bytes
Created:  20/04/2011 08:48
Modified: 20/04/2011 08:48
Company:  ESET
----------
Key:       FLEXnet Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
651720 bytes
Created:  15/06/2009 15:46
Modified: 10/05/2010 13:21
Company:  Macrovision Europe Ltd.
----------
Key:       IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created:  04/04/2005 00:41
Modified: 04/04/2005 00:41
Company:  Macrovision Corporation
----------
Key:       JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre7\bin\jqs.exe
161664 bytes
Created:  13/01/2012 16:23
Modified: 13/01/2012 16:23
Company:  Oracle Corporation
----------
Key:       NVENETFD
ImagePath: system32\DRIVERS\NVENETFD.sys
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
54784 bytes
Created:  13/11/2010 16:43
Modified: 01/08/2008 11:36
Company:  NVIDIA Corporation
----------
Key:       nvgts
ImagePath: system32\DRIVERS\nvgts.sys
C:\WINDOWS\system32\DRIVERS\nvgts.sys
145952 bytes
Created:  13/06/2009 04:09
Modified: 18/08/2008 18:54
Company:  NVIDIA Corporation
----------
Key:       NVHDA
ImagePath: system32\drivers\nvhda32.sys
C:\WINDOWS\system32\drivers\nvhda32.sys
119656 bytes
Created:  13/11/2010 16:49
Modified: 08/07/2011 00:21
Company:  NVIDIA Corporation
----------
Key:       nvnetbus
ImagePath: system32\DRIVERS\nvnetbus.sys
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22016 bytes
Created:  13/11/2010 16:43
Modified: 01/08/2008 11:36
Company:  NVIDIA Corporation
----------
Key:       nvUpdatusService
ImagePath: C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
2253120 bytes
Created:  27/11/2011 01:50
Modified: 08/10/2011 05:50
Company:  NVIDIA Corporation
----------
Key:       rqpud.sys
ImagePath: \??\C:\WINDOWS\system32\drivers\rqpud.sys
C:\WINDOWS\system32\drivers\rqpud.sys - [file not found to scan]
----------
Key:       SmcService
ImagePath: C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Sygate\SPF\smc.exe
2532576 bytes
Created:  13/08/2004 19:05
Modified: 13/08/2004 19:05
Company:  Sygate Technologies, Inc.
----------
Key:       StMp3Rec
ImagePath: System32\Drivers\StMp3Rec.sys
C:\WINDOWS\System32\Drivers\StMp3Rec.sys
38422 bytes
Created:  02/07/2011 21:41
Modified: 16/08/2005 11:23
Company:  Generic
----------
Key:       SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{E7114086-8FB6-4C6D-B201-79B6E86E29EB}
C:\WINDOWS\system32\dllhost.exe  
5120 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
----------
Key:       TabletServiceWacom
ImagePath: C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
5010288 bytes
Created:  19/07/2010 22:11
Modified: 08/03/2010 14:47
Company:  Wacom Technology, Corp.
----------
Key:       tbhsd
ImagePath: system32\drivers\tbhsd.sys
C:\WINDOWS\system32\drivers\tbhsd.sys
37920 bytes
Created:  10/12/2009 15:45
Modified: 10/12/2009 15:45
Company:  RapidSolution Software AG
----------
Key:       Teefer
ImagePath: SYSTEM32\Drivers\Teefer.sys
C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys
59984 bytes
Created:  11/01/2012 11:55
Modified: 10/08/2004 16:51
Company:  Sygate Technologies, Inc.
----------
Key:       wacmoumonitor
ImagePath: system32\DRIVERS\wacmoumonitor.sys
C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
16168 bytes
Created:  13/06/2009 04:57
Modified: 24/01/2010 13:32
Company:  Wacom Technology
----------
Key:       wacommousefilter
ImagePath: system32\DRIVERS\wacommousefilter.sys
C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
11312 bytes
Created:  19/07/2010 22:11
Modified: 16/02/2007 09:12
Company:  Wacom Technology
----------
Key:       wacomvhid
ImagePath: system32\DRIVERS\wacomvhid.sys
C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
14120 bytes
Created:  19/07/2010 22:11
Modified: 21/09/2009 14:29
Company:  Wacom Technology
----------
Key:       wg3n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg3n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
14240 bytes
Created:  11/01/2012 11:55
Modified: 10/08/2004 17:05
Company:  Sygate Technologies, Inc.
----------
Key:       wg4n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg4n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys
14240 bytes
Created:  11/01/2012 11:55
Modified: 10/08/2004 17:05
Company:  Sygate Technologies, Inc.
----------
Key:       wg5n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg5n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys
14240 bytes
Created:  11/01/2012 11:55
Modified: 10/08/2004 17:05
Company:  Sygate Technologies, Inc.
----------
Key:       wg6n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg6n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys
14240 bytes
Created:  11/01/2012 11:55
Modified: 10/08/2004 17:05
Company:  Sygate Technologies, Inc.
----------
Key:       wpsdrvnt
ImagePath: \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
C:\WINDOWS\system32\drivers\wpsdrvnt.sys
21075 bytes
Created:  11/01/2012 11:55
Modified: 10/08/2004 16:53
Company:  Sygate Technologies, Inc.
----------
Key:       xcpip
ImagePath: \SystemRoot\system32\drivers\xcpip.sys
C:\WINDOWS\system32\drivers\xcpip.sys - [file not found to scan]
----------
Key:       xpsec
ImagePath: \SystemRoot\system32\drivers\xpsec.sys
C:\WINDOWS\system32\drivers\xpsec.sys - [file not found to scan]
----------
 
