Trojan dropper win 32 paradrop.a

jean -  
koreanboy Messages postés 27 Date d'inscription   Statut Membre -
salut j'ai un trojan dropper win 32 paradrop.a dans le fichier c:windows/système32/atiptaxx.exe et dans c:windows/système32/reinstallbackup/drivers/0000/atiptaxx.exe
le prob est que sur mon bureau quand je clique sur une icone il se met sur renomé et quand je descend la barre de taches il remonte aussitôt certains programmes ne répondes plus j'ai tout essayé !!!!!mais rien a faire seul a2 free me détecte le trojan mais ne sais pas le supprimer a chaque fois que je reformate il est tjrs la je suis désespérer pourriz vous m'aider s'il vous plait si c'est possible car beaucoup me dise que je dois jeter mon pc (portable sony vaio quel merde lol)
Configuration: Windows XP
Internet Explorer 6.0

18 réponses

Résumé de la discussion

Plusieurs éléments décrivent une infection par Trojan-Dropper.Win32.Paradrop.a localisée dans C:\WINDOWS\system32\atiptaxx.exe et dans C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\atiptaxx.exe, entraînant des icônes qui se renomment automatiquement et des programmes qui ne répondent plus. Plusieurs solutions incluent des scans avec Panda, AVG, VirusTotal et l’outil BlackLight de F-Secure pour identifier les fichiers malveillants et vérifier les détections, puis tenter de supprimer les processus en mode sans échec. Des conseils complémentaires évoquent la mise à jour du système, l’installation d’un pare-feu, et l’examen des fichiers dans les dossiers ReinstallBackups pour confirmer la présence et prévenir les réinfections. En parallèle, certains suggèrent d’éviter les faux positifs des outils et d’utiliser VirusTotal pour analyser les fichiers atiptaxx.exe, tandis que plusieurs répondants encouragent à ne pas reformater sans vérification complète.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    Bonjour

    as tu essayé AVG antispyware ? un scan antivirus en ligne ?
    0
    1. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      bonjour oui j'ai deja essayé il ne trouve rien j'ai a2 free lui il le trouve mais il ne le supprimme pas
      0
  2. koreanboy Messages postés 27 Date d'inscription   Statut Membre
     
    oui
    0
  3. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re

    * Télécharge HijackThis et poste le rapport stp

    http://pchelpbordeaux.free.fr/logiciels.html
    Tutorial
    http://pchelpbordeaux.free.fr/tuto.html
    Démo en image
    http://pageperso.aol.fr/balltrap34/demohijack.htm
    0
    1. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      ok
      Scan saved at 15:43:04, on 6/01/2007
      Platform: Windows XP (WinNT 5.01.2600)
      MSIE: Internet Explorer v6.00 (6.00.2600.0000)

      Running processes:
      C:\WINDOWS\System32\smss.exe
      C:\WINDOWS\system32\winlogon.exe
      C:\WINDOWS\system32\services.exe
      C:\WINDOWS\system32\lsass.exe
      C:\WINDOWS\system32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\system32\spoolsv.exe
      C:\WINDOWS\Explorer.EXE
      C:\WINDOWS\System32\atiptaxx.exe
      C:\WINDOWS\System32\ICO.EXE
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      C:\Program Files\Sony\HotKey Utility\HKserv.exe
      C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
      C:\WINDOWS\System32\ezSP_Px.exe
      C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
      C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
      C:\Program Files\MSN Messenger\MsnMsgr.Exe
      C:\Program Files\PowerPanel\Program\PcfMgr.exe
      C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
      C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
      C:\WINDOWS\System32\Ati2evxx.exe
      C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      C:\WINDOWS\System32\svchost.exe
      C:\WINDOWS\System32\svchost.exe
      C:\Program Files\Internet Explorer\iexplore.exe
      C:\Program Files\hijackthis\HijackThis.exe

      R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/
      R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
      R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
      O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
      O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
      O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
      O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
      O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
      O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
      O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
      O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
      O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
      O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
      O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
      O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
      O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
      O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
      O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
      O4 - Global Startup: PowerPanel.lnk = ?
      O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
      O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
      O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
      O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
      O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
      O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
      O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
      O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

      0
  4. koreanboy Messages postés 27 Date d'inscription   Statut Membre
     
    voila
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    ok, rien d'anormal dans le rapport

    poste le rapport de A2

    tu n'as pas conservé le rapport de scan d'avg ?
    0
    1. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      non mais je te le fait tout de suite
      0
    2. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      Réglages Scan:

      Objets: Mémoire, Traces, Cookies, C:\, D:\
      Scan archives: Marche
      Heuristiques: Marche
      Scan ADS: Marche

      Début du scan: 6/01/2007 16:01:01

      C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@247realmedia[2].txt Détecter: Trace.TrackingCookie
      C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@atdmt[2].txt Détecter: Trace.TrackingCookie
      C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@bluestreak[1].txt Détecter: Trace.TrackingCookie
      C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@doubleclick[2].txt Détecter: Trace.TrackingCookie
      C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@metriweb[1].txt Détecter: Trace.TrackingCookie
      C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@weborama[2].txt Détecter: Trace.TrackingCookie
      C:\Program Files\SDFix.exe/Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20
      C:\SDFix\apps\Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20
      C:\WINDOWS\system32\atiptaxx.exe Détecter: Trojan-Dropper.Win32.Paradrop.a
      C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\atiptaxx.exe Détecter: Trojan-Dropper.Win32.Paradrop.a

      Scanné

      Fichiers: 48613
      Traces: 93084
      Cookies: 29
      Processus: 31

      Trouver

      Fichiers: 4
      Traces: 0
      Cookies: 6
      Processus: 0
      Clés de Registre: 0

      Fin du Scan: 6/01/2007 16:24:58
      Temps du Scan: 0:23:57
      0
    3. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      voila le rapport a2
      0
    4. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      je te fais le rapport AVG
      0
  7. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re

    ce qui m'étonne quand même c'est qu'il n'y aurait que A2 pour te trouver ce trojan. Quelquefois A2 a des faux positifs aussi, il faut se méfier.

    Rend toi sur VIRUS TOTAL
    pour le faire analyser
    C:\WINDOWS\system32\atiptaxx.exe

    poste le rapport ensuite

    0
    1. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      ok
      0
    2. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      désolé sur virustotal je choisi le fichier et puis je doit faire quoi? lol
      0
  8. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    * Colle dans la case à gauche de "parcourir" :

    * clique ensuite sur "send". Il faut patienter car tu es sur une file d'attente.
    Le rapport ne sera complet que lorsque tu verras la mention "FINISHED"sur la droite.

    0
    1. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      ok merçi
      0
    2. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      voila les rapport sont la
      0
  9. koreanboy Messages postés 27 Date d'inscription   Statut Membre
     
    VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.

    Select file : DistributeSSL

    Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:
    News Hot news in the virus/antivirus sector.
    Estadisticas Statistics of VirusTotal procesing.
    Virustotal More info about Virustotal.

    STATUS: FINISHEDComplete scanning result of "atiptaxx.exe", received in VirusTotal at 01.06.2007, 16:50:25 (CET).

