Sujet Précédent Sujet Suivant

Analyser mon hitjat

Résolu/Fermé
Utilisateur anonyme - 5 août 2007 à 16:20
 Utilisateur anonyme - 7 août 2007 à 15:39
bonjour. pouvez vous me dire si j ai des soucis?merci d avance
Logfile of HijackThis v1.99.1
Scan saved at 16:18:32, on 05/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\lxcrcoms.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
C:\Program Files\Lexmark 2400 Series\ezprint.exe
C:\PROGRA~1\Grisoft\AVG7\avgcc.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Windows\system32\ctfmon.exe
C:\Program Files\MSN Messenger\usnsvc.exe
C:\Program Files\internet explorer\iexplore.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fssm32.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\explorer.exe
C:\Program Files\Hijackthis Version Française\VERSION TRADUITE ORIGINALE.EXE

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [lxcrmon.exe] "C:\Program Files\Lexmark 2400 Series\lxcrmon.exe"
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 2400 Series\ezprint.exe"
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [LXCRCATS] rundll32 C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [ctfmon.exe] C:\Windows\system32\ctfmon.exe
O4 - Startup: NOTFOUND.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - https://www.f-secure.com/en/home/support
O16 - DPF: {193C772A-87BE-4B19-A7BB-445B226FE9A1} (ewidoOnlineScan Control) - http://www.cyber-infos.net/files/OnlineScan.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\Windows\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\Windows\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: F-Secure BlackLight Sensor - F-Secure Corporation - C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe
O23 - Service: lxcr_device - - C:\Windows\system32\lxcrcoms.exe
A voir également:

24 réponses

Précédent
  • 1
  • 2
Réponse 21 / 24
Utilisateur anonyme
6 août 2007 à 18:46
bonsoir.;et bein j ai tout fait..mais ca ne veut toujours pas se desinstaller....
0
Réponse 22 / 24
Utilisateur anonyme
7 août 2007 à 00:17
ouais mais ca m encombre mon disque dur pour rien et pourquoi je ne peux supprimer ce que tu me dis???merci de repondre et de m expliquer..car je veux comprendre
0
Réponse 23 / 24
Utilisateur anonyme
7 août 2007 à 15:08
bonjour..ou est mon sauveur......
0
Réponse 24 / 24
Utilisateur anonyme
7 août 2007 à 15:39
bonjour.;si vous pouvez regarder ca..merci
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.1.2477. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 07/08/2007 15:32:28
Using Database v6839
Operating System: Windows XP Professional Service Pack 2 (Build 2600)
Using data directory: C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\Administrateur\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges


**************************************************
The following Anti-Malware program(s) are loaded:
AVG Anti-Spyware

**************************************************

Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

**************************************************
15:32:28: Scanning ----------WIN.INI-----------
WIN.INI found in C:\Windows

**************************************************
15:32:28: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\Windows

**************************************************
15:32:28: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
15:32:31: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\Windows\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = FaxCenterServer
Value Data = C:\Program Files\Lexmark Fax Solutions\fm3032.exe" /s - this command has been left in place
--------------------
Value Name = Adobe Reader Speed Launcher
Value Data = C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe - this command has been left in place
--------------------
Value Name = lxcrmon.exe
Value Data = C:\Program Files\Lexmark 2400 Series\lxcrmon.exe - this command has been left in place
--------------------
Value Name = EzPrint
Value Data = C:\Program Files\Lexmark 2400 Series\ezprint.exe - this command has been left in place
--------------------
Value Name = AVG7_CC
Value Data = C:\PROGRA~1\Grisoft\AVG7\avgcc.exe /STARTUP - this command has been left in place
--------------------
Value Name = !AVG Anti-Spyware
Value Data = C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized - this command has been left in place
--------------------
Value Name = LXCRCATS
Value Data = rundll32 C:\Windows\System32\spool\DRIVERS\W32X86\3\LXCRtime.dll,_RunDLLEntry@16 - this command has been left in place
--------------------
Value Name = SunJavaUpdateSched
Value Data = C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = ctfmon.exe
Value Data = C:\Windows\system32\ctfmon.exe - this command has been left in place
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