************************************************************
17:32:40: Scanning -----VXD ENTRIES-----
 
************************************************************
17:32:40: Scanning ----- WINLOGON\NOTIFY DLLS -----
 
************************************************************
17:32:40: Scanning ----- CONTEXTMENUHANDLERS -----
Key:   AIMPClassic
CLSID: {1F77B17B-F531-44DB-ACA4-76ABB5010A28}
Path:  C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
60416 bytes
Created:  28/11/2007 08:32
Modified: 28/11/2007 08:32
Company:  AIMP DevTeam
----------
Key:   ESET Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path:  C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
179784 bytes
Created:  20/04/2011 08:48
Modified: 20/04/2011 08:48
Company:  ESET
----------
 
************************************************************
17:32:41: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key:  {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"
C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
339968 bytes
Created:  21/01/2008 15:48
Modified: 21/01/2008 15:48
Company:  Sun Microsystems, Inc.
----------
 
************************************************************
17:32:41: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre7\bin\jp2ssv.dll
C:\Program Files\Java\jre7\bin\jp2ssv.dll
59272 bytes
Created:  13/01/2012 16:23
Modified: 13/01/2012 16:23
Company:  Oracle Corporation
----------
 
************************************************************
17:32:41: Scanning ----- SHELLSERVICEOBJECTS -----
 
************************************************************
17:32:41: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
 
************************************************************
17:32:41: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.
 
************************************************************
17:32:41: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist
 
************************************************************
17:32:41: Scanning ----- SECURITY PROVIDER DLLS -----
 
************************************************************
17:32:42: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created:  13/06/2009 02:28
Modified: 13/06/2009 00:38
Company:  [no info]
--------------------
WiziWYG XP Startup.lnk - links to C:\PROGRA~1\PRAXIS~1\WIZIWY~1\WIZIWY~1.EXE
C:\PROGRA~1\PRAXIS~1\WIZIWY~1\WIZIWY~1.EXE
6029369 bytes
Created:  11/02/2012 21:37
Modified: 20/02/2002 18:33
Company:  Praxisoft LLC
--------------------
 