    Antivirus Version Update Result
    AntiVir 7.3.0.21 01.05.2007 no virus found
    Authentium 4.93.8 12.30.2006 no virus found
    Avast 4.7.892.0 12.30.2006 no virus found
    AVG 386 01.05.2007 no virus found
    BitDefender 7.2 01.06.2007 no virus found
    CAT-QuickHeal 9.00 01.05.2007 no virus found
    ClamAV devel-20060426 01.06.2007 no virus found
    DrWeb 4.33 01.06.2007 no virus found
    eSafe 7.0.14.0 01.05.2007 no virus found
    eTrust-InoculateIT 23.73.107 01.06.2007 no virus found
    eTrust-Vet 30.3.3307 01.06.2007 no virus found
    Ewido 4.0 01.06.2007 no virus found
    Fortinet 2.82.0.0 01.06.2007 no virus found
    F-Prot 3.16f 01.05.2007 no virus found
    F-Prot4 4.2.1.29 01.05.2007 no virus found
    Ikarus T3.1.0.27 01.06.2007 no virus found
    Kaspersky 4.0.2.24 01.06.2007 no virus found
    McAfee 4933 01.05.2007 no virus found
    Microsoft 1.1904 01.06.2007 no virus found
    NOD32v2 1959 01.05.2007 no virus found
    Norman 5.80.02 12.31.2007 no virus found
    Panda 9.0.0.4 01.06.2007 no virus found
    Prevx1 V2 01.06.2007 no virus found
    Sophos 4.13.0 01.05.2007 no virus found
    Sunbelt 2.2.907.0 01.05.2007 no virus found
    TheHacker 6.0.3.143 01.05.2007 no virus found
    UNA 1.83 01.06.2007 no virus found
    VBA32 3.11.1 01.06.2007 no virus found
    VirusBuster 4.3.19:9 01.06.2007 no virus found

    Aditional Information
    File size: 286720 bytes
    MD5: 5e258ab8bf33698a7d2a60fcffd96943
    SHA1: 18b11b99ce2d556db870810f6bd9ffb0c3a0f3cc

    VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
    > Go to: Home Contactar En Español
    --------------------------------------------------------------------------------
    www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com
    0
  10. koreanboy Messages postés 27 Date d'inscription   Statut Membre
     
    voila il n'y a rien bizarre non?
    0
  11. koreanboy Messages postés 27 Date d'inscription   Statut Membre
     
    AVG Anti-Spyware - Rapport d'analyse
    ---------------------------------------------------------

    + Créé à: 16:57:15 6/01/2007

    + Résultat de l'analyse:

    C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@247realmedia[2].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
    C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
    C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
    C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@doubleclick[2].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
    C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
    C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.

    Fin du rapport

    voila le rapport AVG
    0
  12. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    non tout est ok, pour moi ce doit être un faux positif d'A2
    ce n'est pas la première fois.
    0
    1. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      tu penses que c'est quoi lol?
      0
    2. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      tu crois que c'est mon pc qui a un prob
      0
  13. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    je ne sais pas trop de quoi provient ce problème

    mais

    * fait un scan antivirus chez PANDA
    https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm
    et poste le rapport ici ensuite
    0
    1. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      ok
      Incident Statut Analyse

      Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@247realmedia[2].txt
      Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@atdmt[2].txt
      Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@bluestreak[1].txt
      Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@doubleclick[2].txt
      Spyware:Cookie/MetriWeb No Désinfecté C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@metriweb[1].txt
      Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@weborama[2].txt
      Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@xiti[1].txt
      Outil indésirable:Application/Processor No Désinfecté C:\Program Files\SDFix.exe[SDFix\apps\Process.exe]
      Outil indésirable:Application/Processor No Désinfecté C:\SDFix\apps\P
      0
    2. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      voila le rapport de PANDA
      0
    3. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      le rapport est fait
      0
  14. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    re

    RAS dans le rapport de Panda, je ne vois pas de trace d'infection.
    0
    1. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      merçi pour ton aide tu pense que je dois faire quoi?
      0
  15. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    absolument aucune idée, je vais voir si je trouve quelqu'un d'autre pour donner son avis.
    0
  16. Utilisateur anonyme
     
    Salut vous deux

    Il serait juduciable de mettre à jour ton PC car c'est très loin d'être le cas.
    D'ajouter un pare-feu à ta configuration, ça ne sera pas un mal.

    As-tu essayé de supprimer ce processus à ces deux endroits en mode sans echec et de mettre à jour ta carte graphique ?

    C:\WINDOWS\system32\atiptaxx.exe Détecter: Trojan-Dropper.Win32.Paradrop.a
    C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\atiptaxx.exe Détecter: Trojan-Dropper.Win32.Paradrop.a

    0
  17. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    hello boulepatte62

    merci de venir nous aider. Je n'ai pas oser lui faire supprimer.
    apparemment n'ont pas l'air bien méchant, et je me méfie tout le temps de A2
    0
    1. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      re bonjour désolé je viens de voir vos messages aujourd hui merçi de vos conseil mes j'avais dejafait les mises a jour de windows mais ça n'a rien changé, et question de supprimmer les 2 fichiers je l'ai fait aussi.ici j'ai un autre prog (trojan remover) je vous envoi le rapport et vous pouviez me dire çe vous en penser merçi a vous c'est super
      [Unregistered version]
      Scan started at: 7/01/2007 13:56:59
      Using Database v6699
      Operating System: Windows XP Home Edition (Build 2600)
      Using data directory: C:\Documents and Settings\Pilou et son Boulet\Application Data\Simply Super Software\Trojan Remover\
      Logfile directory: C:\Documents and Settings\Pilou et son Boulet\Mes documents\Simply Super Software\Trojan Remover Logfiles\
      Running with Administrator privileges


      **************************************************
      Checking Registry exefile command for modifications
      Checking Registry comfile command for modifications
      Checking Registry piffile command for modifications
      Checking Registry batfile command for modifications
      Checking Registry regfile command for modifications
      Checking Registry cmdfile command for modifications
      Checking Registry scrfile command for modifications

      ******************************
      13:56:59: Scanning ----------WIN.INI-----------
      WIN.INI found in C:\WINDOWS

      ******************************
      13:56:59: Scanning --------SYSTEM.INI---------
      SYSTEM.INI found in C:\WINDOWS

      ******************************
      13:56:59: ----- SCANNING FOR ROOTKIT SERVICES -----
      No hidden Services were detected.

      ******************************
      13:57:00: Scanning -----WINDOWS REGISTRY-----
      Checking HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Vxd
      --------------------
      Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
      This key's "Shell" value calls the following program(s):
      Explorer.exe - this entry has been left in place
      --------------------
      This key's "Userinit" value calls the following program(s):
      C:\WINDOWS\system32\userinit.exe - this entry has been left in place
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      --------------------
      Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      Value Name = load
      The Data Value for this entry appears to be blank
      --------------------
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      This Registry Key attempts to run the following program(s):
      Value Name = ATIModeChange
      Value Data = Ati2mdxx.exe - this command has been left in place
      --------------------
      Value Name = AtiPTA
      Value Data = atiptaxx.exe - this command has been left in place
      --------------------
      Value Name = Mouse Suite 98 Daemon
      Value Data = ICO.EXE - this command has been left in place
      --------------------
      Value Name = SynTPLpr
      Value Data = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - this command has been left in place
      --------------------
      Value Name = SynTPEnh
      Value Data = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - this command has been left in place
      --------------------
      Value Name = HKSERV.EXE
      Value Data = C:\Program Files\Sony\HotKey Utility\HKserv.exe - this command has been left in place
      --------------------
      Value Name = JOGSERV2.EXE
      Value Data = C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe - this command has been left in place
      --------------------
      Value Name = ezShieldProtector for Px
      Value Data = C:\WINDOWS\System32\ezSP_Px.exe - this command has been left in place
      --------------------
      Value Name = avgnt
      Value Data = C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min - this command has been left in place
      --------------------
      Value Name = TrojanScanner
      Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
      --------------------
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      This Registry Key appears to be empty
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
      This Registry Key appears to be empty
      --------------------
      Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
      This Registry Key attempts to run the following program(s):
      Value Name = MsnMsgr
      Value Data = C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background - this command has been left in place
      --------------------
      --------------------
      Checking for an active ScreenSaver:
      ScreenSaver=C:\WINDOWS\System32\logon.scr - this command has been left in place
      --------------------

      ******************************
      13:57:00: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
      Checking the StubPath calls in the Active Setup\Installed Components registry keys:
      Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
      StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
      ----------
      Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
      StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
      ----------
      Key={7790769C-0471-11d2-AF11-00C04FA35D02}
      StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
      ----------
      Key={89820200-ECBD-11cf-8B85-00AA005B4340}
      StubPath=regsvr32.exe - this reference has been left in place
      ----------
      Key={89820200-ECBD-11cf-8B85-00AA005B4383}
      StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
      ----------

