S.O.S. Infecté par win32/Theola. A trojan...

G

Guest

Invité
Bonsoir tout le monde,

j'aimerai vous demander un coup de pouce car mon pc agit bizarrement depuis qu'il a été infecté par un trojan.

mon antivirus m'a signalé ce qui suit:

threat found in y memory!

object: operating memory services.exe (772)

threat: probably a variant of win32/Theola. A trojan

info: unable to clean

je me suis alors dégoté Trojan Remover et j'ai fait un scan complet avec l'option "rename" sensée renommer le trojan pour le rendre inactif d'après ce que j'ai saisi.

Pour ne rien vous cacher il a trouvé un truc que j'ai oublié de noter.

Pas serieux du tout ça! Je sais, c'est pas bien!

Il me semble qu'il s'agissait d'une autre menace dont il s'est apparament chargé mais Theola (théo là) est toujours là !

J'ai au moins pensé à copier le "log" à la fin du scan :

***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.3.2601. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 18:50:26 18 mars 2012
Using Database v7860
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\jo\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\jo\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
Carrying out scan on ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
(including subdirectories)
Archive files will be EXCLUDED.
The scan will also include files aready renamed by Trojan Remover.
------------------------------
C:\Documents and Settings\jo\Mes documents\Téléchargements\bdl39100-lf\bdl39100-lf\bdl3.9.10.0.exe appears to be in-use/locked
C:\Program Files\ESET\MiNODLogin\MiNODLoginLib.dll appears to be in-use/locked
------------------------------
115659 files scanned
Directory scan complete - no Malware files detected
Scan completed at: 23:53:10 18 mars 2012
Total Scan time: 05:02:43
************************************************************


***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.3.2601. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 18:18:12 18 mars 2012
Using Database v7860
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\jo\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\jo\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
Carrying out scan on ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
(including subdirectories)
Archive files will be INCLUDED.
The scan will also include files aready renamed by Trojan Remover.
------------------------------
------------------------------
Scan stopped by user after 6415 files were checked
No Malware files detected
Scan stopped at: 18/03/2012 18:50:05
Total Scan time: 00:31:52
************************************************************


***** DRIVE/DIRECTORY SCAN *****
Trojan Remover Ver 6.8.3.2601. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 17:51:41 18 mars 2012
Using Database v7860
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\jo\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\jo\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
Carrying out scan on ::{20D04FE0-3AEA-1069-A2D8-08002B30309D}
(including subdirectories)
Archive files will be EXCLUDED.
------------------------------
------------------------------
Scan stopped by user after 4823 files were checked
No Malware files detected
Scan stopped at: 18/03/2012 18:16:26
Total Scan time: 00:24:44
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.3.2601. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 17:43:18 18 mars 2012
Using Database v7860
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\jo\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\jo\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
17:43:18: ----- CHECKING DEFAULT FILE ASSOCIATIONS -----
No modified default file associations detected

************************************************************
17:43:18: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
17:43:18: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
17676288 bytes
Created: 13/06/2009 04:05
Modified: 17/11/2008 09:08
Company: Realtek Semiconductor Corp.
--------------------
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
57344 bytes
Created: 13/06/2009 04:05
Modified: 19/06/2008 09:20
Company: Realtek Semiconductor Corp.
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
C:\Program Files\QuickTime\QTTask.exe
413696 bytes
Created: 06/09/2008 14:09
Modified: 06/09/2008 14:09
Company: Apple Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
2474624 bytes
Created: 20/04/2011 08:47
Modified: 20/04/2011 08:47
Company: ESET
--------------------
Value Name: gcasServ
Value Data: "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
446464 bytes
Created: 04/10/2004 23:20
Modified: 04/10/2004 23:20
Company: GIANT Company Software inc.
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
16744256 bytes
Created: 16/10/2010 12:05
Modified: 08/10/2011 05:50
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
C:\WINDOWS\system32\NvMCTray.dll
203072 bytes
Created: 16/10/2010 12:05
Modified: 08/10/2011 05:50
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
1632360 bytes
Created: 13/11/2010 16:53
Modified: 08/10/2011 05:50
Company: NVIDIA Corporation
--------------------
Value Name: SmcService
Value Data: C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
C:\PROGRA~1\Sygate\SPF\smc.exe
2532576 bytes
Created: 13/08/2004 19:05
Modified: 13/08/2004 19:05
Company: Sygate Technologies, Inc.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
252296 bytes
Created: 30/09/2011 12:19
Modified: 30/09/2011 12:19
Company: Sun Microsystems, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1238800 bytes
Created: 18/03/2012 17:27
Modified: 23/01/2012 14:12
Company: Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: EPSON Stylus DX7400 Series (Copie 1)
Value Data: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\DOCUME~1\jo\LOCALS~1\Temp\E_SB20.tmp" /EF "HKCU"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE
182272 bytes
Created: 24/03/2010 13:10
Modified: 12/04/2007 15:00
Company: SEIKO EPSON CORPORATION
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
17:43:21: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {9EF34FF2-3396-4527-9D27-04C8C1C67806}
Value: GIANT AntiSpyware Service Hook
File: C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServHook.dll
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServHook.dll
61440 bytes
Created: 04/10/2004 15:20
Modified: 04/10/2004 15:20
Company: GIANT Company Software inc.
----------

************************************************************
17:43:22: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
17:43:22: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
221696 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------

************************************************************
17:43:22: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {9C450606-ED24-4958-92BA-B8940C99D441}
Path: C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
8192 bytes
Created: 04/03/2009 16:32
Modified: 04/03/2009 16:32
Company:
----------

************************************************************
17:43:23: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: getPlusHelper
Path: C:\Program Files\NOS\bin\getPlus_Helper.dll
C:\Program Files\NOS\bin\getPlus_Helper.dll
45816 bytes
Created: 14/08/2009 22:50
Modified: 07/08/2009 11:44
Company: NOS Microsystems Ltd.
--------------------