**************************************************
15:32:37: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll - this ShellExecuteHook has been left in place
----------

**************************************************
15:32:37: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
15:32:38: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver=C:\Windows\System32\ssflwbox.scr - this command has been left in place
--------------------

**************************************************
15:32:38: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
StubPath=C:\Windows\system32\ieudinit.exe - this reference has been left in place
----------
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\Windows\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\Windows\system32\ie4uinit.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=C:\Windows\system32\shmgrate.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\Windows\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\Windows\system32\ie4uinit.exe - this reference has been left in place
----------

**************************************************
15:32:41: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\System32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HTTPFilter
ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
--------------------
Key=Irmon
ServiceDLL=%SystemRoot%\System32\irmon.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
--------------------
Key=NWCWorkstation
ServiceDLL=%SystemRoot%\System32\nwwks.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RemoteRegistry
ServiceDLL=%SystemRoot%\system32\regsvc.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\System32\rpcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\System32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\System32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSN
ServiceDLL=C:\Windows\system32\MsPMSNSv.dll - this reference has been left in place
--------------------
Key=Wmi
ServiceDLL=%SystemRoot%\System32\advapi32.dll - this reference has been left in place
--------------------
Key=wscsvc
ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\Windows\system32\wuauserv.dll - this reference has been left in place
--------------------
Key=WudfSvc
ServiceDLL=%SystemRoot%\System32\WUDFSvc.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
--------------------
Key=xmlprov
ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place

