Sujet Précédent Sujet Suivant

Trojan dropper win 32 paradrop.a

jean -  
koreanboy Messages postés 27 Statut Membre -
salut j'ai un trojan dropper win 32 paradrop.a dans le fichier c:windows/système32/atiptaxx.exe et dans c:windows/système32/reinstallbackup/drivers/0000/atiptaxx.exe
le prob est que sur mon bureau quand je clique sur une icone il se met sur renomé et quand je descend la barre de taches il remonte aussitôt certains programmes ne répondes plus j'ai tout essayé !!!!!mais rien a faire seul a2 free me détecte le trojan mais ne sais pas le supprimer a chaque fois que je reformate il est tjrs la je suis désespérer pourriz vous m'aider s'il vous plait si c'est possible car beaucoup me dise que je dois jeter mon pc (portable sony vaio quel merde lol)
A voir également:

18 réponses

Réponse 1 / 18
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
Bonjour

as tu essayé AVG antispyware ? un scan antivirus en ligne ?
0
koreanboy Messages postés 27 Statut Membre
 
bonjour oui j'ai deja essayé il ne trouve rien j'ai a2 free lui il le trouve mais il ne le supprimme pas
0
Réponse 2 / 18
koreanboy Messages postés 27 Statut Membre
 
oui
0
Réponse 3 / 18
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
re

* Télécharge HijackThis et poste le rapport stp

http://pchelpbordeaux.free.fr/logiciels.html
Tutorial
http://pchelpbordeaux.free.fr/tuto.html
Démo en image
http://pageperso.aol.fr/balltrap34/demohijack.htm
0
koreanboy Messages postés 27 Statut Membre
 
ok
Scan saved at 15:43:04, on 6/01/2007
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\System32\atiptaxx.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Sony\HotKey Utility\HKserv.exe
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
C:\WINDOWS\System32\ezSP_Px.exe
C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\PowerPanel\Program\PcfMgr.exe
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\hijackthis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.club-vaio.sony-europe.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.club-vaio.sony-europe.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [HKSERV.EXE] C:\Program Files\Sony\HotKey Utility\HKserv.exe
O4 - HKLM\..\Run: [JOGSERV2.EXE] C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
O4 - HKLM\..\Run: [ezShieldProtector for Px] C:\WINDOWS\System32\ezSP_Px.exe
O4 - HKLM\..\Run: [OpwareSE2] "C:\Program Files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe"
O4 - HKLM\..\Run: [OPSE reminder] "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\Ereg.exe" -r "C:\Program Files\ScanSoft\OmniPageSE2.0\EregFre\ereg.ini"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: Adobe Gamma Loader.exe.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: PowerPanel.lnk = ?
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.club-vaio.sony-europe.com
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - AVIRA GmbH - C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe

0
Réponse 4 / 18
koreanboy Messages postés 27 Statut Membre
 
voila
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 18
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
ok, rien d'anormal dans le rapport

poste le rapport de A2

tu n'as pas conservé le rapport de scan d'avg ?
0
koreanboy Messages postés 27 Statut Membre
 
non mais je te le fait tout de suite
0
koreanboy Messages postés 27 Statut Membre
 
Réglages Scan:

Objets: Mémoire, Traces, Cookies, C:\, D:\
Scan archives: Marche
Heuristiques: Marche
Scan ADS: Marche

Début du scan: 6/01/2007 16:01:01

C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@247realmedia[2].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@atdmt[2].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@bluestreak[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@doubleclick[2].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@metriweb[1].txt Détecter: Trace.TrackingCookie
C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@weborama[2].txt Détecter: Trace.TrackingCookie
C:\Program Files\SDFix.exe/Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20
C:\SDFix\apps\Process.exe Détecter: Riskware.RiskTool.Win32.Processor.20
C:\WINDOWS\system32\atiptaxx.exe Détecter: Trojan-Dropper.Win32.Paradrop.a
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\atiptaxx.exe Détecter: Trojan-Dropper.Win32.Paradrop.a

Scanné

Fichiers: 48613
Traces: 93084
Cookies: 29
Processus: 31

Trouver

Fichiers: 4
Traces: 0
Cookies: 6
Processus: 0
Clés de Registre: 0

Fin du Scan: 6/01/2007 16:24:58
Temps du Scan: 0:23:57
0
koreanboy Messages postés 27 Statut Membre
 
voila le rapport a2
0
koreanboy Messages postés 27 Statut Membre
 
je te fais le rapport AVG
0
Réponse 6 / 18
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
re

ce qui m'étonne quand même c'est qu'il n'y aurait que A2 pour te trouver ce trojan. Quelquefois A2 a des faux positifs aussi, il faut se méfier.