************************************************************
17:43:24: Scanning ----- SERVICES REGISTRY KEYS -----
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 13/04/2008 10:40
Modified: 13/04/2008 10:40
Company: Microsoft Corporation
----------
Key: eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
153112 bytes
Created: 20/04/2011 08:46
Modified: 20/04/2011 08:46
Company: ESET
----------
Key: ehdrv
ImagePath: system32\DRIVERS\ehdrv.sys
C:\WINDOWS\system32\DRIVERS\ehdrv.sys
118104 bytes
Created: 20/04/2011 08:47
Modified: 20/04/2011 08:47
Company: ESET
----------
Key: ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
958464 bytes
Created: 20/04/2011 08:47
Modified: 20/04/2011 08:47
Company: ESET
----------
Key: epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
98456 bytes
Created: 20/04/2011 08:47
Modified: 20/04/2011 08:47
Company: ESET
----------
Key: ESHASRV
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe
183904 bytes
Created: 20/04/2011 08:48
Modified: 20/04/2011 08:48
Company: ESET
----------
Key: FLEXnet Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
651720 bytes
Created: 15/06/2009 15:46
Modified: 10/05/2010 13:21
Company: Macrovision Europe Ltd.
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 04/04/2005 00:41
Modified: 04/04/2005 00:41
Company: Macrovision Corporation
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre7\bin\jqs.exe
161664 bytes
Created: 13/01/2012 16:23
Modified: 13/01/2012 16:23
Company: Oracle Corporation
----------
Key: NVENETFD
ImagePath: system32\DRIVERS\NVENETFD.sys
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
54784 bytes
Created: 13/11/2010 16:43
Modified: 01/08/2008 11:36
Company: NVIDIA Corporation
----------
Key: nvgts
ImagePath: system32\DRIVERS\nvgts.sys
C:\WINDOWS\system32\DRIVERS\nvgts.sys
145952 bytes
Created: 13/06/2009 04:09
Modified: 18/08/2008 18:54
Company: NVIDIA Corporation
----------
Key: NVHDA
ImagePath: system32\drivers\nvhda32.sys
C:\WINDOWS\system32\drivers\nvhda32.sys
119656 bytes
Created: 13/11/2010 16:49
Modified: 08/07/2011 00:21
Company: NVIDIA Corporation
----------
Key: nvnetbus
ImagePath: system32\DRIVERS\nvnetbus.sys
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22016 bytes
Created: 13/11/2010 16:43
Modified: 01/08/2008 11:36
Company: NVIDIA Corporation
----------
Key: nvUpdatusService
ImagePath: C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
2253120 bytes
Created: 27/11/2011 01:50
Modified: 08/10/2011 05:50
Company: NVIDIA Corporation
----------
Key: rqpud.sys
ImagePath: \??\C:\WINDOWS\system32\drivers\rqpud.sys
C:\WINDOWS\system32\drivers\rqpud.sys - [file not found to scan]
----------
Key: SmcService
ImagePath: C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Sygate\SPF\smc.exe
2532576 bytes
Created: 13/08/2004 19:05
Modified: 13/08/2004 19:05
Company: Sygate Technologies, Inc.
----------
Key: StMp3Rec
ImagePath: System32\Drivers\StMp3Rec.sys
C:\WINDOWS\System32\Drivers\StMp3Rec.sys
38422 bytes
Created: 02/07/2011 21:41
Modified: 16/08/2005 11:23
Company: Generic
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{E7114086-8FB6-4C6D-B201-79B6E86E29EB}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
----------
Key: TabletServiceWacom
ImagePath: C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
5010288 bytes
Created: 19/07/2010 22:11
Modified: 08/03/2010 14:47
Company: Wacom Technology, Corp.
----------
Key: tbhsd
ImagePath: system32\drivers\tbhsd.sys
C:\WINDOWS\system32\drivers\tbhsd.sys
37920 bytes
Created: 10/12/2009 15:45
Modified: 10/12/2009 15:45
Company: RapidSolution Software AG
----------
Key: Teefer
ImagePath: SYSTEM32\Drivers\Teefer.sys
C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys
59984 bytes
Created: 11/01/2012 11:55
Modified: 10/08/2004 16:51
Company: Sygate Technologies, Inc.
----------
Key: wacmoumonitor
ImagePath: system32\DRIVERS\wacmoumonitor.sys
C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
16168 bytes
Created: 13/06/2009 04:57
Modified: 24/01/2010 13:32
Company: Wacom Technology
----------
Key: wacommousefilter
ImagePath: system32\DRIVERS\wacommousefilter.sys
C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
11312 bytes
Created: 19/07/2010 22:11
Modified: 16/02/2007 09:12
Company: Wacom Technology
----------
Key: wacomvhid
ImagePath: system32\DRIVERS\wacomvhid.sys
C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
14120 bytes
Created: 19/07/2010 22:11
Modified: 21/09/2009 14:29
Company: Wacom Technology
----------
Key: wg3n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg3n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
14240 bytes
Created: 11/01/2012 11:55
Modified: 10/08/2004 17:05
Company: Sygate Technologies, Inc.
----------
Key: wg4n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg4n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys
14240 bytes
Created: 11/01/2012 11:55
Modified: 10/08/2004 17:05
Company: Sygate Technologies, Inc.
----------
Key: wg5n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg5n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys
14240 bytes
Created: 11/01/2012 11:55
Modified: 10/08/2004 17:05
Company: Sygate Technologies, Inc.
----------
Key: wg6n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg6n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys
14240 bytes
Created: 11/01/2012 11:55
Modified: 10/08/2004 17:05
Company: Sygate Technologies, Inc.
----------
Key: wpsdrvnt
ImagePath: \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
C:\WINDOWS\system32\drivers\wpsdrvnt.sys
21075 bytes
Created: 11/01/2012 11:55
Modified: 10/08/2004 16:53
Company: Sygate Technologies, Inc.
----------
Key: xcpip
ImagePath: \SystemRoot\system32\drivers\xcpip.sys
C:\WINDOWS\system32\drivers\xcpip.sys - [file not found to scan]
----------
Key: xpsec
ImagePath: \SystemRoot\system32\drivers\xpsec.sys
C:\WINDOWS\system32\drivers\xpsec.sys - [file not found to scan]
----------