      ******************************
      13:57:01: Scanning ----- NT/XP SERVICEDLL REGISTRY KEYS -----
      Checking DLL files called from the NT/XP CurrentControlSet\Services Keys:
      --------------------
      Key=Alerter
      ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
      --------------------
      Key=AppMgmt
      ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this file is globally excluded (file cannot be found)
      --------------------
      Key=AudioSrv
      ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
      --------------------
      Key=BITS
      ServiceDLL=C:\WINDOWS\System32\qmgr.dll - this reference has been left in place
      --------------------
      Key=Browser
      ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
      --------------------
      Key=CryptSvc
      ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
      --------------------
      Key=Dhcp
      ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
      --------------------
      Key=dmserver
      ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
      --------------------
      Key=Dnscache
      ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
      --------------------
      Key=ERSvc
      ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
      --------------------
      Key=EventSystem
      ServiceDLL=C:\WINDOWS\System32\es.dll - this reference has been left in place
      --------------------
      Key=FastUserSwitchingCompatibility
      ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
      --------------------
      Key=helpsvc
      ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
      --------------------
      Key=HidServ
      ServiceDLL=%SystemRoot%\System32\hidserv.dll - this reference has been left in place
      --------------------
      Key=lanmanserver
      ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
      --------------------
      Key=lanmanworkstation
      ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
      --------------------
      Key=LmHosts
      ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
      --------------------
      Key=Messenger
      ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
      --------------------
      Key=Netman
      ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
      --------------------
      Key=Nla
      ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
      --------------------
      Key=NtmsSvc
      ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
      --------------------
      Key=RasAuto
      ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
      --------------------
      Key=RasMan
      ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
      --------------------
      Key=RemoteAccess
      ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
      --------------------
      Key=RpcSs
      ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
      --------------------
      Key=Schedule
      ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
      --------------------
      Key=seclogon
      ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
      --------------------
      Key=SENS
      ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
      --------------------
      Key=SharedAccess
      ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
      --------------------
      Key=ShellHWDetection
      ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
      --------------------
      Key=srservice
      ServiceDLL=C:\WINDOWS\System32\srsvc.dll - this reference has been left in place
      --------------------
      Key=SSDPSRV
      ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
      --------------------
      Key=stisvc
      ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
      --------------------
      Key=TapiSrv
      ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
      --------------------
      Key=TermService
      ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
      --------------------
      Key=Themes
      ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
      --------------------
      Key=TrkWks
      ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
      --------------------
      Key=uploadmgr
      ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
      --------------------
      Key=upnphost
      ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
      --------------------
      Key=usnsvc
      ServiceDLL=C:\Program Files\MSN Messenger\usnsvc.dll - this reference has been left in place
      --------------------
      Key=W32Time
      ServiceDLL=C:\WINDOWS\System32\w32time.dll - this reference has been left in place
      --------------------
      Key=WebClient
      ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
      --------------------
      Key=winmgmt
      ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
      --------------------
      Key=WmdmPmSp
      ServiceDLL=C:\WINDOWS\System32\mspmspsv.dll - this reference has been left in place
      --------------------
      Key=wuauserv
      ServiceDLL=C:\WINDOWS\System32\wuauserv.dll - this reference has been left in place
      --------------------
      Key=WZCSVC
      ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place