Rend toi sur VIRUS TOTAL
pour le faire analyser
C:\WINDOWS\system32\atiptaxx.exe

poste le rapport ensuite

0
koreanboy Messages postés 27 Statut Membre
 
ok
0
koreanboy Messages postés 27 Statut Membre
 
désolé sur virustotal je choisi le fichier et puis je doit faire quoi? lol
0
Réponse 7 / 18
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
* Colle dans la case à gauche de "parcourir" :

* clique ensuite sur "send". Il faut patienter car tu es sur une file d'attente.
Le rapport ne sera complet que lorsque tu verras la mention "FINISHED"sur la droite.

0
koreanboy Messages postés 27 Statut Membre
 
ok merçi
0
koreanboy Messages postés 27 Statut Membre
 
voila les rapport sont la
0
Réponse 8 / 18
koreanboy Messages postés 27 Statut Membre
 
VirusTotalVirusTotal is a free file analisys service that works using several antivirus engines.

Select file : DistributeSSL

Enter your email, choose the file to be scanned with multiple antivirus engines and click Send.Menu:
News Hot news in the virus/antivirus sector.
Estadisticas Statistics of VirusTotal procesing.
Virustotal More info about Virustotal.

STATUS: FINISHEDComplete scanning result of "atiptaxx.exe", received in VirusTotal at 01.06.2007, 16:50:25 (CET).

Antivirus Version Update Result
AntiVir 7.3.0.21 01.05.2007 no virus found
Authentium 4.93.8 12.30.2006 no virus found
Avast 4.7.892.0 12.30.2006 no virus found
AVG 386 01.05.2007 no virus found
BitDefender 7.2 01.06.2007 no virus found
CAT-QuickHeal 9.00 01.05.2007 no virus found
ClamAV devel-20060426 01.06.2007 no virus found
DrWeb 4.33 01.06.2007 no virus found
eSafe 7.0.14.0 01.05.2007 no virus found
eTrust-InoculateIT 23.73.107 01.06.2007 no virus found
eTrust-Vet 30.3.3307 01.06.2007 no virus found
Ewido 4.0 01.06.2007 no virus found
Fortinet 2.82.0.0 01.06.2007 no virus found
F-Prot 3.16f 01.05.2007 no virus found
F-Prot4 4.2.1.29 01.05.2007 no virus found
Ikarus T3.1.0.27 01.06.2007 no virus found
Kaspersky 4.0.2.24 01.06.2007 no virus found
McAfee 4933 01.05.2007 no virus found
Microsoft 1.1904 01.06.2007 no virus found
NOD32v2 1959 01.05.2007 no virus found
Norman 5.80.02 12.31.2007 no virus found
Panda 9.0.0.4 01.06.2007 no virus found
Prevx1 V2 01.06.2007 no virus found
Sophos 4.13.0 01.05.2007 no virus found
Sunbelt 2.2.907.0 01.05.2007 no virus found
TheHacker 6.0.3.143 01.05.2007 no virus found
UNA 1.83 01.06.2007 no virus found
VBA32 3.11.1 01.06.2007 no virus found
VirusBuster 4.3.19:9 01.06.2007 no virus found

Aditional Information
File size: 286720 bytes
MD5: 5e258ab8bf33698a7d2a60fcffd96943
SHA1: 18b11b99ce2d556db870810f6bd9ffb0c3a0f3cc

VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
> Go to: Home Contactar En Español
--------------------------------------------------------------------------------
www.virustotal.com :: ©Hispasec Sistemas 2004-06:: e-mail info@virustotal.com
0
Réponse 9 / 18
koreanboy Messages postés 27 Statut Membre
 
voila il n'y a rien bizarre non?
0
Réponse 10 / 18
koreanboy Messages postés 27 Statut Membre
 
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------

+ Créé à: 16:57:15 6/01/2007

+ Résultat de l'analyse:

C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@247realmedia[2].txt -> TrackingCookie.247realmedia : Aucune action entreprise.
C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@bluestreak[1].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@doubleclick[2].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@www.smartadserver[1].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.

Fin du rapport

voila le rapport AVG
0
Réponse 11 / 18
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
non tout est ok, pour moi ce doit être un faux positif d'A2
ce n'est pas la première fois.
0
koreanboy Messages postés 27 Statut Membre
 
tu penses que c'est quoi lol?
0
koreanboy Messages postés 27 Statut Membre
 
tu crois que c'est mon pc qui a un prob
0
Réponse 12 / 18
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
je ne sais pas trop de quoi provient ce problème

mais

* fait un scan antivirus chez PANDA
https://www.pandasecurity.com/?ref=www.pandasoftware.com/activescan/fr/activescan_principal.htm
et poste le rapport ici ensuite
0
koreanboy Messages postés 27 Statut Membre
 