************************************************************
17:43:34: Scanning -----VXD ENTRIES-----

************************************************************
17:43:34: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
17:43:34: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AIMPClassic
CLSID: {1F77B17B-F531-44DB-ACA4-76ABB5010A28}
Path: C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
60416 bytes
Created: 28/11/2007 08:32
Modified: 28/11/2007 08:32
Company: AIMP DevTeam
----------
Key: ESET Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path: C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
179784 bytes
Created: 20/04/2011 08:48
Modified: 20/04/2011 08:48
Company: ESET
----------

************************************************************
17:43:34: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"
C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
339968 bytes
Created: 21/01/2008 15:48
Modified: 21/01/2008 15:48
Company: Sun Microsystems, Inc.
----------

************************************************************
17:43:34: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre7\bin\jp2ssv.dll
C:\Program Files\Java\jre7\bin\jp2ssv.dll
59272 bytes
Created: 13/01/2012 16:23
Modified: 13/01/2012 16:23
Company: Oracle Corporation
----------

************************************************************
17:43:34: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
17:43:34: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
17:43:34: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
17:43:34: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
17:43:35: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
17:43:35: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 13/06/2009 02:28
Modified: 13/06/2009 00:38
Company: [no info]
--------------------
WiziWYG XP Startup.lnk - links to C:\PROGRA~1\PRAXIS~1\WIZIWY~1\WIZIWY~1.EXE
C:\PROGRA~1\PRAXIS~1\WIZIWY~1\WIZIWY~1.EXE
6029369 bytes
Created: 11/02/2012 21:37
Modified: 20/02/2002 18:33
Company: Praxisoft LLC
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
17:43:35: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 30/07/2008 11:34
Modified: 30/07/2008 11:34
Company: Apple Inc.
Parameters: -task
Schedule: à 09:27 tous les jeu. de chaque semaine, début : 13/06/2009
Next Run Time: 22/03/2012 09:27:00
Status: Ready
Creator: SYSTEM
Comments:
----------
Taskname: Scheduled Update for Ask Toolbar
File: C:\Program Files\Ask.com\UpdateTask.exe
Schedule: Chaque 1 heure(s) à partir de 01:01 pendant 24 heure(s) tous les jours, début : 01/01/2008
Next Run Time: 18/03/2012 18:01:00
Status: Has not run
Creator: jo
Comments:
C:\Program Files\Ask.com\UpdateTask.exe - [file not found to scan]
----------

************************************************************
17:43:36: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
17:43:36: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.tscc
File: tsccvid.dll
C:\WINDOWS\system32\tsccvid.dll
107864 bytes
Created: 23/12/2009 13:38
Modified: 19/08/2009 05:18
Company: TechSmith Corporation
----------

************************************************************
17:43:36: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
6220854 bytes
Created: 15/06/2009 17:26
Modified: 11/02/2012 13:44
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
6220854 bytes
Created: 15/06/2009 17:26
Modified: 11/02/2012 13:44
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
17:43:37: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
512000 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
109056 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\RunDLL32.exe
33792 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
839680 bytes
Created: 05/10/2004 12:37
Modified: 05/10/2004 12:37
Company: GIANT Company Software inc.
--------------------
C:\Documents and Settings\jo\Application Data\Simply Super Software\Trojan Remover\ykw2.exe
FileSize: 4746488
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
17:43:40: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
Vous devez être connecté pour voir les liens.
[...] ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
Vous devez être connecté pour voir les liens.
[...] r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
Vous devez être connecté pour voir les liens.
[...] ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
Vous devez être connecté pour voir les liens.
[...] r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
Vous devez être connecté pour voir les liens.
[...] chcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
Vous devez être connecté pour voir les liens.
[...] chasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
Vous devez être connecté pour voir les liens.
[...] ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
Vous devez être connecté pour voir les liens.
[...] r=iesearch

************************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 17:43:40 18 mars 2012
Total Scan time: 00:00:22
************************************************************


***** THE SYSTEM HAS BEEN RESTARTED *****
18/03/2012 17:42:51: Trojan Remover has been restarted
18/03/2012 17:42:51: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.8.3.2601. For information, email support@simplysup.com
[Unregistered version]
Scan started at: 17:31:38 18 mars 2012
Using Database v7860
Operating System: Windows XP Professional (SP3) [Build: 5.1.2600]
File System: NTFS
UserData directory: C:\Documents and Settings\jo\Application Data\Simply Super Software\Trojan Remover\
Database directory: C:\Documents and Settings\All Users\Application Data\Simply Super Software\Trojan Remover\Data\
Logfile directory: C:\Documents and Settings\jo\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

************************************************************
17:31:38: ----- CHECKING DEFAULT FILE ASSOCIATIONS -----
StartMenuInternet\IEXPLORE.EXE entry: ["C:\Program Files\Internet Explorer\iexplore.exe"]
This entry loads the following file:
C:\Program Files\Internet Explorer\iexplore.exe
93184 bytes
Created: 13/06/2009 00:36
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
C:\Program Files\Internet Explorer\iexplore.exe - process is either not running or could not be terminated
C:\Program Files\Internet Explorer\iexplore.exe - file renamed to: C:\Program Files\Internet Explorer\iexplore.exe.vir
The SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command registry entry has been reset to its default

************************************************************
17:31:57: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