**************************************************
15:32:56: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=ACPI
ImagePath=System32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=ACPIEC
ImagePath=System32\DRIVERS\ACPIEC.sys - this reference has been left in place
----------
Key=adpu160m
ImagePath=\SystemRoot\System32\DRIVERS\adpu160m.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=agp440
ImagePath=System32\DRIVERS\agp440.sys - this reference has been left in place
----------
Key=aic78u2
ImagePath=\SystemRoot\System32\DRIVERS\aic78u2.sys - this reference has been left in place
----------
Key=aic78xx
ImagePath=\SystemRoot\System32\DRIVERS\aic78xx.sys - this reference has been left in place
----------
Key=AlcrFilt
ImagePath=\??\C:\Windows\System32\Drivers\AlcrFilt.sys - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=aliadwdm
ImagePath=system32\drivers\ac97ali.sys - this reference has been left in place
----------
Key=AliIde
ImagePath=System32\DRIVERS\aliide.sys - this reference has been left in place
----------
Key=ALiIRDA
ImagePath=System32\DRIVERS\alifir.sys - this reference has been left in place
----------
Key=allegro
ImagePath=system32\drivers\es198x.sys - this reference has been left in place
----------
Key=Arp1394
ImagePath=System32\DRIVERS\arp1394.sys - this reference has been left in place
----------
Key=aspnet_state
ImagePath=%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - this reference has been left in place
----------
Key=AsyncMac
ImagePath=System32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=System32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=ati2mtag
ImagePath=System32\DRIVERS\ati2mtag.sys - this reference has been left in place
----------
Key=atimpab
ImagePath=System32\DRIVERS\atimpab.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=System32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=System32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=AVG Anti-Rootkit
ImagePath=System32\DRIVERS\avgarkt.sys - this reference has been left in place
----------
Key=AVG Anti-Spyware Driver
ImagePath=\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys - this reference has been left in place
----------
Key=AVG Anti-Spyware Guard
ImagePath=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - this reference has been left in place
----------
Key=Avg7Alrt
ImagePath=C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe - this reference has been left in place
----------
Key=Avg7Core
ImagePath=\SystemRoot\System32\Drivers\avg7core.sys - this reference has been left in place
----------
Key=Avg7RsW
ImagePath=\SystemRoot\System32\Drivers\avg7rsw.sys - this reference has been left in place
----------
Key=Avg7RsXP
ImagePath=\SystemRoot\System32\Drivers\avg7rsxp.sys - this reference has been left in place
----------
Key=Avg7UpdSvc
ImagePath=C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe - this reference has been left in place
----------
Key=AvgArCln
ImagePath=System32\DRIVERS\AvgArCln.sys - this reference has been left in place
----------
Key=AvgAsCln
ImagePath=System32\DRIVERS\AvgAsCln.sys - this reference has been left in place
----------
Key=AvgClean
ImagePath=\SystemRoot\System32\Drivers\avgclean.sys - this reference has been left in place
----------
Key=AVGEMS
ImagePath=C:\PROGRA~1\Grisoft\AVG7\avgemc.exe - this reference has been left in place
----------
Key=AvgTdi
ImagePath=\SystemRoot\System32\Drivers\avgtdi.sys - this reference has been left in place
----------
Key=basic2
ImagePath=System32\DRIVERS\basic2.sys - this reference has been left in place
----------
Key=caboagp
ImagePath=System32\DRIVERS\atisgkaf.sys - this reference has been left in place
----------
Key=catchme
ImagePath=\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys - this reference has been left in place [file not found to scan]
----------
Key=CCDECODE
ImagePath=System32\DRIVERS\CCDECODE.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=System32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=cisvc
ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=ClntMgmt.sys
ImagePath=\SystemRoot\System32\Drivers\ClntMgmt.sys - this reference has been left in place
----------
Key=clr_optimization_v2.0.50727_32
ImagePath=C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - this reference has been left in place
----------
Key=CmBatt
ImagePath=System32\DRIVERS\CmBatt.sys - this reference has been left in place
----------
Key=Cnxtdiag
ImagePath=System32\DRIVERS\cnxtdiag.sys - this reference has been left in place
----------
Key=Compbatt
ImagePath=System32\DRIVERS\compbatt.sys - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=DarkSpy
ImagePath=\??\C:\Windows\system32\DarkSpyKernel.sys - this reference has been left in place [file not found to scan]
----------
Key=DCamUSBPremier
ImagePath=System32\Drivers\mpixvid.sys - this reference has been left in place
----------
Key=Disk
ImagePath=System32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=dpti2o
ImagePath=\SystemRoot\System32\DRIVERS\dpti2o.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=E100B
ImagePath=System32\DRIVERS\e100b325.sys - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=F-Secure BlackLight Sensor
ImagePath=C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\F-Secure\Anti-Virus\fsblsrv.exe - this reference has been left in place [file not found to scan]
----------
Key=Fallback
ImagePath=System32\DRIVERS\fallback.sys - this reference has been left in place
----------
Key=Fdc
ImagePath=System32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=Flpydisk