ok
Incident Statut Analyse

Spyware:Cookie/RealMedia No Désinfecté C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@247realmedia[2].txt
Spyware:Cookie/Atlas DMT No Désinfecté C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@atdmt[2].txt
Spyware:Cookie/Bluestreak No Désinfecté C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@bluestreak[1].txt
Spyware:Cookie/Doubleclick No Désinfecté C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@doubleclick[2].txt
Spyware:Cookie/MetriWeb No Désinfecté C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@metriweb[1].txt
Spyware:Cookie/Weborama No Désinfecté C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@weborama[2].txt
Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Pilou et son Boulet\Cookies\pilou et son boulet@xiti[1].txt
Outil indésirable:Application/Processor No Désinfecté C:\Program Files\SDFix.exe[SDFix\apps\Process.exe]
Outil indésirable:Application/Processor No Désinfecté C:\SDFix\apps\P
0
koreanboy Messages postés 27 Statut Membre
 
voila le rapport de PANDA
0
koreanboy Messages postés 27 Statut Membre
 
le rapport est fait
0
Réponse 13 / 18
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
re

RAS dans le rapport de Panda, je ne vois pas de trace d'infection.
0
koreanboy Messages postés 27 Statut Membre
 
merçi pour ton aide tu pense que je dois faire quoi?
0
Réponse 14 / 18
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
absolument aucune idée, je vais voir si je trouve quelqu'un d'autre pour donner son avis.
0
Réponse 15 / 18
Utilisateur anonyme
 
Salut vous deux

Il serait juduciable de mettre à jour ton PC car c'est très loin d'être le cas.
D'ajouter un pare-feu à ta configuration, ça ne sera pas un mal.

As-tu essayé de supprimer ce processus à ces deux endroits en mode sans echec et de mettre à jour ta carte graphique ?

C:\WINDOWS\system32\atiptaxx.exe Détecter: Trojan-Dropper.Win32.Paradrop.a
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\atiptaxx.exe Détecter: Trojan-Dropper.Win32.Paradrop.a

0
Réponse 16 / 18
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
hello boulepatte62

merci de venir nous aider. Je n'ai pas oser lui faire supprimer.
apparemment n'ont pas l'air bien méchant, et je me méfie tout le temps de A2
0
koreanboy Messages postés 27 Statut Membre
 
re bonjour désolé je viens de voir vos messages aujourd hui merçi de vos conseil mes j'avais dejafait les mises a jour de windows mais ça n'a rien changé, et question de supprimmer les 2 fichiers je l'ai fait aussi.ici j'ai un autre prog (trojan remover) je vous envoi le rapport et vous pouviez me dire çe vous en penser merçi a vous c'est super
[Unregistered version]
Scan started at: 7/01/2007 13:56:59
Using Database v6699
Operating System: Windows XP Home Edition (Build 2600)
Using data directory: C:\Documents and Settings\Pilou et son Boulet\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\Pilou et son Boulet\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges


**************************************************
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

******************************
13:56:59: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

******************************
13:56:59: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

******************************
13:56:59: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

******************************
13:57:00: Scanning -----WINDOWS REGISTRY-----
Checking HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Vxd
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
--------------------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = ATIModeChange
Value Data = Ati2mdxx.exe - this command has been left in place
--------------------
Value Name = AtiPTA
Value Data = atiptaxx.exe - this command has been left in place
--------------------
Value Name = Mouse Suite 98 Daemon
Value Data = ICO.EXE - this command has been left in place
--------------------
Value Name = SynTPLpr
Value Data = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - this command has been left in place
--------------------
Value Name = SynTPEnh
Value Data = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - this command has been left in place
--------------------
Value Name = HKSERV.EXE
Value Data = C:\Program Files\Sony\HotKey Utility\HKserv.exe - this command has been left in place
--------------------
Value Name = JOGSERV2.EXE
Value Data = C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe - this command has been left in place
--------------------
Value Name = ezShieldProtector for Px
Value Data = C:\WINDOWS\System32\ezSP_Px.exe - this command has been left in place
--------------------
Value Name = avgnt
Value Data = C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = MsnMsgr
Value Data = C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background - this command has been left in place
--------------------
--------------------
Checking for an active ScreenSaver:
ScreenSaver=C:\WINDOWS\System32\logon.scr - this command has been left in place
--------------------

******************************
13:57:00: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------

******************************
13:57:01: Scanning ----- NT/XP SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the NT/XP CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this file is globally excluded (file cannot be found)
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=C:\WINDOWS\System32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\System32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\System32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
--------------------
Key=uploadmgr
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=usnsvc
ServiceDLL=C:\Program Files\MSN Messenger\usnsvc.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\System32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSp
ServiceDLL=C:\WINDOWS\System32\mspmspsv.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\WINDOWS\System32\wuauserv.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place