************************************************************
17:31:58: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Key value: [Explorer.exe]
File: Explorer.exe
C:\WINDOWS\Explorer.exe
1037824 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
----------
This key's "Userinit" value calls the following program(s):
Key value: [C:\WINDOWS\system32\userinit.exe,]
File: C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\userinit.exe
26624 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
Key value: [logonui.exe]
File: logonui.exe
C:\WINDOWS\system32\logonui.exe
515584 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name: load
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
Value Name: RTHDCPL
Value Data: RTHDCPL.EXE
C:\WINDOWS\RTHDCPL.EXE
17676288 bytes
Created: 13/06/2009 04:05
Modified: 17/11/2008 09:08
Company: Realtek Semiconductor Corp.
--------------------
Value Name: Alcmtr
Value Data: ALCMTR.EXE
C:\WINDOWS\ALCMTR.EXE
57344 bytes
Created: 13/06/2009 04:05
Modified: 19/06/2008 09:20
Company: Realtek Semiconductor Corp.
--------------------
Value Name: QuickTime Task
Value Data: "C:\Program Files\QuickTime\QTTask.exe" -atboottime
C:\Program Files\QuickTime\QTTask.exe
413696 bytes
Created: 06/09/2008 14:09
Modified: 06/09/2008 14:09
Company: Apple Inc.
--------------------
Value Name: egui
Value Data: "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
2474624 bytes
Created: 20/04/2011 08:47
Modified: 20/04/2011 08:47
Company: ESET
--------------------
Value Name: gcasServ
Value Data: "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
446464 bytes
Created: 04/10/2004 23:20
Modified: 04/10/2004 23:20
Company: GIANT Company Software inc.
--------------------
Value Name: NvCplDaemon
Value Data: RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
C:\WINDOWS\system32\NvCpl.dll
16744256 bytes
Created: 16/10/2010 12:05
Modified: 08/10/2011 05:50
Company: NVIDIA Corporation
--------------------
Value Name: NvMediaCenter
Value Data: RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
C:\WINDOWS\system32\NvMCTray.dll
203072 bytes
Created: 16/10/2010 12:05
Modified: 08/10/2011 05:50
Company: NVIDIA Corporation
--------------------
Value Name: nwiz
Value Data: C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
C:\Program Files\NVIDIA Corporation\nview\nwiz.exe
1632360 bytes
Created: 13/11/2010 16:53
Modified: 08/10/2011 05:50
Company: NVIDIA Corporation
--------------------
Value Name: SmcService
Value Data: C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
C:\PROGRA~1\Sygate\SPF\smc.exe
2532576 bytes
Created: 13/08/2004 19:05
Modified: 13/08/2004 19:05
Company: Sygate Technologies, Inc.
--------------------
Value Name: SunJavaUpdateSched
Value Data: "C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe"
C:\Program Files\Fichiers communs\Java\Java Update\jusched.exe
252296 bytes
Created: 30/09/2011 12:19
Modified: 30/09/2011 12:19
Company: Sun Microsystems, Inc.
--------------------
Value Name: TrojanScanner
Value Data: C:\Program Files\Trojan Remover\Trjscan.exe /boot
C:\Program Files\Trojan Remover\Trjscan.exe
1238800 bytes
Created: 18/03/2012 17:27
Modified: 23/01/2012 14:12
Company: Simply Super Software
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Value Name: EPSON Stylus DX7400 Series (Copie 1)
Value Data: C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\DOCUME~1\jo\LOCALS~1\Temp\E_SB20.tmp" /EF "HKCU"
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE
182272 bytes
Created: 24/03/2010 13:10
Modified: 12/04/2007 15:00
Company: SEIKO EPSON CORPORATION
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

************************************************************
17:32:13: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {9EF34FF2-3396-4527-9D27-04C8C1C67806}
Value: GIANT AntiSpyware Service Hook
File: C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServHook.dll
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServHook.dll
61440 bytes
Created: 04/10/2004 15:20
Modified: 04/10/2004 15:20
Company: GIANT Company Software inc.
----------

************************************************************
17:32:14: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

************************************************************
17:32:14: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver: C:\WINDOWS\system32\logon.scr
C:\WINDOWS\system32\logon.scr
221696 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------

************************************************************
17:32:14: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Key: {9C450606-ED24-4958-92BA-B8940C99D441}
Path: C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
8192 bytes
Created: 04/03/2009 16:32
Modified: 04/03/2009 16:32
Company:
----------

************************************************************
17:32:16: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Key: getPlusHelper
Path: C:\Program Files\NOS\bin\getPlus_Helper.dll
C:\Program Files\NOS\bin\getPlus_Helper.dll
45816 bytes
Created: 14/08/2009 22:50
Modified: 07/08/2009 11:44
Company: NOS Microsystems Ltd.
--------------------