ImagePath=System32\DRIVERS\flpydisk.sys - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\drivers\fltmgr.sys - this reference has been left in place
----------
Key=fsbl
ImagePath=\??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsbldrv.sys - this reference has been left in place [file not found to scan]
----------
Key=Fsks
ImagePath=System32\DRIVERS\fsksnt.sys - this reference has been left in place
----------
Key=Ftdisk
ImagePath=System32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=gameenum
ImagePath=System32\DRIVERS\gameenum.sys - this reference has been left in place
----------
Key=Gpc
ImagePath=System32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=HidUsb
ImagePath=System32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=HTTP
ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=System32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\System32\imapi.exe - this reference has been left in place
----------
Key=IntelIde
ImagePath=\SystemRoot\System32\DRIVERS\intelide.sys - this reference has been left in place
----------
Key=intelppm
ImagePath=System32\DRIVERS\intelppm.sys - this reference has been left in place
----------
Key=ip6fw
ImagePath=system32\drivers\ip6fw.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=System32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=System32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=System32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=IPSec
ImagePath=System32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=irda
ImagePath=System32\DRIVERS\irda.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=System32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=System32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=K56
ImagePath=System32\DRIVERS\k56nt.sys - this reference has been left in place
----------
Key=Kbdclass
ImagePath=System32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=ltmodem5
ImagePath=System32\DRIVERS\ltmdmnt.sys - this reference has been left in place
----------
Key=LVUSBSta
ImagePath=system32\drivers\lvusbsta.sys - this reference has been left in place
----------
Key=lxcr_device
ImagePath=C:\Windows\system32\lxcrcoms.exe -service - this reference has been left in place
----------
Key=MDM
ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe" - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\System32\mnmsrvc.exe - this reference has been left in place
----------
Key=Mouclass
ImagePath=System32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=System32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=System32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=System32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\Windows\System32\msdtc.exe - this reference has been left in place
----------
Key=MSIRCOMM
ImagePath=system32\DRIVERS\MSIRCOMM.sys - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\Windows\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=System32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=MSTEE
ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
----------
Key=NABTSFEC
ImagePath=system32\DRIVERS\NABTSFEC.sys - this reference has been left in place
----------
Key=NdisIP
ImagePath=system32\DRIVERS\NdisIP.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=System32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=System32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=System32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=System32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=System32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
----------
Key=netrcacm
ImagePath=system32\DRIVERS\netrcacm.sys - this reference has been left in place
----------
Key=NIC1394
ImagePath=System32\DRIVERS\nic1394.sys - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=System32\DRIVERS\nwlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=System32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
----------
Key=NwlnkIpx
ImagePath=System32\DRIVERS\nwlnkipx.sys - this reference has been left in place
----------
Key=NwlnkNb
ImagePath=System32\DRIVERS\nwlnknb.sys - this reference has been left in place
----------
Key=NwlnkSpx
ImagePath=System32\DRIVERS\nwlnkspx.sys - this reference has been left in place
----------
Key=NWRDR
ImagePath=System32\DRIVERS\nwrdr.sys - this reference has been left in place
----------
Key=ohci1394
ImagePath=System32\DRIVERS\ohci1394.sys - this reference has been left in place
----------
Key=ose
ImagePath="C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" - this reference has been left in place
----------
Key=P3
ImagePath=System32\DRIVERS\p3.sys - this reference has been left in place
----------
Key=Parport
ImagePath=System32\DRIVERS\parport.sys - this reference has been left in place
----------
Key=PCI
ImagePath=System32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=PCIIde
ImagePath=\SystemRoot\System32\DRIVERS\pciide.sys - this reference has been left in place
----------
Key=Pcmcia
ImagePath=System32\DRIVERS\pcmcia.sys - this reference has been left in place
----------
Key=PID_0928
ImagePath=system32\DRIVERS\LV561AV.SYS - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=System32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=Processor
ImagePath=System32\DRIVERS\processr.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=System32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=System32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=System32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasirda
ImagePath=System32\DRIVERS\rasirda.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=System32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=System32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=System32\DRIVERS\raspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=System32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=rdpdr
ImagePath=System32\DRIVERS\rdpdr.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\Windows\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=System32\DRIVERS\redbook.sys - this reference has been left in place
----------
Key=Rksample
ImagePath=System32\DRIVERS\rksample.sys - this reference has been left in place
----------
Key=ROOTMODEM
ImagePath=System32\Drivers\RootMdm.sys - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\System32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\System32\rsvp.exe - this reference has been left in place
----------
Key=rtl8139
ImagePath=System32\DRIVERS\RTL8139.SYS - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=ScsiPort
ImagePath=%SystemRoot%\system32\drivers\scsiport.sys - this reference has been left in place
----------
Key=Secdrv
ImagePath=System32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=serenum
ImagePath=System32\DRIVERS\serenum.sys - this reference has been left in place
----------
Key=Serial
ImagePath=System32\DRIVERS\serial.sys - this reference has been left in place
----------
Key=SIS163u
ImagePath=system32\DRIVERS\sis163u.sys - this reference has been left in place
----------
Key=SLIP
ImagePath=system32\DRIVERS\SLIP.sys - this reference has been left in place
----------
Key=SMCIRDA
ImagePath=System32\DRIVERS\smcirda.sys - this reference has been left in place
----------
Key=SoftFax
ImagePath=System32\DRIVERS\faxnt.sys - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=sr
ImagePath=System32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=Srv
ImagePath=System32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=Stmatm
ImagePath=System32\DRIVERS\stmatm.sys - this reference has been left in place
----------
Key=streamip
ImagePath=system32\DRIVERS\StreamIP.sys - this reference has been left in place
----------
Key=swenum
ImagePath=System32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\System32\dllhost.exe /Processid:{BEC14E11-5CE7-49B3-9573-C84041F4DE79} - this reference has been left in place
----------
Key=symc810
ImagePath=\SystemRoot\System32\DRIVERS\symc810.sys - this reference has been left in place
----------
Key=symc8xx
ImagePath=\SystemRoot\System32\DRIVERS\symc8xx.sys - this reference has been left in place
----------
Key=sym_hi
ImagePath=\SystemRoot\System32\DRIVERS\sym_hi.sys - this reference has been left in place
----------
Key=SynTP
ImagePath=System32\DRIVERS\SynTP.sys - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=TaurusUsb
ImagePath=System32\DRIVERS\torususb.sys - this reference has been left in place
----------
Key=Tcpip
ImagePath=System32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=System32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=TlntSvr
ImagePath=C:\WINDOWS\System32\tlntsvr.exe - this reference has been left in place
----------
Key=Tones
ImagePath=System32\DRIVERS\tonesnt.sys - this reference has been left in place
----------
Key=Update
ImagePath=System32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbccgp
ImagePath=System32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=USBCM
ImagePath=system32\DRIVERS\Sacm2K.sys - this reference has been left in place
----------
Key=usbehci
ImagePath=System32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=System32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbohci
ImagePath=System32\DRIVERS\usbohci.sys - this reference has been left in place
----------
Key=usbprint
ImagePath=System32\DRIVERS\usbprint.sys - this reference has been left in place
----------
Key=usbscan
ImagePath=System32\DRIVERS\usbscan.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=System32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usbuhci
ImagePath=System32\DRIVERS\usbuhci.sys - this reference has been left in place
----------
Key=USB_RNDIS
ImagePath=system32\DRIVERS\usb8023.sys - this reference has been left in place
----------
Key=usnjsvc
ImagePath="C:\Program Files\MSN Messenger\usnsvc.exe" - this reference has been left in place
----------
Key=V124
ImagePath=System32\DRIVERS\v124nt.sys - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=ViaIde
ImagePath=\SystemRoot\System32\DRIVERS\viaide.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=Wanarp
ImagePath=System32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wceusbsh
ImagePath=System32\DRIVERS\wceusbsh.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=winachsf
ImagePath=System32\DRIVERS\HSF_CNXT.sys - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\System32\wbem\wmiapsrv.exe - this reference has been left in place
----------
Key=WMPNetworkSvc
ImagePath="C:\Program Files\Windows Media Player\WMPNetwk.exe" - this reference has been left in place
----------
Key=WpdUsb
ImagePath=System32\Drivers\wpdusb.sys - this reference has been left in place
----------
Key=WS2IFSL
ImagePath=\SystemRoot\System32\drivers\ws2ifsl.sys - this reference has been left in place
----------
Key=WSTCODEC
ImagePath=system32\DRIVERS\WSTCODEC.SYS - this reference has been left in place
----------
Key=WudfPf
ImagePath=system32\DRIVERS\WudfPf.sys - this reference has been left in place
----------
Key=WudfRd
ImagePath=system32\DRIVERS\wudfrd.sys - this reference has been left in place
----------