******************************
13:57:04: Scanning ----- NT/XP SERVICES REGISTRY KEYS -----
Checking files called from the NT/XP CurrentControlSet\Services Keys:
Key=ACPI
ImagePath=System32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=ACPIEC
ImagePath=System32\DRIVERS\ACPIEC.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=agp440
ImagePath=System32\DRIVERS\agp440.sys - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=AntiVirScheduler
ImagePath=C:\Program Files\AntiVir PersonalEdition Classic\sched.exe - this reference has been left in place
----------
Key=AntiVirService
ImagePath=C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe - this reference has been left in place
----------
Key=Arp1394
ImagePath=System32\DRIVERS\arp1394.sys - this reference has been left in place
----------
Key=AsyncMac
ImagePath=System32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=System32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Ati HotKey Poller
ImagePath=%SystemRoot%\System32\Ati2evxx.exe - this reference has been left in place
----------
Key=ati2mtag
ImagePath=System32\DRIVERS\ati2mtag.sys - this reference has been left in place
----------
Key=ATICDSDr
ImagePath=\??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ATICDSDr.sys - this reference has been left in place [file not found to scan]
----------
Key=Atmarpc
ImagePath=System32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=System32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=avgntdd
ImagePath=SYSTEM32\DRIVERS\avgntdd.sys - this reference has been left in place
----------
Key=avgntmgr
ImagePath=SYSTEM32\drivers\avgntmgr.sys - this reference has been left in place
----------
Key=CCDECODE
ImagePath=System32\DRIVERS\CCDECODE.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=System32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=cisvc
ImagePath=C:\WINDOWS\System32\cisvc.exe - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=CmBatt
ImagePath=System32\DRIVERS\CmBatt.sys - this reference has been left in place
----------
Key=Compbatt
ImagePath=System32\DRIVERS\compbatt.sys - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=Disk
ImagePath=System32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=DMICall
ImagePath=System32\DRIVERS\DMICall.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=E100B
ImagePath=System32\DRIVERS\e100b325.sys - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=FilterService
ImagePath=System32\Drivers\nusbd.sys - this reference has been left in place
----------
Key=Ftdisk
ImagePath=System32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=Gpc
ImagePath=System32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=HidUsb
ImagePath=System32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=HSFHWICH
ImagePath=System32\DRIVERS\HSFHWICH.sys - this reference has been left in place
----------
Key=HSF_DP
ImagePath=System32\DRIVERS\HSF_DP.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=System32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\System32\imapi.exe - this reference has been left in place
----------
Key=IntelIde
ImagePath=System32\DRIVERS\intelide.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=System32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=System32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=System32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=IPSec
ImagePath=System32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=System32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=System32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=Kbdclass
ImagePath=System32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kbdhid
ImagePath=System32\DRIVERS\kbdhid.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=mdmxsdk
ImagePath=System32\DRIVERS\mdmxsdk.sys - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\System32\mnmsrvc.exe - this reference has been left in place
----------
Key=Mouclass
ImagePath=System32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=System32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=System32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=System32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\System32\msdtc.exe - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\System32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=MSTEE
ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
----------
Key=NABTSFEC
ImagePath=System32\DRIVERS\NABTSFEC.sys - this reference has been left in place
----------
Key=NdisIP
ImagePath=System32\DRIVERS\NdisIP.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=System32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=System32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=System32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NECEHCD
ImagePath=System32\Drivers\NEHCD.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=System32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=System32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
----------
Key=NIC1394
ImagePath=System32\DRIVERS\nic1394.sys - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=System32\DRIVERS\nwlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=System32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
----------
Key=ohci1394
ImagePath=System32\DRIVERS\ohci1394.sys - this reference has been left in place
----------
Key=P1001VID
ImagePath=System32\DRIVERS\P1001Vid.sys - this reference has been left in place
----------
Key=Parport
ImagePath=System32\DRIVERS\parport.sys - this reference has been left in place
----------
Key=PCI
ImagePath=System32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=Pcmcia
ImagePath=System32\DRIVERS\pcmcia.sys - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=System32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=Processor
ImagePath=System32\DRIVERS\processr.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=System32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=System32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\DRIVERS\PxHelp20.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=System32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=System32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=System32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=System32\DRIVERS\raspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=System32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=System32\DRIVERS\redbook.sys - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\System32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\System32\rsvp.exe - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardDrv
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=Secdrv
ImagePath=System32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=serenum
ImagePath=System32\DRIVERS\serenum.sys - this reference has been left in place
----------
Key=Serial
ImagePath=System32\DRIVERS\serial.sys - this reference has been left in place
----------
Key=SLIP
ImagePath=System32\DRIVERS\SLIP.sys - this reference has been left in place
----------
Key=SNC
ImagePath=System32\DRIVERS\SonyNC.sys - this reference has been left in place
----------
Key=SPI
ImagePath=System32\DRIVERS\SonyPI.sys - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=SPTISRV
ImagePath=C:\PROGRA~1\FICHIE~1\SONYSH~1\AVLib\Sptisrv.exe - this reference has been left in place
----------
Key=sr
ImagePath=System32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=Srv
ImagePath=System32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=streamip
ImagePath=System32\DRIVERS\StreamIP.sys - this reference has been left in place
----------
Key=swenum
ImagePath=System32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\System32\dllhost.exe /Processid:{C56AA3CD-14E8-4399-A5BA-29C5D2851800} - this reference has been left in place
----------
Key=SynTP
ImagePath=System32\DRIVERS\SynTP.sys - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=Tcpip
ImagePath=System32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=System32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=Update
ImagePath=System32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbccgp
ImagePath=System32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=System32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbohci
ImagePath=System32\DRIVERS\usbohci.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=System32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usbuhci
ImagePath=System32\DRIVERS\usbuhci.sys - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=Wanarp
ImagePath=System32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=WDM_YAMAHAAC97
ImagePath=system32\drivers\yacxgc.sys - this reference has been left in place
----------
Key=winachsf
ImagePath=System32\DRIVERS\HSF_CNXT.sys - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\System32\wbem\wmiapsrv.exe - this reference has been left in place
----------
Key=WSTCODEC
ImagePath=System32\DRIVERS\WSTCODEC.SYS - this reference has been left in place
----------