      ******************************
      13:57:04: Scanning ----- NT/XP SERVICES REGISTRY KEYS -----
      Checking files called from the NT/XP CurrentControlSet\Services Keys:
      Key=ACPI
      ImagePath=System32\DRIVERS\ACPI.sys - this reference has been left in place
      ----------
      Key=ACPIEC
      ImagePath=System32\DRIVERS\ACPIEC.sys - this reference has been left in place
      ----------
      Key=aec
      ImagePath=system32\drivers\aec.sys - this reference has been left in place
      ----------
      Key=AFD
      ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
      ----------
      Key=agp440
      ImagePath=System32\DRIVERS\agp440.sys - this reference has been left in place
      ----------
      Key=ALG
      ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
      ----------
      Key=AntiVirScheduler
      ImagePath=C:\Program Files\AntiVir PersonalEdition Classic\sched.exe - this reference has been left in place
      ----------
      Key=AntiVirService
      ImagePath=C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe - this reference has been left in place
      ----------
      Key=Arp1394
      ImagePath=System32\DRIVERS\arp1394.sys - this reference has been left in place
      ----------
      Key=AsyncMac
      ImagePath=System32\DRIVERS\asyncmac.sys - this reference has been left in place
      ----------
      Key=atapi
      ImagePath=System32\DRIVERS\atapi.sys - this reference has been left in place
      ----------
      Key=Ati HotKey Poller
      ImagePath=%SystemRoot%\System32\Ati2evxx.exe - this reference has been left in place
      ----------
      Key=ati2mtag
      ImagePath=System32\DRIVERS\ati2mtag.sys - this reference has been left in place
      ----------
      Key=ATICDSDr
      ImagePath=\??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ATICDSDr.sys - this reference has been left in place [file not found to scan]
      ----------
      Key=Atmarpc
      ImagePath=System32\DRIVERS\atmarpc.sys - this reference has been left in place
      ----------
      Key=audstub
      ImagePath=System32\DRIVERS\audstub.sys - this reference has been left in place
      ----------
      Key=avgntdd
      ImagePath=SYSTEM32\DRIVERS\avgntdd.sys - this reference has been left in place
      ----------
      Key=avgntmgr
      ImagePath=SYSTEM32\drivers\avgntmgr.sys - this reference has been left in place
      ----------
      Key=CCDECODE
      ImagePath=System32\DRIVERS\CCDECODE.sys - this reference has been left in place
      ----------
      Key=Cdrom
      ImagePath=System32\DRIVERS\cdrom.sys - this reference has been left in place
      ----------
      Key=cisvc
      ImagePath=C:\WINDOWS\System32\cisvc.exe - this reference has been left in place
      ----------
      Key=ClipSrv
      ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
      ----------
      Key=CmBatt
      ImagePath=System32\DRIVERS\CmBatt.sys - this reference has been left in place
      ----------
      Key=Compbatt
      ImagePath=System32\DRIVERS\compbatt.sys - this reference has been left in place
      ----------
      Key=COMSysApp
      ImagePath=C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
      ----------
      Key=Disk
      ImagePath=System32\DRIVERS\disk.sys - this reference has been left in place
      ----------
      Key=dmadmin
      ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
      ----------
      Key=dmboot
      ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
      ----------
      Key=DMICall
      ImagePath=System32\DRIVERS\DMICall.sys - this reference has been left in place
      ----------
      Key=dmio
      ImagePath=System32\drivers\dmio.sys - this reference has been left in place
      ----------
      Key=dmload
      ImagePath=System32\drivers\dmload.sys - this reference has been left in place
      ----------
      Key=DMusic
      ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
      ----------
      Key=drmkaud
      ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
      ----------
      Key=E100B
      ImagePath=System32\DRIVERS\e100b325.sys - this reference has been left in place
      ----------
      Key=Eventlog
      ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
      ----------
      Key=FilterService
      ImagePath=System32\Drivers\nusbd.sys - this reference has been left in place
      ----------
      Key=Ftdisk
      ImagePath=System32\DRIVERS\ftdisk.sys - this reference has been left in place
      ----------
      Key=Gpc
      ImagePath=System32\DRIVERS\msgpc.sys - this reference has been left in place
      ----------
      Key=HidUsb
      ImagePath=System32\DRIVERS\hidusb.sys - this reference has been left in place
      ----------
      Key=HSFHWICH
      ImagePath=System32\DRIVERS\HSFHWICH.sys - this reference has been left in place
      ----------
      Key=HSF_DP
      ImagePath=System32\DRIVERS\HSF_DP.sys - this reference has been left in place
      ----------
      Key=i8042prt
      ImagePath=System32\DRIVERS\i8042prt.sys - this reference has been left in place
      ----------
      Key=ImapiService
      ImagePath=C:\WINDOWS\System32\imapi.exe - this reference has been left in place
      ----------
      Key=IntelIde
      ImagePath=System32\DRIVERS\intelide.sys - this reference has been left in place
      ----------
      Key=IpFilterDriver
      ImagePath=System32\DRIVERS\ipfltdrv.sys - this reference has been left in place
      ----------
      Key=IpInIp
      ImagePath=System32\DRIVERS\ipinip.sys - this reference has been left in place
      ----------
      Key=IpNat
      ImagePath=System32\DRIVERS\ipnat.sys - this reference has been left in place
      ----------
      Key=IPSec
      ImagePath=System32\DRIVERS\ipsec.sys - this reference has been left in place
      ----------
      Key=IRENUM
      ImagePath=System32\DRIVERS\irenum.sys - this reference has been left in place
      ----------
      Key=isapnp
      ImagePath=System32\DRIVERS\isapnp.sys - this reference has been left in place
      ----------
      Key=Kbdclass
      ImagePath=System32\DRIVERS\kbdclass.sys - this reference has been left in place
      ----------
      Key=kbdhid
      ImagePath=System32\DRIVERS\kbdhid.sys - this reference has been left in place
      ----------
      Key=kmixer
      ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
      ----------
      Key=mdmxsdk
      ImagePath=System32\DRIVERS\mdmxsdk.sys - this reference has been left in place
      ----------
      Key=mnmsrvc
      ImagePath=C:\WINDOWS\System32\mnmsrvc.exe - this reference has been left in place
      ----------
      Key=Mouclass
      ImagePath=System32\DRIVERS\mouclass.sys - this reference has been left in place
      ----------
      Key=mouhid
      ImagePath=System32\DRIVERS\mouhid.sys - this reference has been left in place
      ----------
      Key=MRxDAV
      ImagePath=System32\DRIVERS\mrxdav.sys - this reference has been left in place
      ----------
      Key=MRxSmb
      ImagePath=System32\DRIVERS\mrxsmb.sys - this reference has been left in place
      ----------
      Key=MSDTC
      ImagePath=C:\WINDOWS\System32\msdtc.exe - this reference has been left in place
      ----------
      Key=MSIServer
      ImagePath=C:\WINDOWS\System32\msiexec.exe /V - this reference has been left in place
      ----------
      Key=MSKSSRV
      ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
      ----------
      Key=MSPCLOCK
      ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
      ----------
      Key=MSPQM
      ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
      ----------
      Key=MSTEE
      ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
      ----------
      Key=NABTSFEC
      ImagePath=System32\DRIVERS\NABTSFEC.sys - this reference has been left in place
      ----------
      Key=NdisIP
      ImagePath=System32\DRIVERS\NdisIP.sys - this reference has been left in place
      ----------
      Key=NdisTapi
      ImagePath=System32\DRIVERS\ndistapi.sys - this reference has been left in place
      ----------
      Key=Ndisuio
      ImagePath=System32\DRIVERS\ndisuio.sys - this reference has been left in place
      ----------
      Key=NdisWan
      ImagePath=System32\DRIVERS\ndiswan.sys - this reference has been left in place
      ----------
      Key=NECEHCD
      ImagePath=System32\Drivers\NEHCD.sys - this reference has been left in place
      ----------
      Key=NetBIOS
      ImagePath=System32\DRIVERS\netbios.sys - this reference has been left in place
      ----------
      Key=NetBT
      ImagePath=System32\DRIVERS\netbt.sys - this reference has been left in place
      ----------
      Key=NetDDE
      ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
      ----------
      Key=NetDDEdsdm
      ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
      ----------
      Key=Netlogon
      ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
      ----------
      Key=NIC1394
      ImagePath=System32\DRIVERS\nic1394.sys - this reference has been left in place
      ----------
      Key=NtLmSsp
      ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
      ----------
      Key=NwlnkFlt
      ImagePath=System32\DRIVERS\nwlnkflt.sys - this reference has been left in place
      ----------
      Key=NwlnkFwd
      ImagePath=System32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
      ----------
      Key=ohci1394
      ImagePath=System32\DRIVERS\ohci1394.sys - this reference has been left in place
      ----------
      Key=P1001VID
      ImagePath=System32\DRIVERS\P1001Vid.sys - this reference has been left in place
      ----------
      Key=Parport
      ImagePath=System32\DRIVERS\parport.sys - this reference has been left in place
      ----------
      Key=PCI
      ImagePath=System32\DRIVERS\pci.sys - this reference has been left in place
      ----------
      Key=Pcmcia
      ImagePath=System32\DRIVERS\pcmcia.sys - this reference has been left in place
      ----------
      Key=PlugPlay
      ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
      ----------
      Key=PolicyAgent
      ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
      ----------
      Key=PptpMiniport
      ImagePath=System32\DRIVERS\raspptp.sys - this reference has been left in place
      ----------
      Key=Processor
      ImagePath=System32\DRIVERS\processr.sys - this reference has been left in place
      ----------
      Key=ProtectedStorage
      ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
      ----------
      Key=PSched
      ImagePath=System32\DRIVERS\psched.sys - this reference has been left in place
      ----------
      Key=Ptilink
      ImagePath=System32\DRIVERS\ptilink.sys - this reference has been left in place
      ----------
      Key=PxHelp20
      ImagePath=System32\DRIVERS\PxHelp20.sys - this reference has been left in place
      ----------
      Key=RasAcd
      ImagePath=System32\DRIVERS\rasacd.sys - this reference has been left in place
      ----------
      Key=Rasl2tp
      ImagePath=System32\DRIVERS\rasl2tp.sys - this reference has been left in place
      ----------
      Key=RasPppoe
      ImagePath=System32\DRIVERS\raspppoe.sys - this reference has been left in place
      ----------
      Key=Raspti
      ImagePath=System32\DRIVERS\raspti.sys - this reference has been left in place
      ----------
      Key=Rdbss
      ImagePath=System32\DRIVERS\rdbss.sys - this reference has been left in place
      ----------
      Key=RDPCDD
      ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
      ----------
      Key=RDSessMgr
      ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
      ----------
      Key=redbook
      ImagePath=System32\DRIVERS\redbook.sys - this reference has been left in place
      ----------
      Key=RpcLocator
      ImagePath=%SystemRoot%\System32\locator.exe - this reference has been left in place
      ----------
      Key=RSVP
      ImagePath=%SystemRoot%\System32\rsvp.exe - this reference has been left in place
      ----------
      Key=SamSs
      ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
      ----------
      Key=SCardDrv
      ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
      ----------
      Key=SCardSvr
      ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
      ----------
      Key=Secdrv
      ImagePath=System32\DRIVERS\secdrv.sys - this reference has been left in place
      ----------
      Key=serenum
      ImagePath=System32\DRIVERS\serenum.sys - this reference has been left in place
      ----------
      Key=Serial
      ImagePath=System32\DRIVERS\serial.sys - this reference has been left in place
      ----------
      Key=SLIP
      ImagePath=System32\DRIVERS\SLIP.sys - this reference has been left in place
      ----------
      Key=SNC
      ImagePath=System32\DRIVERS\SonyNC.sys - this reference has been left in place
      ----------
      Key=SPI
      ImagePath=System32\DRIVERS\SonyPI.sys - this reference has been left in place
      ----------
      Key=splitter
      ImagePath=system32\drivers\splitter.sys - this reference has been left in place
      ----------
      Key=Spooler
      ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
      ----------
      Key=SPTISRV
      ImagePath=C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe - this reference has been left in place
      ----------
      Key=sr
      ImagePath=System32\DRIVERS\sr.sys - this reference has been left in place
      ----------
      Key=Srv
      ImagePath=System32\DRIVERS\srv.sys - this reference has been left in place
      ----------
      Key=streamip
      ImagePath=System32\DRIVERS\StreamIP.sys - this reference has been left in place
      ----------
      Key=swenum
      ImagePath=System32\DRIVERS\swenum.sys - this reference has been left in place
      ----------
      Key=swmidi
      ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
      ----------
      Key=SwPrv
      ImagePath=C:\WINDOWS\System32\dllhost.exe /Processid:{C56AA3CD-14E8-4399-A5BA-29C5D2851800} - this reference has been left in place
      ----------
      Key=SynTP
      ImagePath=System32\DRIVERS\SynTP.sys - this reference has been left in place
      ----------
      Key=sysaudio
      ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
      ----------
      Key=SysmonLog
      ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
      ----------
      Key=Tcpip
      ImagePath=System32\DRIVERS\tcpip.sys - this reference has been left in place
      ----------
      Key=TermDD
      ImagePath=System32\DRIVERS\termdd.sys - this reference has been left in place
      ----------
      Key=Update
      ImagePath=System32\DRIVERS\update.sys - this reference has been left in place
      ----------
      Key=UPS
      ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
      ----------
      Key=usbccgp
      ImagePath=System32\DRIVERS\usbccgp.sys - this reference has been left in place
      ----------
      Key=usbhub
      ImagePath=System32\DRIVERS\usbhub.sys - this reference has been left in place
      ----------
      Key=usbohci
      ImagePath=System32\DRIVERS\usbohci.sys - this reference has been left in place
      ----------
      Key=USBSTOR
      ImagePath=System32\DRIVERS\USBSTOR.SYS - this reference has been left in place
      ----------
      Key=usbuhci
      ImagePath=System32\DRIVERS\usbuhci.sys - this reference has been left in place
      ----------
      Key=VgaSave
      ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
      ----------
      Key=VSS
      ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
      ----------
      Key=Wanarp
      ImagePath=System32\DRIVERS\wanarp.sys - this reference has been left in place
      ----------
      Key=wdmaud
      ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
      ----------
      Key=WDM_YAMAHAAC97
      ImagePath=system32\drivers\yacxgc.sys - this reference has been left in place
      ----------
      Key=winachsf
      ImagePath=System32\DRIVERS\HSF_CNXT.sys - this reference has been left in place
      ----------
      Key=WmiApSrv
      ImagePath=C:\WINDOWS\System32\wbem\wmiapsrv.exe - this reference has been left in place
      ----------
      Key=WSTCODEC
      ImagePath=System32\DRIVERS\WSTCODEC.SYS - this reference has been left in place
      ----------