**************************************************
15:35:34: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
VxD Key = JAVASUP
JAVASUP.VXD - this entry has been left in place
----------
----------
Checking VMM32 VxD files being loaded

**************************************************
15:35:34: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=WgaLogon
DLLName=WgaLogon.dll - this reference has been left in place
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------

**************************************************
15:35:36: Scanning ----- CONTEXTMENUHANDLERS -----
Key = AVG Anti-Spyware
CLSID = {8934FCEF-F5B8-468f-951F-78A921CD3920}
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll - this ContextMenuHandler has been left in place
----------
Key = AVG7 Shell Extension
CLSID = {9F97547E-4609-42C5-AE0C-81C61FFAEBC3}
C:\Program Files\Grisoft\AVG7\avgse.dll - this ContextMenuHandler has been left in place
----------
Key = BriefcaseMenu
CLSID = {85BBD920-42A0-1069-A2E4-08002B30309D}
syncui.dll - this ContextMenuHandler has been left in place
----------
Key = ClamWin
CLSID = {65713842-C410-4f44-8383-BFE01A398C90}
C:\Program Files\ClamWin\bin\ExpShell.dll - this ContextMenuHandler has been left in place
----------
Key = Offline Files
CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
%SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------

**************************************************
15:35:37: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
----------

**************************************************
15:35:38: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place
----------
Key = {53707962-6F74-2D53-2644-206D7942484F}
C:\PROGRA~1\SPYBOT~1\SDHelper.dll - this Browser Helper Object has been left in place
----------
Key = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
C:\Program Files\Java\jre1.6.0_02\bin\ssv.dll - this Browser Helper Object has been left in place
----------
Key = {9030D464-4C02-4ABF-8ECC-5164760863C6}
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - this Browser Helper Object has been left in place
----------

**************************************************
15:35:39: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
CLSID = {7849596a-48ea-486e-8937-a2a3009f31a9}
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
CLSID = {fbeb8a05-beee-4442-804e-409d6c4515e9}
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
CLSID = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
C:\Windows\system32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
CLSID = {35CEC8A3-2BE6-11D2-8773-92E220524153}
C:\WINDOWS\System32\stobject.dll - this ShellServiceObject has been left in place
----------
Key = WPDShServiceObj
CLSID = {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
C:\Windows\system32\WPDShServiceObj.dll - this ShellServiceObject has been left in place
----------

**************************************************
15:35:40: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment = Pré-chargeur Browseui
File: %SystemRoot%\System32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------
Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment = Démon de cache des catégories de composant
File: %SystemRoot%\System32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------

**************************************************
15:35:40: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
15:35:40: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

**************************************************
15:35:40: Scanning ----- SECURITY PROVIDER DLLS -----
msapsspc.dll - this entry has been left in place
----------
schannel.dll - this entry has been left in place
----------
digest.dll - this entry has been left in place
----------
msnsspc.dll - this entry has been left in place
----------

**************************************************
15:35:41: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group does not attempt to load any files

**************************************************
No User Startup Groups were located to check

**************************************************
15:35:41: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Parameters: -task
Next Run Time: 09/08/2007 21:09:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
C:\Program Files\Apple Software Update\SoftwareUpdate.exe - this entry has been left in place [file not found to scan]
----------
Taskname: Maintenance en 1 clic.job
File: C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
Parameters: /schedulestart
Next Run Time: 10/08/2007 17:15:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Administrateur
Comments: Lance la maintenance en 1 clic à des heures précises
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe - this entry has been left in place [file not found to scan]
----------