******************************
14:49:06: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
VxD Key = JAVASUP
Vxd = JAVASUP.VXD - this command has been left in place
---------
Checking VMM32 VxD files being loaded

******************************
14:49:06: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------

******************************
14:49:07: Scanning ----- CONTEXTMENUHANDLERS -----
Key = Offline Files
CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
%SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Shell Extension for Malware scanning
CLSID = {45AC2688-0253-4ED8-97DE-B5370FA7D48A}
C:\Program Files\AntiVir PersonalEdition Classic\shlext.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------

******************************
14:49:07: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------

******************************
14:49:07: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {02478D38-C3F9-4EFB-9B51-7695ECA05670}
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - this Browser Helper Object has been left in place
----------
Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx - this Browser Helper Object has been left in place
----------
Key = {9030D464-4C02-4ABF-8ECC-5164760863C6}
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - this Browser Helper Object has been left in place
----------

******************************
14:49:08: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
%SystemRoot%\System32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
C:\WINDOWS\System32\stobject.dll - this ShellServiceObject has been left in place
----------

******************************
14:49:08: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment = Pré-chargeur Browseui
File: %SystemRoot%\System32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------
Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment = Démon de cache des catégories de composant
File: %SystemRoot%\System32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------

******************************
14:49:08: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

******************************
14:49:08: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

******************************
14:49:08: Scanning ------ USER STARTUP GROUPS ------
Checking Startup Group for All Users
No Startup files for All Users were located to check

******************************
14:49:08: Scanning ------ COMMON STARTUP GROUP ------
The Common Startup Group attempts to load the following file(s) at boot time:
Adobe Gamma Loader.exe.lnk - this links to C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe and has been left in place
--------------------
desktop.ini - this file is expected and has been left in place
--------------------
PowerPanel.lnk - this links to C:\Program Files\PowerPanel\Program\PcfMgr.exe and has been left in place
--------------------

******************************
No User Startup Groups were located to check

******************************
14:49:08: Scanning ----- SCHEDULED TASKS -----

******************************
14:49:08: ----- EXTRA CHECKS -----
Searching for generic rootkits...
Heuristic checks for Rootkit drivers completed
--------------------

******************************
14:49:08: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\beatnikx.ocx - this file has been left in place
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd - this file has been left in place

******************************
14:49:08: Scanning ----- RUNNING PROCESSES -----

C:\WINDOWS\System32\smss.exe
--------------------
C:\WINDOWS\system32\csrss.exe
--------------------
C:\WINDOWS\system32\winlogon.exe
--------------------
C:\WINDOWS\system32\services.exe
--------------------
C:\WINDOWS\system32\lsass.exe
--------------------
C:\WINDOWS\system32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\WINDOWS\system32\spoolsv.exe
--------------------
C:\WINDOWS\Explorer.EXE
--------------------
C:\WINDOWS\System32\atiptaxx.exe
--------------------
C:\WINDOWS\System32\ICO.EXE
--------------------
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
--------------------
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
--------------------
C:\Program Files\Sony\HotKey Utility\HKserv.exe
--------------------
C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe
--------------------
C:\WINDOWS\System32\ezSP_Px.exe
--------------------
C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe
--------------------
C:\Program Files\PowerPanel\Program\PcfMgr.exe
--------------------
C:\Program Files\AntiVir PersonalEdition Classic\sched.exe
--------------------
C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe
--------------------
C:\WINDOWS\System32\Ati2evxx.exe
--------------------
C:\WINDOWS\System32\svchost.exe
--------------------
C:\Documents and Settings\Pilou et son Boulet\Application Data\Simply Super Software\Trojan Remover\wtp64.exe
FileSize: 1.737.280
[This is a Trojan Remover component]
--------------------
C:\Program Files\Internet Explorer\iexplore.exe
--------------------