************************************************************
17:32:21: Scanning ----- SERVICES REGISTRY KEYS -----
Key: atapi
ImagePath: system32\DRIVERS\atapi.sys
C:\WINDOWS\system32\DRIVERS\atapi.sys
96512 bytes
Created: 13/04/2008 10:40
Modified: 13/04/2008 10:40
Company: Microsoft Corporation
----------
Key: eamon
ImagePath: system32\DRIVERS\eamon.sys
C:\WINDOWS\system32\DRIVERS\eamon.sys
153112 bytes
Created: 20/04/2011 08:46
Modified: 20/04/2011 08:46
Company: ESET
----------
Key: ehdrv
ImagePath: system32\DRIVERS\ehdrv.sys
C:\WINDOWS\system32\DRIVERS\ehdrv.sys
118104 bytes
Created: 20/04/2011 08:47
Modified: 20/04/2011 08:47
Company: ESET
----------
Key: ekrn
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
958464 bytes
Created: 20/04/2011 08:47
Modified: 20/04/2011 08:47
Company: ESET
----------
Key: epfwtdir
ImagePath: system32\DRIVERS\epfwtdir.sys
C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
98456 bytes
Created: 20/04/2011 08:47
Modified: 20/04/2011 08:47
Company: ESET
----------
Key: ESHASRV
ImagePath: "C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe"
C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe
183904 bytes
Created: 20/04/2011 08:48
Modified: 20/04/2011 08:48
Company: ESET
----------
Key: FLEXnet Licensing Service
ImagePath: "C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe"
C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
651720 bytes
Created: 15/06/2009 15:46
Modified: 10/05/2010 13:21
Company: Macrovision Europe Ltd.
----------
Key: IDriverT
ImagePath: "C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe"
C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
69632 bytes
Created: 04/04/2005 00:41
Modified: 04/04/2005 00:41
Company: Macrovision Corporation
----------
Key: JavaQuickStarterService
ImagePath: "C:\Program Files\Java\jre7\bin\jqs.exe" -service -config "C:\Program Files\Java\jre7\lib\deploy\jqs\jqs.conf"
C:\Program Files\Java\jre7\bin\jqs.exe
161664 bytes
Created: 13/01/2012 16:23
Modified: 13/01/2012 16:23
Company: Oracle Corporation
----------
Key: NVENETFD
ImagePath: system32\DRIVERS\NVENETFD.sys
C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
54784 bytes
Created: 13/11/2010 16:43
Modified: 01/08/2008 11:36
Company: NVIDIA Corporation
----------
Key: nvgts
ImagePath: system32\DRIVERS\nvgts.sys
C:\WINDOWS\system32\DRIVERS\nvgts.sys
145952 bytes
Created: 13/06/2009 04:09
Modified: 18/08/2008 18:54
Company: NVIDIA Corporation
----------
Key: NVHDA
ImagePath: system32\drivers\nvhda32.sys
C:\WINDOWS\system32\drivers\nvhda32.sys
119656 bytes
Created: 13/11/2010 16:49
Modified: 08/07/2011 00:21
Company: NVIDIA Corporation
----------
Key: nvnetbus
ImagePath: system32\DRIVERS\nvnetbus.sys
C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
22016 bytes
Created: 13/11/2010 16:43
Modified: 01/08/2008 11:36
Company: NVIDIA Corporation
----------
Key: nvUpdatusService
ImagePath: C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
2253120 bytes
Created: 27/11/2011 01:50
Modified: 08/10/2011 05:50
Company: NVIDIA Corporation
----------
Key: rqpud.sys
ImagePath: \??\C:\WINDOWS\system32\drivers\rqpud.sys
C:\WINDOWS\system32\drivers\rqpud.sys - [file not found to scan]
----------
Key: SmcService
ImagePath: C:\Program Files\Sygate\SPF\smc.exe
C:\Program Files\Sygate\SPF\smc.exe
2532576 bytes
Created: 13/08/2004 19:05
Modified: 13/08/2004 19:05
Company: Sygate Technologies, Inc.
----------
Key: StMp3Rec
ImagePath: System32\Drivers\StMp3Rec.sys
C:\WINDOWS\System32\Drivers\StMp3Rec.sys
38422 bytes
Created: 02/07/2011 21:41
Modified: 16/08/2005 11:23
Company: Generic
----------
Key: SwPrv
ImagePath: C:\WINDOWS\system32\dllhost.exe /Processid:{E7114086-8FB6-4C6D-B201-79B6E86E29EB}
C:\WINDOWS\system32\dllhost.exe
5120 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
----------
Key: TabletServiceWacom
ImagePath: C:\WINDOWS\system32\Wacom_Tablet.exe
C:\WINDOWS\system32\Wacom_Tablet.exe
5010288 bytes
Created: 19/07/2010 22:11
Modified: 08/03/2010 14:47
Company: Wacom Technology, Corp.
----------
Key: tbhsd
ImagePath: system32\drivers\tbhsd.sys
C:\WINDOWS\system32\drivers\tbhsd.sys
37920 bytes
Created: 10/12/2009 15:45
Modified: 10/12/2009 15:45
Company: RapidSolution Software AG
----------
Key: Teefer
ImagePath: SYSTEM32\Drivers\Teefer.sys
C:\WINDOWS\SYSTEM32\Drivers\Teefer.sys
59984 bytes
Created: 11/01/2012 11:55
Modified: 10/08/2004 16:51
Company: Sygate Technologies, Inc.
----------
Key: wacmoumonitor
ImagePath: system32\DRIVERS\wacmoumonitor.sys
C:\WINDOWS\system32\DRIVERS\wacmoumonitor.sys
16168 bytes
Created: 13/06/2009 04:57
Modified: 24/01/2010 13:32
Company: Wacom Technology
----------
Key: wacommousefilter
ImagePath: system32\DRIVERS\wacommousefilter.sys
C:\WINDOWS\system32\DRIVERS\wacommousefilter.sys
11312 bytes
Created: 19/07/2010 22:11
Modified: 16/02/2007 09:12
Company: Wacom Technology
----------
Key: wacomvhid
ImagePath: system32\DRIVERS\wacomvhid.sys
C:\WINDOWS\system32\DRIVERS\wacomvhid.sys
14120 bytes
Created: 19/07/2010 22:11
Modified: 21/09/2009 14:29
Company: Wacom Technology
----------
Key: wg3n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg3n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys
14240 bytes
Created: 11/01/2012 11:55
Modified: 10/08/2004 17:05
Company: Sygate Technologies, Inc.
----------
Key: wg4n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg4n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg4n.sys
14240 bytes
Created: 11/01/2012 11:55
Modified: 10/08/2004 17:05
Company: Sygate Technologies, Inc.
----------
Key: wg5n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg5n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg5n.sys
14240 bytes
Created: 11/01/2012 11:55
Modified: 10/08/2004 17:05
Company: Sygate Technologies, Inc.
----------
Key: wg6n
ImagePath: \SystemRoot\SYSTEM32\Drivers\wg6n.sys
C:\WINDOWS\SYSTEM32\Drivers\wg6n.sys
14240 bytes
Created: 11/01/2012 11:55
Modified: 10/08/2004 17:05
Company: Sygate Technologies, Inc.
----------
Key: wpsdrvnt
ImagePath: \??\C:\WINDOWS\system32\drivers\wpsdrvnt.sys
C:\WINDOWS\system32\drivers\wpsdrvnt.sys
21075 bytes
Created: 11/01/2012 11:55
Modified: 10/08/2004 16:53
Company: Sygate Technologies, Inc.
----------
Key: xcpip
ImagePath: \SystemRoot\system32\drivers\xcpip.sys
C:\WINDOWS\system32\drivers\xcpip.sys - [file not found to scan]
----------
Key: xpsec
ImagePath: \SystemRoot\system32\drivers\xpsec.sys
C:\WINDOWS\system32\drivers\xpsec.sys - [file not found to scan]
----------