************************************************************
No User Startup Groups were located to check
 
************************************************************
17:32:45: Scanning ----- SCHEDULED TASKS -----
Taskname:      AppleSoftwareUpdate
File:          C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created:  30/07/2008 11:34
Modified: 30/07/2008 11:34
Company:  Apple Inc.
Parameters:    -task
Schedule:      à 09:27 tous les jeu. de chaque semaine, début : 13/06/2009
Next Run Time: 22/03/2012 09:27:00
Status:        Ready
Creator:       SYSTEM
Comments:      
----------
Taskname:      Scheduled Update for Ask Toolbar
File:          C:\Program Files\Ask.com\UpdateTask.exe
Schedule:      Chaque 1 heure(s) à partir de 01:01 pendant 24 heure(s) tous les jours, début : 01/01/2008
Next Run Time: 18/03/2012 18:01:00
Status:        Has not run
Creator:       jo
Comments:      
C:\Program Files\Ask.com\UpdateTask.exe - [file not found to scan]
----------
 
************************************************************
17:32:46: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----
 
************************************************************
17:32:46: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.tscc
File:  tsccvid.dll
C:\WINDOWS\system32\tsccvid.dll
107864 bytes
Created:  23/12/2009 13:38
Modified: 19/08/2009 05:18
Company:  TechSmith Corporation
----------
 
************************************************************
17:32:48: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
6220854 bytes
Created:  15/06/2009 17:26
Modified: 11/02/2012 13:44
Company:  [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
6220854 bytes
Created:  15/06/2009 17:26
Modified: 11/02/2012 13:44
Company:  [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed
 
************************************************************
17:32:53: Scanning ----- RUNNING PROCESSES -----
 
C:\WINDOWS\System32\smss.exe
50688 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
512000 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
109056 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\WINDOWS\system32\RunDLL32.exe
33792 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
839680 bytes
Created:  05/10/2004 12:37
Modified: 05/10/2004 12:37
Company:  GIANT Company Software inc.
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
924632 bytes
Created:  13/06/2009 05:23
Modified: 18/02/2012 02:30
Company:  Mozilla Corporation
--------------------
C:\WINDOWS\system32\nvsvc32.exe
298304 bytes
Created:  16/10/2010 12:05
Modified: 08/10/2011 05:50
Company:  NVIDIA Corporation
--------------------
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
2046320 bytes
Created:  19/07/2010 22:11
Modified: 08/03/2010 14:47
Company:  Wacom Technology, Corp.
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created:  13/04/2008 18:33
Modified: 13/04/2008 18:33
Company:  Microsoft Corporation
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created:  13/04/2008 18:34
Modified: 13/04/2008 18:34
Company:  Microsoft Corporation
--------------------
C:\Program Files\AIMP2\AIMP2.exe
488448 bytes
Created:  15/03/2008 17:51
Modified: 15/03/2008 17:51
Company:  AIMP DevTeam
--------------------
C:\Program Files\Mozilla Firefox\plugin-container.exe
16856 bytes
Created:  29/06/2010 17:51
Modified: 18/02/2012 02:30
Company:  Mozilla Corporation
--------------------
C:\Documents and Settings\jo\Application Data\Simply Super Software\Trojan Remover\vnc2E2.exe
FileSize:          4746488
[This is a Trojan Remover component]
--------------------
--------------------
 
************************************************************
17:33:01: Checking HOSTS file
No malicious entries were found in the HOSTS file
 
************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/red [...] ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/red [...] r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/red [...] ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/red [...] r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1 [...] chcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1 [...] chasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/red [...] ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/red [...] r=iesearch
 
************************************************************
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 17:33:01 18 mars 2012
Total Scan time: 00:01:22
-------------------------------------------------------------------------
Trojan Remover needs to restart the system to complete operations
18/03/2012 17:33:08: restart commenced
************************************************************
 
 
merci d'avoir lu jusqu'ici !  


Message édité par hom2ver le 23-03-2012 à 00:19:27
Reply

Marsh Posté le 21-03-2012 à 22:55:45   

Reply

Sujets relatifs:

Leave a Replay

Make sure you enter the(*)required information where indicate.HTML code is not allowed