******************************
14:49:12: Checking AUTOEXEC.BAT file
AUTOEXEC.BAT found in C:\
No malicious entries were found in the AUTOEXEC.BAT file

******************************
14:49:12: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\WINDOWS\System32
No malicious entries were found in the AUTOEXEC.NT file

******************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.club-vaio.sony-europe.com
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.club-vaio.sony-europe.com/
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Local Page":
C:\WINDOWS\System32\blank.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

******************************

NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES


Scan completed at: 7/01/2007 14:49:12
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.5.5, Build 2421. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 7/01/2007 13:44:48
Using Database v6699
Operating System: Windows XP Home Edition (Build 2600)
Using data directory: C:\Documents and Settings\Pilou et son Boulet\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\Pilou et son Boulet\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges


**************************************************
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

******************************
13:44:48: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

******************************
13:44:48: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

******************************
13:44:48: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

******************************
13:44:49: Scanning -----WINDOWS REGISTRY-----
Checking HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Vxd
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
--------------------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = ATIModeChange
Value Data = Ati2mdxx.exe - this command has been left in place
--------------------
Value Name = AtiPTA
Value Data = atiptaxx.exe - this command has been left in place
--------------------
Value Name = Mouse Suite 98 Daemon
Value Data = ICO.EXE - this command has been left in place
--------------------
Value Name = SynTPLpr
Value Data = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - this command has been left in place
--------------------
Value Name = SynTPEnh
Value Data = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - this command has been left in place
--------------------
Value Name = HKSERV.EXE
Value Data = C:\Program Files\Sony\HotKey Utility\HKserv.exe - this command has been left in place
--------------------
Value Name = JOGSERV2.EXE
Value Data = C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe - this command has been left in place
--------------------
Value Name = ezShieldProtector for Px
Value Data = C:\WINDOWS\System32\ezSP_Px.exe - this command has been left in place
--------------------
Value Name = avgnt
Value Data = C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = MsnMsgr
Value Data = C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background - this command has been left in place
--------------------
--------------------
Checking for an active ScreenSaver:
ScreenSaver=C:\WINDOWS\System32\logon.scr - this command has been left in place
--------------------

******************************
13:44:50: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------

******************************
13:44:50: Scanning ----- NT/XP SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the NT/XP CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this file is globally excluded (file cannot be found)
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=C:\WINDOWS\System32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\System32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\System32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
--------------------
Key=uploadmgr
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=usnsvc
ServiceDLL=C:\Program Files\MSN Messenger\usnsvc.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\System32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSp
ServiceDLL=C:\WINDOWS\System32\mspmspsv.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\WINDOWS\System32\wuauserv.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place

******************************
13:44:54: Scanning ----- NT/XP SERVICES REGISTRY KEYS -----
Checking files called from the NT/XP CurrentControlSet\Services Keys:
Key=ACPI
ImagePath=System32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=ACPIEC
ImagePath=System32\DRIVERS\ACPIEC.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=agp440
ImagePath=System32\DRIVERS\agp440.sys - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=AntiVirScheduler
ImagePath=C:\Program Files\AntiVir PersonalEdition Classic\sched.exe - this reference has been left in place
----------
Key=AntiVirService
ImagePath=C:\Program Files\AntiVir PersonalEdition Classic\avguard.exe - this reference has been left in place
----------
Key=Arp1394
ImagePath=System32\DRIVERS\arp1394.sys - this reference has been left in place
----------
Key=AsyncMac
ImagePath=System32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=System32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Ati HotKey Poller
ImagePath=%SystemRoot%\System32\Ati2evxx.exe - this reference has been left in place
----------
Key=ati2mtag
ImagePath=System32\DRIVERS\ati2mtag.sys - this reference has been left in place
----------
Key=ATICDSDr
ImagePath=\??\C:\DOCUME~1\PROPRI~1\LOCALS~1\Temp\ATICDSDr.sys - this reference has been left in place [file not found to scan]
----------
Key=Atmarpc
ImagePath=System32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=System32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=avgntdd
ImagePath=SYSTEM32\DRIVERS\avgntdd.sys - this reference has been left in place
----------
Key=avgntmgr
ImagePath=SYSTEM32\drivers\avgntmgr.sys - this reference has been left in place
----------
Key=CCDECODE
ImagePath=System32\DRIVERS\CCDECODE.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=System32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=cisvc
ImagePath=C:\WINDOWS\System32\cisvc.exe - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=CmBatt
ImagePath=System32\DRIVERS\CmBatt.sys - this reference has been left in place
----------
Key=Compbatt
ImagePath=System32\DRIVERS\compbatt.sys - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=Disk
ImagePath=System32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=DMICall
ImagePath=System32\DRIVERS\DMICall.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
NT/XP Services registry keys scan stoppped at user request.
The VxD Entries were not scanned.
The Winlogon\Notify DLLs were not scanned.
The ContextMenuHandlers were not scanned.
The Browser Helper Objects were not scanned.
The Global Startup Group was not scanned.
The User Startup Groups were not scanned.
The Scheduled Tasks were not scanned.
Downloaded Program Files were not scanned.
Running Processes were not scanned.
The Windows Services file was not checked.
The AUTOEXEC files were not checked.
The scan for CAIN AND ABEL was not carried out.
The check on Explorer.exe was not carried out.
Internet Explorer settings were not checked.