      ******************************
      14:49:06: Scanning -----VXD ENTRIES-----
      Checking the following VxD entries:
      VxD Key = JAVASUP
      Vxd = JAVASUP.VXD - this command has been left in place
      ---------
      Checking VMM32 VxD files being loaded

      ******************************
      14:49:06: Scanning ----- WINLOGON\NOTIFY DLLS -----
      Checking DLLs called from the Winlogon\Notify key:
      Key=crypt32chain
      DLLName=crypt32.dll - this reference has been left in place
      ----------
      Key=cryptnet
      DLLName=cryptnet.dll - this reference has been left in place
      ----------
      Key=cscdll
      DLLName=cscdll.dll - this reference has been left in place
      ----------
      Key=ScCertProp
      DLLName=wlnotify.dll - this reference has been left in place
      ----------
      Key=Schedule
      DLLName=wlnotify.dll - this reference has been left in place
      ----------
      Key=sclgntfy
      DLLName=sclgntfy.dll - this reference has been left in place
      ----------
      Key=SensLogn
      DLLName=WlNotify.dll - this reference has been left in place
      ----------
      Key=termsrv
      DLLName=wlnotify.dll - this reference has been left in place
      ----------
      Key=wlballoon
      DLLName=wlnotify.dll - this reference has been left in place
      ----------

      ******************************
      14:49:07: Scanning ----- CONTEXTMENUHANDLERS -----
      Key = Offline Files
      CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
      %SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
      ----------
      Key = Open With
      CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
      %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
      ----------
      Key = Open With EncryptionMenu
      CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
      %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
      ----------
      Key = Shell Extension for Malware scanning
      CLSID = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
      C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll - this ContextMenuHandler has been left in place
      ----------
      Key = Trojan Remover
      CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
      C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
      ----------
      Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
      %SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
      ----------

      ******************************
      14:49:07: Scanning ----- FOLDER\COLUMNHANDLERS -----
      Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
      %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
      ----------
      Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
      %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
      ----------
      Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
      %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
      ----------
      Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
      %SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
      ----------

      ******************************
      14:49:07: Scanning ----- BROWSER HELPER OBJECTS -----
      Key = {02478D38-C3F9-4EFB-9B51-7695ECA05670}
      C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - this Browser Helper Object has been left in place
      ----------
      Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
      C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - this Browser Helper Object has been left in place
      ----------
      Key = {9030D464-4C02-4ABF-8ECC-5164760863C6}
      C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - this Browser Helper Object has been left in place
      ----------

      ******************************
      14:49:08: Scanning ----- SHELLSERVICEOBJECTS -----
      Key = PostBootReminder
      %SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
      ----------
      Key = CDBurn
      %SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
      ----------
      Key = WebCheck
      %SystemRoot%\System32\webcheck.dll - this ShellServiceObject has been left in place
      ----------
      Key = SysTray
      C:\WINDOWS\System32\stobject.dll - this ShellServiceObject has been left in place
      ----------

      ******************************
      14:49:08: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
      Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
      Comment = Pré-chargeur Browseui
      File: %SystemRoot%\System32\browseui.dll - this SharedTaskScheduler entry has been left in place
      ----------
      Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
      Comment = Démon de cache des catégories de composant
      File: %SystemRoot%\System32\browseui.dll - this SharedTaskScheduler entry has been left in place
      ----------

      ******************************
      14:49:08: Scanning ----- IMAGEFILE DEBUGGERS -----
      No "Debugger" entries found.

      ******************************
      14:49:08: Scanning ----- APPINIT_DLLS -----
      The AppInit_DLLs value is blank

      ******************************
      14:49:08: Scanning ------ USER STARTUP GROUPS ------
      Checking Startup Group for All Users
      No Startup files for All Users were located to check

      ******************************
      14:49:08: Scanning ------ COMMON STARTUP GROUP ------
      The Common Startup Group attempts to load the following file(s) at boot time:
      Adobe Gamma Loader.exe.lnk - this links to C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe and has been left in place
      --------------------
      desktop.ini - this file is expected and has been left in place
      --------------------
      PowerPanel.lnk - this links to C:\Program Files\PowerPanel\Program\PcfMgr.exe and has been left in place
      --------------------

      ******************************
      No User Startup Groups were located to check

      ******************************
      14:49:08: Scanning ----- SCHEDULED TASKS -----

      ******************************
      14:49:08: ----- EXTRA CHECKS -----
      Searching for generic rootkits...
      Heuristic checks for Rootkit drivers completed
      --------------------

      ******************************
      14:49:08: Scanning ------ DOWNLOADED PROGRAM FILES ------
      The following files are located in the DOWNLOADED PROGRAM FILES directory:
      C:\WINDOWS\Downloaded Program Files\beatnikx.ocx - this file has been left in place
      C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
      C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd - this file has been left in place

      ******************************
      14:49:08: Scanning ----- RUNNING PROCESSES -----

      C:\WINDOWS\System32\smss.exe
      --------------------
      C:\WINDOWS\system32\csrss.exe
      --------------------
      C:\WINDOWS\system32\winlogon.exe
      --------------------
      C:\WINDOWS\system32\services.exe
      --------------------
      C:\WINDOWS\system32\lsass.exe
      --------------------
      C:\WINDOWS\system32\svchost.exe
      --------------------
      C:\WINDOWS\System32\svchost.exe
      --------------------
      C:\WINDOWS\System32\svchost.exe
      --------------------
      C:\WINDOWS\System32\svchost.exe
      --------------------
      C:\WINDOWS\system32\spoolsv.exe
      --------------------
      C:\WINDOWS\Explorer.EXE
      --------------------
      C:\WINDOWS\System32\atiptaxx.exe
      --------------------
      C:\WINDOWS\System32\ICO.EXE
      --------------------
      C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
      --------------------
      C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
      --------------------
      C:\Program Files\Sony\HotKey Utility\HKserv.exe
      --------------------
      C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
      --------------------
      C:\WINDOWS\System32\ezSP_Px.exe
      --------------------
      C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
      --------------------
      C:\Program Files\PowerPanel\Program\PcfMgr.exe
      --------------------
      C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
      --------------------
      C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
      --------------------
      C:\WINDOWS\System32\Ati2evxx.exe
      --------------------
      C:\WINDOWS\System32\svchost.exe
      --------------------
      C:\Documents and Settings\Pilou et son Boulet\Application Data\Simply Super Software\Trojan Remover\wtp64.exe
      FileSize: 1.737.280
      [This is a Trojan Remover component]
      --------------------
      C:\Program Files\Internet Explorer\iexplore.exe
      --------------------