************************************************************
17:32:40: Scanning -----VXD ENTRIES-----

************************************************************
17:32:40: Scanning ----- WINLOGON\NOTIFY DLLS -----

************************************************************
17:32:40: Scanning ----- CONTEXTMENUHANDLERS -----
Key: AIMPClassic
CLSID: {1F77B17B-F531-44DB-ACA4-76ABB5010A28}
Path: C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
C:\PROGRA~1\AIMP2\System\AIMP_S~1.DLL
60416 bytes
Created: 28/11/2007 08:32
Modified: 28/11/2007 08:32
Company: AIMP DevTeam
----------
Key: ESET Smart Security - Context Menu Shell Extension
CLSID: {B089FE88-FB52-11D3-BDF1-0050DA34150D}
Path: C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
C:\Program Files\ESET\ESET NOD32 Antivirus\shellExt.dll
179784 bytes
Created: 20/04/2011 08:48
Modified: 20/04/2011 08:48
Company: ESET
----------

************************************************************
17:32:41: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key: {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
File: "C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll"
C:\Program Files\OpenOffice.org 2.4\program\shlxthdl.dll
339968 bytes
Created: 21/01/2008 15:48
Modified: 21/01/2008 15:48
Company: Sun Microsystems, Inc.
----------

************************************************************
17:32:41: Scanning ----- BROWSER HELPER OBJECTS -----
Key: {DBC80044-A445-435b-BC74-9C25C1C588A9}
BHO: C:\Program Files\Java\jre7\bin\jp2ssv.dll
C:\Program Files\Java\jre7\bin\jp2ssv.dll
59272 bytes
Created: 13/01/2012 16:23
Modified: 13/01/2012 16:23
Company: Oracle Corporation
----------

************************************************************
17:32:41: Scanning ----- SHELLSERVICEOBJECTS -----

************************************************************
17:32:41: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----

************************************************************
17:32:41: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

************************************************************
17:32:41: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank or does not exist

************************************************************
17:32:41: Scanning ----- SECURITY PROVIDER DLLS -----

************************************************************
17:32:42: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage\desktop.ini
-HS- 84 bytes
Created: 13/06/2009 02:28
Modified: 13/06/2009 00:38
Company: [no info]
--------------------
WiziWYG XP Startup.lnk - links to C:\PROGRA~1\PRAXIS~1\WIZIWY~1\WIZIWY~1.EXE
C:\PROGRA~1\PRAXIS~1\WIZIWY~1\WIZIWY~1.EXE
6029369 bytes
Created: 11/02/2012 21:37
Modified: 20/02/2002 18:33
Company: Praxisoft LLC
--------------------

************************************************************
No User Startup Groups were located to check

************************************************************
17:32:45: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
C:\Program Files\Apple Software Update\SoftwareUpdate.exe
566592 bytes
Created: 30/07/2008 11:34
Modified: 30/07/2008 11:34
Company: Apple Inc.
Parameters: -task
Schedule: à 09:27 tous les jeu. de chaque semaine, début : 13/06/2009
Next Run Time: 22/03/2012 09:27:00
Status: Ready
Creator: SYSTEM
Comments:
----------
Taskname: Scheduled Update for Ask Toolbar
File: C:\Program Files\Ask.com\UpdateTask.exe
Schedule: Chaque 1 heure(s) à partir de 01:01 pendant 24 heure(s) tous les jours, début : 01/01/2008
Next Run Time: 18/03/2012 18:01:00
Status: Has not run
Creator: jo
Comments:
C:\Program Files\Ask.com\UpdateTask.exe - [file not found to scan]
----------

************************************************************
17:32:46: Scanning ----- SHELLICONOVERLAYIDENTIFIERS -----

************************************************************
17:32:46: Scanning ----- DEVICE DRIVER ENTRIES -----
Value: vidc.tscc
File: tsccvid.dll
C:\WINDOWS\system32\tsccvid.dll
107864 bytes
Created: 23/12/2009 13:38
Modified: 19/08/2009 05:18
Company: TechSmith Corporation
----------

************************************************************
17:32:48: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
----------
Windows Explorer Policies checks completed
----------
Desktop Wallpaper: C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
6220854 bytes
Created: 15/06/2009 17:26
Modified: 11/02/2012 13:44
Company: [no info]
----------
Web Desktop Wallpaper: %USERPROFILE%\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
C:\Documents and Settings\jo\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
6220854 bytes
Created: 15/06/2009 17:26
Modified: 11/02/2012 13:44
Company: [no info]
----------
Checks for rogue DNS NameServers completed
----------
Additional checks completed

************************************************************
17:32:53: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
50688 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\csrss.exe
6144 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\winlogon.exe
512000 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\services.exe
109056 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\lsass.exe
13312 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\svchost.exe
14336 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\spoolsv.exe
57856 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\RunDLL32.exe
33792 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
839680 bytes
Created: 05/10/2004 12:37
Modified: 05/10/2004 12:37
Company: GIANT Company Software inc.
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
924632 bytes
Created: 13/06/2009 05:23
Modified: 18/02/2012 02:30
Company: Mozilla Corporation
--------------------
C:\WINDOWS\system32\nvsvc32.exe
298304 bytes
Created: 16/10/2010 12:05
Modified: 08/10/2011 05:50
Company: NVIDIA Corporation
--------------------
C:\WINDOWS\system32\WTablet\Wacom_TabletUser.exe
2046320 bytes
Created: 19/07/2010 22:11
Modified: 08/03/2010 14:47
Company: Wacom Technology, Corp.
--------------------
C:\WINDOWS\System32\alg.exe
44544 bytes
Created: 13/04/2008 18:33
Modified: 13/04/2008 18:33
Company: Microsoft Corporation
--------------------
C:\WINDOWS\system32\wscntfy.exe
13824 bytes
Created: 13/04/2008 18:34
Modified: 13/04/2008 18:34
Company: Microsoft Corporation
--------------------
C:\Program Files\AIMP2\AIMP2.exe
488448 bytes
Created: 15/03/2008 17:51
Modified: 15/03/2008 17:51
Company: AIMP DevTeam
--------------------
C:\Program Files\Mozilla Firefox\plugin-container.exe
16856 bytes
Created: 29/06/2010 17:51
Modified: 18/02/2012 02:30
Company: Mozilla Corporation
--------------------
C:\Documents and Settings\jo\Application Data\Simply Super Software\Trojan Remover\vnc2E2.exe
FileSize: 4746488
[This is a Trojan Remover component]
--------------------
--------------------