**************************************************
15:35:42: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------

**************************************************
15:35:42: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\Windows\Downloaded Program Files\bdcore.dll - this file has been left in place
C:\Windows\Downloaded Program Files\bdupd.dll - this file has been left in place
C:\Windows\Downloaded Program Files\ca.pub - this file has been left in place
C:\Windows\Downloaded Program Files\CONFLICT.1\bdcore.dll - this file has been left in place
C:\Windows\Downloaded Program Files\CONFLICT.1\bdupd.dll - this file has been left in place
C:\Windows\Downloaded Program Files\CONFLICT.1\ca.pub - this file has been left in place
C:\Windows\Downloaded Program Files\CONFLICT.1\daas_s.dll - this file has been left in place
C:\Windows\Downloaded Program Files\CONFLICT.1\fsauc.dll - this file has been left in place
C:\Windows\Downloaded Program Files\CONFLICT.1\fscax.dll - this file has been left in place
C:\Windows\Downloaded Program Files\CONFLICT.1\ipsupd.dll - this file has been left in place
C:\Windows\Downloaded Program Files\CONFLICT.1\lang.ini - this file has been left in place
C:\Windows\Downloaded Program Files\CONFLICT.1\libfn.dll - this file has been left in place
C:\Windows\Downloaded Program Files\CONFLICT.1\live.ini - this file has been left in place
C:\Windows\Downloaded Program Files\CONFLICT.1\oscan8.inf - this file has been left in place
C:\Windows\Downloaded Program Files\CONFLICT.1\oscan8.ocx - this file has been left in place
C:\Windows\Downloaded Program Files\CONFLICT.1\oscan81.ocx_x - this file has been left in place
C:\Windows\Downloaded Program Files\CONFLICT.1\scanoptions.tsi - this file has been left in place
C:\Windows\Downloaded Program Files\daas_s.dll - this file has been left in place
C:\Windows\Downloaded Program Files\ewidoOnlineScan.dll - this file has been left in place
C:\Windows\Downloaded Program Files\fsauc.dll - this file has been left in place
C:\Windows\Downloaded Program Files\fscax.dll - this file has been left in place
C:\Windows\Downloaded Program Files\fscax.inf - this file has been left in place
C:\Windows\Downloaded Program Files\fxfileop.dll - this file has been left in place
C:\Windows\Downloaded Program Files\ipsupd.dll - this file has been left in place
C:\Windows\Downloaded Program Files\lang.ini - this file has been left in place
C:\Windows\Downloaded Program Files\libfn.dll - this file has been left in place
C:\Windows\Downloaded Program Files\live.ini - this file has been left in place
C:\Windows\Downloaded Program Files\oscan81.ocx_x - this file has been left in place
C:\Windows\Downloaded Program Files\scanoptions.tsi - this file has been left in place
C:\Windows\Downloaded Program Files\uninst.bat - this file has been left in place

**************************************************
15:35:52: Scanning ----- RUNNING PROCESSES -----

C:\Windows\System32\smss.exe
--------------------
C:\Windows\system32\csrss.exe
--------------------
C:\Windows\system32\winlogon.exe
--------------------
C:\Windows\system32\services.exe
--------------------
C:\Windows\system32\lsass.exe
--------------------
C:\Windows\system32\svchost.exe
--------------------
C:\Windows\system32\spoolsv.exe
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
--------------------
C:\Windows\Explorer.EXE
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
--------------------
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
--------------------
C:\Windows\system32\lxcrcoms.exe
--------------------
C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
--------------------
C:\Program Files\Lexmark 2400 Series\lxcrmon.exe
--------------------
C:\Program Files\Lexmark 2400 Series\ezprint.exe
--------------------
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
--------------------
C:\Windows\System32\alg.exe
--------------------
C:\Program Files\Java\jre1.6.0_02\bin\jusched.exe
--------------------
C:\Windows\system32\ctfmon.exe
--------------------
C:\Program Files\MSN Messenger\usnsvc.exe
--------------------
C:\Program Files\Mozilla Firefox\firefox.exe
--------------------
C:\Documents and Settings\Administrateur\Application Data\Simply Super Software\Trojan Remover\fsy66.exe
FileSize: 1 876 544
[This is a Trojan Remover component]
--------------------

**************************************************
15:35:58: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in C:\Windows\system32
No malicious entries were found in the AUTOEXEC.NT file

**************************************************
15:35:58: Checking HOSTS file
No malicious entries were found in the HOSTS file

**************************************************
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
https://www.bing.com/?toHttps=1&redig=8F3F334EA60E4B1CB4D040DCFE393A89{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
https://www.google.fr/?gws_rd=ssl
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

**************************************************
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 07/08/2007 15:35:58
************************************************************
0

Discussions similaires

Scanner USB en ligne sans installer un antivirus
eleveing -
H.A.W.X -

3 réponses