      ******************************
      14:49:12: Checking AUTOEXEC.BAT file
      AUTOEXEC.BAT found in C:\
      No malicious entries were found in the AUTOEXEC.BAT file

      ******************************
      14:49:12: Checking AUTOEXEC.NT file
      AUTOEXEC.NT found in C:\WINDOWS\System32
      No malicious entries were found in the AUTOEXEC.NT file

      ******************************
      ------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
      http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
      %SystemRoot%\system32\blank.htm
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
      http://www.club-vaio.sony-europe.com
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
      https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
      HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
      https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
      http://www.club-vaio.sony-europe.com/
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
      C:\WINDOWS\System32\blank.htm
      HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
      http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

      ******************************

      NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES


      Scan completed at: 7/01/2007 14:49:12
      ************************************************************


      ***** NORMAL SCAN FOR ACTIVE MALWARE *****
      Trojan Remover Ver 6.5.5, Build 2421. For information, email simplysupsupport@aol.com
      [Unregistered version]
      Scan started at: 7/01/2007 13:44:48
      Using Database v6699
      Operating System: Windows XP Home Edition (Build 2600)
      Using data directory: C:\Documents and Settings\Pilou et son Boulet\Application Data\Simply Super Software\Trojan Remover\
      Logfile directory: C:\Documents and Settings\Pilou et son Boulet\Mes documents\Simply Super Software\Trojan Remover Logfiles\
      Running with Administrator privileges


      **************************************************
      Checking Registry exefile command for modifications
      Checking Registry comfile command for modifications
      Checking Registry piffile command for modifications
      Checking Registry batfile command for modifications
      Checking Registry regfile command for modifications
      Checking Registry cmdfile command for modifications
      Checking Registry scrfile command for modifications

      ******************************
      13:44:48: Scanning ----------WIN.INI-----------
      WIN.INI found in C:\WINDOWS

      ******************************
      13:44:48: Scanning --------SYSTEM.INI---------
      SYSTEM.INI found in C:\WINDOWS

      ******************************
      13:44:48: ----- SCANNING FOR ROOTKIT SERVICES -----
      No hidden Services were detected.

      ******************************
      13:44:49: Scanning -----WINDOWS REGISTRY-----
      Checking HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Vxd
      --------------------
      Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
      This key's "Shell" value calls the following program(s):
      Explorer.exe - this entry has been left in place
      --------------------
      This key's "Userinit" value calls the following program(s):
      C:\WINDOWS\system32\userinit.exe - this entry has been left in place
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      --------------------
      Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      Value Name = load
      The Data Value for this entry appears to be blank
      --------------------
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      This Registry Key attempts to run the following program(s):
      Value Name = ATIModeChange
      Value Data = Ati2mdxx.exe - this command has been left in place
      --------------------
      Value Name = AtiPTA
      Value Data = atiptaxx.exe - this command has been left in place
      --------------------
      Value Name = Mouse Suite 98 Daemon
      Value Data = ICO.EXE - this command has been left in place
      --------------------
      Value Name = SynTPLpr
      Value Data = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - this command has been left in place
      --------------------
      Value Name = SynTPEnh
      Value Data = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - this command has been left in place
      --------------------
      Value Name = HKSERV.EXE
      Value Data = C:\Program Files\Sony\HotKey Utility\HKserv.exe - this command has been left in place
      --------------------
      Value Name = JOGSERV2.EXE
      Value Data = C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe - this command has been left in place
      --------------------
      Value Name = ezShieldProtector for Px
      Value Data = C:\WINDOWS\System32\ezSP_Px.exe - this command has been left in place
      --------------------
      Value Name = avgnt
      Value Data = C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min - this command has been left in place
      --------------------
      Value Name = TrojanScanner
      Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
      --------------------
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      This Registry Key appears to be empty
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
      This Registry Key appears to be empty
      --------------------
      Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
      This Registry Key attempts to run the following program(s):
      Value Name = MsnMsgr
      Value Data = C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background - this command has been left in place
      --------------------
      --------------------
      Checking for an active ScreenSaver:
      ScreenSaver=C:\WINDOWS\System32\logon.scr - this command has been left in place
      --------------------

      ******************************
      13:44:50: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
      Checking the StubPath calls in the Active Setup\Installed Components registry keys:
      Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
      StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
      ----------
      Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
      StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
      ----------
      Key={7790769C-0471-11d2-AF11-00C04FA35D02}
      StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
      ----------
      Key={89820200-ECBD-11cf-8B85-00AA005B4340}
      StubPath=regsvr32.exe - this reference has been left in place
      ----------
      Key={89820200-ECBD-11cf-8B85-00AA005B4383}
      StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
      ----------

      ******************************
      13:44:50: Scanning ----- NT/XP SERVICEDLL REGISTRY KEYS -----
      Checking DLL files called from the NT/XP CurrentControlSet\Services Keys:
      --------------------
      Key=Alerter
      ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
      --------------------
      Key=AppMgmt
      ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this file is globally excluded (file cannot be found)
      --------------------
      Key=AudioSrv
      ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
      --------------------
      Key=BITS
      ServiceDLL=C:\WINDOWS\System32\qmgr.dll - this reference has been left in place
      --------------------
      Key=Browser
      ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
      --------------------
      Key=CryptSvc
      ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
      --------------------
      Key=Dhcp
      ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
      --------------------
      Key=dmserver
      ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
      --------------------
      Key=Dnscache
      ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
      --------------------
      Key=ERSvc
      ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
      --------------------
      Key=EventSystem
      ServiceDLL=C:\WINDOWS\System32\es.dll - this reference has been left in place
      --------------------
      Key=FastUserSwitchingCompatibility
      ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
      --------------------
      Key=helpsvc
      ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
      --------------------
      Key=HidServ
      ServiceDLL=%SystemRoot%\System32\hidserv.dll - this reference has been left in place
      --------------------
      Key=lanmanserver
      ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
      --------------------
      Key=lanmanworkstation
      ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
      --------------------
      Key=LmHosts
      ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
      --------------------
      Key=Messenger
      ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
      --------------------
      Key=Netman
      ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
      --------------------
      Key=Nla
      ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
      --------------------
      Key=NtmsSvc
      ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
      --------------------
      Key=RasAuto
      ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
      --------------------
      Key=RasMan
      ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
      --------------------
      Key=RemoteAccess
      ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
      --------------------
      Key=RpcSs
      ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
      --------------------
      Key=Schedule
      ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
      --------------------
      Key=seclogon
      ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
      --------------------
      Key=SENS
      ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
      --------------------
      Key=SharedAccess
      ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
      --------------------
      Key=ShellHWDetection
      ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
      --------------------
      Key=srservice
      ServiceDLL=C:\WINDOWS\System32\srsvc.dll - this reference has been left in place
      --------------------
      Key=SSDPSRV
      ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
      --------------------
      Key=stisvc
      ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
      --------------------
      Key=TapiSrv
      ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
      --------------------
      Key=TermService
      ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
      --------------------
      Key=Themes
      ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
      --------------------
      Key=TrkWks
      ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
      --------------------
      Key=uploadmgr
      ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
      --------------------
      Key=upnphost
      ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
      --------------------
      Key=usnsvc
      ServiceDLL=C:\Program Files\MSN Messenger\usnsvc.dll - this reference has been left in place
      --------------------
      Key=W32Time
      ServiceDLL=C:\WINDOWS\System32\w32time.dll - this reference has been left in place
      --------------------
      Key=WebClient
      ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
      --------------------
      Key=winmgmt
      ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
      --------------------
      Key=WmdmPmSp
      ServiceDLL=C:\WINDOWS\System32\mspmspsv.dll - this reference has been left in place
      --------------------
      Key=wuauserv
      ServiceDLL=C:\WINDOWS\System32\wuauserv.dll - this reference has been left in place
      --------------------
      Key=WZCSVC
      ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place