******************************

NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES


Scan completed at: 7/01/2007 13:45:44
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.5.5, Build 2421. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 6/01/2007 22:21:56
Using Database v6699
Operating System: Windows XP Home Edition (Build 2600)
Using data directory: C:\Documents and Settings\Pilou et son Boulet\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\Pilou et son Boulet\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges


**************************************************
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

******************************
22:21:56: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

******************************
22:21:56: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

******************************
22:21:56: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

******************************
22:21:56: Scanning -----WINDOWS REGISTRY-----
Checking HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Vxd
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
--------------------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = ATIModeChange
Value Data = Ati2mdxx.exe - this command has been left in place
--------------------
Value Name = AtiPTA
Value Data = atiptaxx.exe - this command has been left in place
--------------------
Value Name = Mouse Suite 98 Daemon
Value Data = ICO.EXE - this command has been left in place
--------------------
Value Name = SynTPLpr
Value Data = C:\Program Files\Synaptics\SynTP\SynTPLpr.exe - this command has been left in place
--------------------
Value Name = SynTPEnh
Value Data = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - this command has been left in place
--------------------
Value Name = HKSERV.EXE
Value Data = C:\Program Files\Sony\HotKey Utility\HKserv.exe - this command has been left in place
--------------------
Value Name = JOGSERV2.EXE
Value Data = C:\Program Files\Sony\Jog Dial Navigator\JogServ2.exe - this command has been left in place
--------------------
Value Name = ezShieldProtector for Px
Value Data = C:\WINDOWS\System32\ezSP_Px.exe - this command has been left in place
--------------------
Value Name = avgnt
Value Data = C:\Program Files\AntiVir PersonalEdition Classic\avgnt.exe" /min - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key attempts to run the following program(s):
Value Name = "C:\Program Files\\Creative\ShareDLL\CTStillCapture.ax"
Value Data = C:\WINDOWS\System32\REGSVR32.EXE /s "C:\Program Files\\Creative\ShareDLL\CTStillCapture.ax"\CTStillCapture.ax - this command has been left in place
--------------------
Value Name = "C:\Program Files\\Creative\ShareDLL\CTImage.dll"
Value Data = C:\WINDOWS\System32\REGSVR32.EXE /s "C:\Program Files\\Creative\ShareDLL\CTImage.dll"\CTImage.dll - this command has been left in place
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = MSMSGS
Value Data = C:\Program Files\Messenger\msmsgs.exe" /background - this command has been left in place
--------------------
--------------------
Checking for an active ScreenSaver:
ScreenSaver=C:\WINDOWS\System32\logon.scr - this command has been left in place
--------------------

******************************
22:21:58: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------

******************************
22:21:58: Scanning ----- NT/XP SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the NT/XP CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%Syste
0
Réponse 17 / 18
philae83 Messages postés 12854 Statut Contributeur sécurité 206
 
bonjour,

peux tu également faire analyser sur VIRUSTOTAL
celui ci
C:\WINDOWS\system32\ReinstallBackups\0000\DriverFiles\atiptaxx.exe

également pour vérif

* Télécharge Blacklight
https://europe.f-secure.com/exclude/blacklight/index.shtml
(de F-Secure)
(le premier de la page)

Clique sur "I ACCEPT" au bas de la page. Sauvegarde le sur ton Bureau.
Double-clique blbeta.exe et accepte la licence;
clique Scan puis Next

Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
sur ton Bureau, nommé fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).