************************************************************
17:33:01: Checking HOSTS file
No malicious entries were found in the HOSTS file

************************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKLM\Software\Microsoft\Internet Explorer\Main\"Start Page":
Vous devez être connecté pour voir les liens.
[...] ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKLM\Software\Microsoft\Internet Explorer\Main\"Search Page":
Vous devez être connecté pour voir les liens.
[...] r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
Vous devez être connecté pour voir les liens.
[...] ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
Vous devez être connecté pour voir les liens.
[...] r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
Vous devez être connecté pour voir les liens.
[...] chcust.htm
HKLM\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
Vous devez être connecté pour voir les liens.
[...] chasst.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Start Page":
Vous devez être connecté pour voir les liens.
[...] ar=msnhome
HKCU\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\system32\blank.htm
HKCU\Software\Microsoft\Internet Explorer\Main\"Search Page":
Vous devez être connecté pour voir les liens.
[...] r=iesearch

************************************************************
=== ONE OR MORE FILES WERE RENAMED OR REMOVED ===
Scan completed at: 17:33:01 18 mars 2012
Total Scan time: 00:01:22
-------------------------------------------------------------------------
Trojan Remover needs to restart the system to complete operations
18/03/2012 17:33:08: restart commenced
************************************************************


merci d'avoir lu jusqu'ici !
 
G

Guest

Invité
Maintenant que tu me dis ça je ne suis pas certain d'avoir fait un scan complet avec nod32.

La dernière fois ça prenait trop de temps et j'ai j'ai stopé le scan en cours et il avait deja trouvé

pas mal de choses louches...que j'ai supprimé.

mais je me suis dit qu'il ne serait pas capable de gérer ce trojan vu qu'il m'à annoncé "unable to clean".

Donc ouaip je vais lancer un scan complet si tu penses que ça sera suffisant.

ça risque d'etre long. J'repasse dès que j'ai pu le faire. Ca sera donc probablement pour demain.

Depuis que j'ai ce trojan y a plein de trucs qui déconnent.

merci Job31


 
G

Guest

Invité
hello Job31,

je suis désolé de réapparaitre seulement maintenant mais j'étais absent jusqu'à maintenant (de samedi à jusqu'à ce soir).
J'ai lancé un scan en partant samedi et en rentrant à l'instant j'ai donc pu constater que nod32 a trouvé 6 " threats" et 15 infiltrations.
Il n'à pas pu cleaner automatiquement ces 6 menaces alors il m'a proposé de les "delete", ce que j'ai fait sauf pour 1 d'entre elles pour laquelle il me propsait aussi "clean", ce que j'ai choisi.

Il semble donc que tout soit rentré dans l'ordre mais j'aimerai en etre certain.
Comment vérifier que le ou les trojans aient bien disparus?
En effet il semble que Theola est un trojan qui vole les mots de passes, ce qui m'inquiète, je n'ose donc plus me connecter à aucun compte de chez moi.

voici le nom des threats que nod32 à trouvé puis "delete":

-java/Agent.EI trojan
-Win32/Riskware.HackAV.AU application
-multiple threats (dans bdl3981.exe)
-java/Agent.EE trojan
-a variant of Win32/Packed.CrackPack.A potentially unwanted application (que j'ai mis en "clean" puisque j'utilise cette application qui est un petit logiciel graphique)
-multiple threats (dans MINODlogin.jar que je m'apprete à désinstaller et à supprimer)


 
G

Guest

Invité
oups il semble que j'ai parlé trop vite.
naviguer sur le net demeure une épreuve de patience. Ca rame vraiment trop, comme si il se passait un truc qui demande beaucoup de ressources.
Et je ne suis pas parvenu à désinstaller MINODlogin.
s.o.s maintenu.
 
yermat

yermat

Grand Maître
Salut,

Et colle ici un rapport hijackthis
Vous devez être connecté pour voir les liens.


Mais avant tu peux aussi tenter un scan en ligne : http://housecall.trendmicro.com/fr/

Le mieux pour moi quand tu lances un scan antivirus c'est de le faire en mode sans échec ou sans echec avec prise en charge du réseau
C'est un peu polémique comme truc mais perso je préfère
 
G

Guest

Invité
Salut Job31, Yermat et les autres!

Merci beaucoup pour votre aide.

alors voilà les news.

J'ai enfin pu passer un coup de malewarebyte.

Il a trouvé 4 programmes malveillants qu'il à pu supprimer. Voici son rapport:


Malwarebytes Anti-Malware (Essai) 1.60.1.1000
www.malwarebytes.org

Version de la base de données: v2012.03.29.07

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 6.0.2900.5512
jo :: JO-82D02D7D8D2B [administrateur]

Protection: Activé

30/03/2012 08:53:05
mbam-log-2012-03-30 (08-53-05).txt

Type d'examen: Examen complet
Options d'examen activées: Mémoire | Démarrage | Registre | Système de fichiers | Heuristique/Extra | Heuristique/Shuriken | PUP | PUM
Options d'examen désactivées: P2P
Elément(s) analysé(s): 331541
Temps écoulé: 3 heure(s), 57 minute(s), 47 seconde(s)

Processus mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Module(s) mémoire détecté(s): 0
(Aucun élément nuisible détecté)

Clé(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Valeur(s) du Registre détectée(s): 0
(Aucun élément nuisible détecté)

Elément(s) de données du Registre détecté(s): 1
HKLM\SOFTWARE\Microsoft\Security Center|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Mauvais: (1) Bon: (0) -> Mis en quarantaine et réparé avec succès

Dossier(s) détecté(s): 0
(Aucun élément nuisible détecté)

Fichier(s) détecté(s): 3
C:\Documents and Settings\jo\Mes documents\Téléchargements\mspass\mspass.exe (PUP.PSW.MessenPass) -> Mis en quarantaine et supprimé avec succès.
C:\Program Files\CELSYS_Illuststudio\Patch_REG.exe (PUP.Riskware.Tool.CK) -> Mis en quarantaine et supprimé avec succès.
C:\System Volume Information\_restore{000ADFA8-4299-4FEE-B170-3F71490ECFCC}\RP652\A0101817.exe (Riskware.KG) -> Mis en quarantaine et supprimé avec succès.