      ******************************
      13:44:54: Scanning ----- NT/XP SERVICES REGISTRY KEYS -----
      Checking files called from the NT/XP CurrentControlSet\Services Keys:
      Key=ACPI
      ImagePath=System32\DRIVERS\ACPI.sys - this reference has been left in place
      ----------
      Key=ACPIEC
      ImagePath=System32\DRIVERS\ACPIEC.sys - this reference has been left in place
      ----------
      Key=aec
      ImagePath=system32\drivers\aec.sys - this reference has been left in place
      ----------
      Key=AFD
      ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
      ----------
      Key=agp440
      ImagePath=System32\DRIVERS\agp440.sys - this reference has been left in place
      ----------
      Key=ALG
      ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
      ----------
      Key=AntiVirScheduler
      ImagePath=C:\Program Files\AntiVir PersonalEdition Classic\sched.exe - this reference has been left in place
      ----------
      Key=AntiVirService
      ImagePath=C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe - this reference has been left in place
      ----------
      Key=Arp1394
      ImagePath=System32\DRIVERS\arp1394.sys - this reference has been left in place
      ----------
      Key=AsyncMac
      ImagePath=System32\DRIVERS\asyncmac.sys - this reference has been left in place
      ----------
      Key=atapi
      ImagePath=System32\DRIVERS\atapi.sys - this reference has been left in place
      ----------
      Key=Ati HotKey Poller
      ImagePath=%SystemRoot%\System32\Ati2evxx.exe - this reference has been left in place
      ----------
      Key=ati2mtag
      ImagePath=System32\DRIVERS\ati2mtag.sys - this reference has been left in place
      ----------
      Key=ATICDSDr
      ImagePath=\??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ATICDSDr.sys - this reference has been left in place [file not found to scan]
      ----------
      Key=Atmarpc
      ImagePath=System32\DRIVERS\atmarpc.sys - this reference has been left in place
      ----------
      Key=audstub
      ImagePath=System32\DRIVERS\audstub.sys - this reference has been left in place
      ----------
      Key=avgntdd
      ImagePath=SYSTEM32\DRIVERS\avgntdd.sys - this reference has been left in place
      ----------
      Key=avgntmgr
      ImagePath=SYSTEM32\drivers\avgntmgr.sys - this reference has been left in place
      ----------
      Key=CCDECODE
      ImagePath=System32\DRIVERS\CCDECODE.sys - this reference has been left in place
      ----------
      Key=Cdrom
      ImagePath=System32\DRIVERS\cdrom.sys - this reference has been left in place
      ----------
      Key=cisvc
      ImagePath=C:\WINDOWS\System32\cisvc.exe - this reference has been left in place
      ----------
      Key=ClipSrv
      ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
      ----------
      Key=CmBatt
      ImagePath=System32\DRIVERS\CmBatt.sys - this reference has been left in place
      ----------
      Key=Compbatt
      ImagePath=System32\DRIVERS\compbatt.sys - this reference has been left in place
      ----------
      Key=COMSysApp
      ImagePath=C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
      ----------
      Key=Disk
      ImagePath=System32\DRIVERS\disk.sys - this reference has been left in place
      ----------
      Key=dmadmin
      ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
      ----------
      Key=dmboot
      ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
      ----------
      Key=DMICall
      ImagePath=System32\DRIVERS\DMICall.sys - this reference has been left in place
      ----------
      Key=dmio
      ImagePath=System32\drivers\dmio.sys - this reference has been left in place
      ----------
      NT/XP Services registry keys scan stoppped at user request.
      The VxD Entries were not scanned.
      The Winlogon\Notify DLLs were not scanned.
      The ContextMenuHandlers were not scanned.
      The Browser Helper Objects were not scanned.
      The Global Startup Group was not scanned.
      The User Startup Groups were not scanned.
      The Scheduled Tasks were not scanned.
      Downloaded Program Files were not scanned.
      Running Processes were not scanned.
      The Windows Services file was not checked.
      The AUTOEXEC files were not checked.
      The scan for CAIN AND ABEL was not carried out.
      The check on Explorer.exe was not carried out.
      Internet Explorer settings were not checked.

      ******************************

      NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES


      Scan completed at: 7/01/2007 13:45:44
      ************************************************************


      ***** NORMAL SCAN FOR ACTIVE MALWARE *****
      Trojan Remover Ver 6.5.5, Build 2421. For information, email simplysupsupport@aol.com
      [Unregistered version]
      Scan started at: 6/01/2007 22:21:56
      Using Database v6699
      Operating System: Windows XP Home Edition (Build 2600)
      Using data directory: C:\Documents and Settings\Pilou et son Boulet\Application Data\Simply Super Software\Trojan Remover\
      Logfile directory: C:\Documents and Settings\Pilou et son Boulet\Mes documents\Simply Super Software\Trojan Remover Logfiles\
      Running with Administrator privileges


      **************************************************
      Checking Registry exefile command for modifications
      Checking Registry comfile command for modifications
      Checking Registry piffile command for modifications
      Checking Registry batfile command for modifications
      Checking Registry regfile command for modifications
      Checking Registry cmdfile command for modifications
      Checking Registry scrfile command for modifications

      ******************************
      22:21:56: Scanning ----------WIN.INI-----------
      WIN.INI found in C:\WINDOWS

      ******************************
      22:21:56: Scanning --------SYSTEM.INI---------
      SYSTEM.INI found in C:\WINDOWS

      ******************************
      22:21:56: ----- SCANNING FOR ROOTKIT SERVICES -----
      No hidden Services were detected.

      ******************************
      22:21:56: Scanning -----WINDOWS REGISTRY-----
      Checking HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Vxd
      --------------------
      Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
      This key's "Shell" value calls the following program(s):
      Explorer.exe - this entry has been left in place
      --------------------
      This key's "Userinit" value calls the following program(s):
      C:\WINDOWS\system32\userinit.exe - this entry has been left in place
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      --------------------
      Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
      Value Name = load
      The Data Value for this entry appears to be blank
      --------------------
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
      This Registry Key attempts to run the following program(s):
      Value Name = ATIModeChange
      Value Data = Ati2mdxx.exe - this command has been left in place
      --------------------
      Value Name = AtiPTA
      Value Data = atiptaxx.exe - this command has been left in place
      --------------------
      Value Name = Mouse Suite 98 Daemon
      Value Data = ICO.EXE - this command has been left in place
      --------------------
      Value Name = SynTPLpr
      Value Data = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - this command has been left in place
      --------------------
      Value Name = SynTPEnh
      Value Data = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - this command has been left in place
      --------------------
      Value Name = HKSERV.EXE
      Value Data = C:\Program Files\Sony\HotKey Utility\HKserv.exe - this command has been left in place
      --------------------
      Value Name = JOGSERV2.EXE
      Value Data = C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe - this command has been left in place
      --------------------
      Value Name = ezShieldProtector for Px
      Value Data = C:\WINDOWS\System32\ezSP_Px.exe - this command has been left in place
      --------------------
      Value Name = avgnt
      Value Data = C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min - this command has been left in place
      --------------------
      Value Name = TrojanScanner
      Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
      --------------------
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
      This Registry Key attempts to run the following program(s):
      Value Name = "C:\Program Files\\Creative\ShareDLL\CTStillCapture.ax"
      Value Data = C:\WINDOWS\System32\REGSVR32.EXE /s "C:\Program Files\\Creative\ShareDLL\CTStillCapture.ax"\CTStillCapture.ax - this command has been left in place
      --------------------
      Value Name = "C:\Program Files\\Creative\ShareDLL\CTImage.dll"
      Value Data = C:\WINDOWS\System32\REGSVR32.EXE /s "C:\Program Files\\Creative\ShareDLL\CTImage.dll"\CTImage.dll - this command has been left in place
      --------------------
      --------------------
      Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
      This Registry Key appears to be empty
      --------------------
      Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
      This Registry Key attempts to run the following program(s):
      Value Name = MSMSGS
      Value Data = C:\Program Files\Messenger\msmsgs.exe" /background - this command has been left in place
      --------------------
      --------------------
      Checking for an active ScreenSaver:
      ScreenSaver=C:\WINDOWS\System32\logon.scr - this command has been left in place
      --------------------