Copie et colle le contenu de ce rapport dans ta prochaine réponse.
NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport,
car des fichiers légitimes peuvent être présents, tel wbemtest.exe
0
koreanboy Messages postés 27 Statut Membre
 
ok
0
koreanboy Messages postés 27 Statut Membre
 
il y a 2 blacklight je prends lequel?
0
koreanboy Messages postés 27 Statut Membre
 
il n'y a rien pas de fichier de rapport il dit qu'il n'y a rien
0
Réponse 18 / 18
koreanboy Messages postés 27 Statut Membre
 
AntiVir PersonalEdition Classic
Report file date: dimanche 7 janvier 2007 14:59

Scanning for 618274 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (plain) [5.1.2600]
Username: Pilou et son Boulet
Computer name: CARINE

Version information:
BUILD.DAT : 217 12749 Bytes 05/12/2006 17:00:00
AVSCAN.EXE : 7.0.3.4 208936 Bytes 07/01/2007 13:57:35
AVSCAN.DLL : 7.0.3.1 35880 Bytes 07/01/2007 13:57:35
LUKE.DLL : 7.0.3.2 143400 Bytes 07/01/2007 13:57:37
LUKERES.DLL : 7.0.2.0 9256 Bytes 07/01/2007 13:57:37
ANTIVIR0.VDF : 6.35.0.1 7371264 Bytes 31/05/2006 11:35:27
ANTIVIR1.VDF : 6.36.1.24 2212864 Bytes 14/11/2006 13:57:38
ANTIVIR2.VDF : 6.37.0.89 783360 Bytes 31/12/2006 13:57:38
ANTIVIR3.VDF : 6.37.0.113 94720 Bytes 05/01/2007 13:57:38
AVEWIN32.DLL : 7.3.0.21 1999360 Bytes 07/01/2007 13:57:40
AVPREF.DLL : 7.0.2.0 23592 Bytes 07/01/2007 13:57:35
AVREP.DLL : 6.37.0.5 1007656 Bytes 07/01/2007 13:57:38
AVRPBASE.DLL : 7.0.0.0 2162728 Bytes 30/03/2006 09:43:31
AVPACK32.DLL : 7.2.0.5 368680 Bytes 07/01/2007 13:57:40
AVREG.DLL : 7.0.1.1 30760 Bytes 07/01/2007 13:57:35
NETNT.DLL : 6.32.0.0 6696 Bytes 27/09/2005 08:56:49
RCIMAGE.DLL : 7.0.1.3 2097192 Bytes 07/01/2007 13:57:26
RCTEXT.DLL : 7.0.12.1 77864 Bytes 07/01/2007 13:57:26

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: C:\Program Files\AntiVir PersonalEdition Classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium
Expanded search settings.........: 0x00001000

Start of the scan: dimanche 7 janvier 2007 14:59

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Modules have been scanned
Scan process 'avguard.exe' - '1' Modules have been scanned
Scan process 'avcenter.exe' - '1' Modules have been scanned
Scan process 'sched.exe' - '1' Modules have been scanned
Scan process 'avgnt.exe' - '1' Modules have been scanned
Scan process 'IEXPLORE.EXE' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'ati2evxx.exe' - '1' Modules have been scanned
Scan process 'PcfMgr.exe' - '1' Modules have been scanned
Scan process 'ezSP_Px.exe' - '1' Modules have been scanned
Scan process 'JogServ2.exe' - '1' Modules have been scanned
Scan process 'HKServ.exe' - '1' Modules have been scanned
Scan process 'SynTPEnh.exe' - '1' Modules have been scanned
Scan process 'SynTPLpr.exe' - '1' Modules have been scanned
Scan process 'ico.exe' - '1' Modules have been scanned
Scan process 'atiptaxx.exe' - '1' Modules have been scanned
Scan process 'explorer.exe' - '1' Modules have been scanned
Scan process 'spoolsv.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'svchost.exe' - '1' Modules have been scanned
Scan process 'lsass.exe' - '1' Modules have been scanned
Scan process 'services.exe' - '1' Modules have been scanned
Scan process 'winlogon.exe' - '1' Modules have been scanned
Scan process 'csrss.exe' - '1' Modules have been scanned
Scan process 'smss.exe' - '1' Modules have been scanned
27 processes with 27 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( 19 files ).

Starting the file scan:

Begin scan in 'C:\' <VAIO>
C:\hiberfil.sys
[WARNING] The file could not be opened!
C:\pagefile.sys
[WARNING] The file could not be opened!
Begin scan in 'D:\' <VAIO>

End of the scan: dimanche 7 janvier 2007 15:14
Used time: 15:00 min

The scan has been done completely.

1957 Scanning directories
81242 Files were scanned
0 viruses and/or unwanted programs were found
0 files were deleted
0 files were repaired
0 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
81242 Files not concerned
5909 Archives were scanned
2 Warnings
0 Notes

je te met le rapport de antivir il me dit qu'il y a 2 warning tu sais me dire ce que c'est merçi
0

Discussions similaires

svp 32Gb est il egal a 32Go??
William Fernand -
nemrod18 -

3 réponses
Comment enlever mon virus trojan:win32/si...
bryanoulet -
juju666 -

58 réponses