(fin)


En dehors de ça, nod32 à également signalé ceci:

threat: a variant of Win32/Packed.CrackPack.A potentially unwanted application.

Comment: Event occured on a file modified by the application: C:\WINDOWS\system32\svchost.exe. Please submit this object to ESET for analysis.

j'ai cliqué sur clean et il ne m'a rien confirmé donc je ne sais pas si il a pu s'en charger.

Je m'en vais télécharger hijackthis mais mes disques durs étant pleins, le scan risque d'etre assez long donc au pire je repasse demain avec le rapport.

Jusque là, mon pc continuait de mal fonctionner ( windows est parfois très lent, ainsi que son démarrage, lorsque je l'éteins ou quand je surf sur le web. Et il y aussi le pilote de ma tablette graphique qu'il faut constamment réinstaller).
Mais je ne sais pas encore ce que ça donne maintenant que ces menaces ont étés suppriméés (il y a 5 minutes).

bonne soirée à vous (si je ne repasse pas ce soir).

 
G

Guest

Invité
me revoilà déjà! J'ignorai qu'un scan de hijackthis prenait 15 secondes.
voilà donc le rapport:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:44:35, on 30/03/2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe
C:\WINDOWS\system32\RunDLL32.exe
C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasDtServ.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Steinberg\WaveLab\WaveLab-app.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\Trend Micro\HijackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [gcasServ] "C:\Program Files\GIANT Company Software\GIANT AntiSpyware\gcasServ.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RunDLL32.exe NvMCTray.dll,NvTaskbarInit -login
O4 - HKLM\..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nview\nwiz.exe /installquiet
O4 - HKLM\..\Run: [SmcService] C:\PROGRA~1\Sygate\SPF\smc.exe -startgui
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe /boot
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [EPSON Stylus DX7400 Series (Copie 1)] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICDE.EXE /FU "C:\DOCUME~1\jo\LOCALS~1\Temp\E_SB20.tmp" /EF "HKCU"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-21-1409082233-507921405-682003330-1004\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'UpdatusUser')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: WiziWYG XP Startup.lnk = C:\Program Files\Praxisoft\WiziWYG XP\WiziWYGXP.exe
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Broken Internet access because of LSP provider 'c:\program files\bonjour\mdnsnsp.dll' missing
O22 - SharedTaskScheduler: Pré-chargeur Browseui - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Démon de cache des catégories de composant - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: ESET SHA Service (ESHASRV) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EShaSrv.exe
O23 - Service: Journal des événements (Eventlog) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: Plug-and-Play (PlugPlay) - Unknown owner - C:\WINDOWS\system32\services.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe
O23 - Service: Carte à puce (SCardSvr) - Unknown owner - C:\WINDOWS\System32\SCardSvr.exe
O23 - Service: Sygate Personal Firewall Pro (SmcService) - Sygate Technologies, Inc. - C:\Program Files\Sygate\SPF\smc.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
O23 - Service: Wacom Professional Touch Service (TouchServiceWacom) - Unknown owner - C:\Program Files\Tablet\Wacom\Wacom_TouchService.exe (file missing)
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe

--
End of file - 6779 bytes
 
thor37230

thor37230

Grand Maître
ça à l'air bon.
Pour les lenteur, combien d'espace libre de reste t-il sur ta partition système?
Pour accélérer le démarrage, désactive certain programmes qui se lancent au démarrage (Démarrer->Exécuter->taper msconfig->dans l'onglet msconfig faire la liste de tous les programmes cochés)
 
G

Guest

Invité
Thor37230,

merci beaucoup de te joindre à nous.

il me reste que 2 gigas sur 227. Je sais bien que c'est très peu mais d'habitude ça tourne quand meme et là il se passait vraiment des choses anormales.

Lorsque je vais dans l'utilitaire de configuration système, comme tu me l'as indiqué, je ne trouve pas d'onglet msconfig mais il y a bien un onglet concernant les programmes au démarrage.

Parcontre, que veux tu dire par " faire la liste de tous les programmes cochés" ?

Tu veux dire que tu veux que je la poste ici?
 
thor37230

thor37230

Grand Maître
oui, exact, erreur de ma part c'est bien l'onglet Démarrage.
oui, donne nous tous les programmes cochés (ou faire une capture d'écran)

il me reste que 2 gigas sur 227. Je sais bien que c'est très peu mais d'habitude ça tourne quand meme et là il se passait vraiment des choses anormales.
Cliquez pour agrandir...
C'est normal que ce soit lent, faut au moins 10% d'espace libre pour que le système soit efficace, tu devrais faire le ménage des programmes/jeux que tu n'utilise plus (ou très peu), tu stock aucun fichier (film, photos, zik) sur cette partition?
 
G

Guest

Invité
Je ferai bien une capture d'écran mais je ne sais pas comment la poster ici.
Pour les 10%, je sais mais d'habitude ça fonctionne quand meme bien mieux.
Non, il y a beaucoup de fichiers de travail sur cet ordi.
 
Vous devez vous inscrire ou vous connecter pour répondre ici.
Dernières actus
Derniers messages publiés
Statistiques globales
Discussions
730 128
Messages
6 717 845
Membres
1 586 373
Dernier membre
https://forum.tomshardwar
Partager cette page
Haut