      ******************************
      22:21:58: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
      Checking the StubPath calls in the Active Setup\Installed Components registry keys:
      Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
      StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
      ----------
      Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
      StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
      ----------
      Key={7790769C-0471-11d2-AF11-00C04FA35D02}
      StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
      ----------
      Key={89820200-ECBD-11cf-8B85-00AA005B4340}
      StubPath=regsvr32.exe - this reference has been left in place
      ----------
      Key={89820200-ECBD-11cf-8B85-00AA005B4383}
      StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
      ----------

      ******************************
      22:21:58: Scanning ----- NT/XP SERVICEDLL REGISTRY KEYS -----
      Checking DLL files called from the NT/XP CurrentControlSet\Services Keys:
      --------------------
      Key=Alerter
      ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
      --------------------
      Key=AppMgmt
      ServiceDLL=%Syste
      0
  18. philae83 Messages postés 12854 Statut Contributeur sécurité 206
     
    bonjour,

    peux tu également faire analyser sur VIRUSTOTAL
    celui ci
    C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\atiptaxx.exe

    également pour vérif

    * Télécharge Blacklight
    https://europe.f-secure.com/exclude/blacklight/index.shtml
    (de F-Secure)
    (le premier de la page)

    Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.
    Double-clique blbeta.exe et accepte la licence;
    clique Scan puis Next

    Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
    sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

    Copie et colle le contenu de ce rapport dans ta prochaine réponse.
    NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport,
    car des fichiers légitimes peuvent être présents, tel wbemtest.exe
    0
    1. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      ok
      0
    2. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      il y a 2 blacklight je prends lequel?
      0
    3. koreanboy Messages postés 27 Date d'inscription   Statut Membre
       
      il n'y a rien pas de fichier de rapport il dit qu'il n'y a rien
      0
  19. koreanboy Messages postés 27 Date d'inscription   Statut Membre
     
    AntiVir PersonalEdition Classic
    Report file date: dimanche 7 janvier 2007 14:59

    Scanning for 618274 virus strains and unwanted programs.

    Licensed to: Avira AntiVir PersonalEdition Classic
    Serial number: 0000149996-ADJIE-0001
    Platform: Windows XP
    Windows version: (plain) [5.1.2600]
    Username: Pilou et son Boulet
    Computer name: CARINE

    Version information:
    BUILD.DAT : 217 12749 Bytes 05/12/2006 17:00:00
    AVSCAN.EXE : 7.0.3.4 208936 Bytes 07/01/2007 13:57:35
    AVSCAN.DLL : 7.0.3.1 35880 Bytes 07/01/2007 13:57:35
    LUKE.DLL : 7.0.3.2 143400 Bytes 07/01/2007 13:57:37
    LUKERES.DLL : 7.0.2.0 9256 Bytes 07/01/2007 13:57:37
    ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 11:35:27
    ANTIVIR1.VDF : 6.36.1.24 2212864 Bytes 14/11/2006 13:57:38
    ANTIVIR2.VDF : 6.37.0.89 783360 Bytes 31/12/2006 13:57:38
    ANTIVIR3.VDF : 6.37.0.113 94720 Bytes 05/01/2007 13:57:38
    AVEWIN32.DLL : 7.3.0.21 1999360 Bytes 07/01/2007 13:57:40
    AVPREF.DLL : 7.0.2.0 23592 Bytes 07/01/2007 13:57:35
    AVREP.DLL : 6.37.0.5 1007656 Bytes 07/01/2007 13:57:38
    AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 30/03/2006 09:43:31
    AVPACK32.DLL : 7.2.0.5 368680 Bytes 07/01/2007 13:57:40
    AVREG.DLL : 7.0.1.1 30760 Bytes 07/01/2007 13:57:35
    NETNT.DLL : 6.32.0.0 6696 Bytes 27/09/2005 08:56:49
    RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 07/01/2007 13:57:26
    RCTEXT.DLL : 7.0.12.1 77864 Bytes 07/01/2007 13:57:26

    Configuration settings for the scan:
    Jobname..........................: Local Hard Disks
    Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp
    Logging..........................: low
    Primary action...................: interactive
    Secondary action.................: ignore
    Scan master boot sector..........: off
    Scan boot sector.................: on
    Boot sectors.....................: D:,
    Scan memory......................: on
    Process scan.....................: on
    Scan registry....................: on
    Scan all files...................: Intelligent file selection
    Scan archives....................: on
    Recursion depth..................: 20
    Smart extensions.................: on
    Macro heuristic..................: on
    File heuristic...................: medium
    Expanded search settings.........: 0x00001000

    Start of the scan: dimanche 7 janvier 2007 14:59

    The scan of running processes will be started
    Scan process 'avscan.exe' - '1' Modules have been scanned
    Scan process 'avguard.exe' - '1' Modules have been scanned
    Scan process 'avcenter.exe' - '1' Modules have been scanned
    Scan process 'sched.exe' - '1' Modules have been scanned
    Scan process 'avgnt.exe' - '1' Modules have been scanned
    Scan process 'IEXPLORE.EXE' - '1' Modules have been scanned
    Scan process 'svchost.exe' - '1' Modules have been scanned
    Scan process 'ati2evxx.exe' - '1' Modules have been scanned
    Scan process 'PcfMgr.exe' - '1' Modules have been scanned
    Scan process 'ezSP_Px.exe' - '1' Modules have been scanned
    Scan process 'JogServ2.exe' - '1' Modules have been scanned
    Scan process 'HKServ.exe' - '1' Modules have been scanned
    Scan process 'SynTPEnh.exe' - '1' Modules have been scanned
    Scan process 'SynTPLpr.exe' - '1' Modules have been scanned
    Scan process 'ico.exe' - '1' Modules have been scanned
    Scan process 'atiptaxx.exe' - '1' Modules have been scanned
    Scan process 'explorer.exe' - '1' Modules have been scanned
    Scan process 'spoolsv.exe' - '1' Modules have been scanned
    Scan process 'svchost.exe' - '1' Modules have been scanned
    Scan process 'svchost.exe' - '1' Modules have been scanned
    Scan process 'svchost.exe' - '1' Modules have been scanned
    Scan process 'svchost.exe' - '1' Modules have been scanned
    Scan process 'lsass.exe' - '1' Modules have been scanned
    Scan process 'services.exe' - '1' Modules have been scanned
    Scan process 'winlogon.exe' - '1' Modules have been scanned
    Scan process 'csrss.exe' - '1' Modules have been scanned
    Scan process 'smss.exe' - '1' Modules have been scanned
    27 processes with 27 modules were scanned

    Start scanning boot sectors:
    Boot sector 'C:\'
    [NOTE] No virus was found!
    Boot sector 'D:\'
    [NOTE] No virus was found!

    Starting to scan the registry.
    The registry was scanned ( 19 files ).

    Starting the file scan:

    Begin scan in 'C:\' <VAIO>
    C:\hiberfil.sys
    [WARNING] The file could not be opened!
    C:\pagefile.sys
    [WARNING] The file could not be opened!
    Begin scan in 'D:\' <VAIO>

    End of the scan: dimanche 7 janvier 2007 15:14
    Used time: 15:00 min

    The scan has been done completely.

    1957 Scanning directories
    81242 Files were scanned
    0 viruses and/or unwanted programs were found
    0 files were deleted
    0 files were repaired
    0 files were moved to quarantine
    0 files were renamed
    2 Files cannot be scanned
    81242 Files not concerned
    5909 Archives were scanned
    2 Warnings
    0 Notes

    je te met le rapport de antivir il me dit qu'il y a 2 warning tu sais me dire ce que c'est merçi
    0