Adaware NavipromoB

grandpierre Messages postés 110 Statut Membre -  
grandpierre Messages postés 110 Statut Membre -
Bonjour, J'ai suivi les messages précédents correspondant à mon cas et enregistré le rapport de Navifix que je joins à mon message. Je précise que je dispose d'un PC HP Quad 2,4 avec 3 G de mémoire Ram et carte graphique nvidia 8500 GT. Malgré cela mon PC est lent, surtout sur Internet. Merci infiniment de me dépanner. Grandpierre<code>Configuration: Windows Vista
Internet Explorer 7.0</coSearch Navipromo version 3.3.4 commencé le 04/11/2007 à 16:43:17,34

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16546

*** Recherche Programmes installés ***

*** Recherche dossiers dans C:\Windows ***

*** Recherche dossiers dans C:\Program Files ***

C:\Program Files\WebMediaPlayer trouvé !

*** Recherche dossiers dans C:\ProgramData ***

*** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***

...\WebMediaPlayer trouvé !

*** Recherche dossiers dans C:\USERS\PIERRE\APPDATA\ROAMING\MICROS~1\WINDOWS\STARTM~1\PROGRAMS ***

...\WebMediaPlayer trouvé !

*** Recherche dossiers dans C:\Users\Pierre\AppData\Local\virtualstore\Program Files ***

*** Recherche dossiers dans C:\Users\Pierre\AppData\Roaming ***

*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\Users\Pierre\AppData\Local\Microsoft
- C:\Users\Pierre\AppData\Local\virtualstore\windows\system32
- C:\Users\Pierre\AppData\Local

*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\Windows\system32 *

* Recherche dans C:\Users\Pierre\AppData\Local\Microsoft *

Fichiers trouvés :

ntlcoth.exe trouvé !

* Recherche dans C:\Users\Pierre\AppData\Local\virtualstore\windows\system32 *

* Recherche dans C:\Users\Pierre\AppData\Local *

*** Recherche fichiers ***

C:\Windows\pack.epk trouvé !
C:\Windows\system32\nvs2.inf trouvé !

*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :

C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx.dat trouvé !
C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw.dat trouvé !
C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx_nav.dat trouvé !
C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw_nav.dat trouvé !
C:\Users\Pierre\AppData\Local\Microsoft\mbsslbdia_navtmp.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !

*** Analyse terminée le 04/11/2007 à 16:44:10,88 ***
de>

60 réponses

  • 1
  • 2
  • 3
Résumé de la discussion

Lenteur persistante d'un PC HP sous Windows Vista, sur Internet, persiste malgré l'analyse avec Navilog et un rapport HijackThis pour déceler des éléments indésirables connus. Des conseils pratiques ciblent d'abord le nettoyage et la réparation avec CCleaner, puis l’outil msconfig pour désactiver une entrée suspecte au démarrage et redémarrer correctement. Pour aller plus loin, il est conseillé d’exécuter Navilog1 en mode administrateur et de suivre le nettoyage guidé, puis de redémarrer pour que les corrections prennent effet et sauvegarder les rapports. En cas de doute sur la validité des rapports, des observations en mode sans échec ont montré des résultats différents et l’interprétation des résultats peut varier selon les outils utilisés.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    Veille à ce que le contrôle des comptes utilisateurs (UAC) soit désactivé.
    Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".

    Au menu principal, Fais le choix 2
    Laisse toi guider et patiente.
    Le fix va t'informer qu'il va alors redémarrer ton PC
    Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
    Appuie sur une touche comme demandé.
    (si ton Pc ne redémarre pas automatiquement, fais-le toi-même)
    Au redémarrage de ton PC, choisis ta session habituelle si nécessaire.
    Patiente jusqu'au message :
    *** Nettoyage Termine le ..... ***
    Le blocnote va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver
    Referme le blocnote. Ton bureau va réapparaître
    Réactive le contrôle des comptes utilisateurs (UAC)

    PS:Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
    Tape explorer et valide. Cela te fera apparaître ton bureau
    0
  2. grandpierre Messages postés 110 Statut Membre 10
     
    Message pour JLPJLP.

    J'essaie depuis un bon moment à t'envoyer un message mais ça ne veut pas partit. Est-ce que parce qu'il était trop louds ? J'avais joint 2 pièces jointes - les rapports de recherches de virus et autres adaware. Si celui-ci part normalement je vais réessayer.
    Grandpierre
    0
  3. grandpierre Messages postés 110 Statut Membre 10
     
    A JLPJLP. Je fais une nouvelle tentative en espèrant que ça marche. Tout d'abord, je veux te remercier pour l'aide que tu m'apportes. J'ai suivi tes conseils, mais je crois que ça n'a pas marché. Mon ordi continue de faire n'importe quoi. Exemple:Chaque fois que je clique sur une commande - par exemple Windows mail, Galerie de photos Windows, Internet Explorer, Windows Media Player, et(c....la réponse vient immédiatement: " a cessé de fonctionner". Au deuxième clic, ça marche. J'ai aussi des problemes avec Studio 11 de Pinnacle. Soudainement, tout s'efface et je me retrouve sur le Bureau. Je ne parle pas de la lenteur sur Internet: c'est une catastrophe. Je te suis infiniment reconnaissant de m'aider à me dépanne Je vais t'envoyer à part, les rapports de Fixnavi et Bit Defender.
    Je te rappelle la configuration de mon PC Windows Vista HP 8180 Quad 2,4, 3Mo de mémoire Ram Carte graphique nvidia 8500GT.
    Avec ça, il devrait pêter le feu, alors qu'il se traine.... Merci encore. Grandpierre
    0
  4. grandpierre Messages postés 110 Statut Membre 10
     
    A JLPJLP Rapport Bit Defender

    //-----------------------------------------------------------------
    //
    // Product BitDefender Free Edition v10
    // Product 10.2
    //
    // Created on: 06/11/2007 04:40:30
    //
    //-----------------------------------------------------------------

    Virus Statistics

    Scan path : C:\
    E:\
    F:\
    Z:\
    Folders : 16098
    Files : 210328
    Memory processes scanned : 83
    Archives : 680
    Runtime packers : 8984
    Identified viruses : 1
    Infected files : 1
    Memory processes infected : 0
    Suspect files : 0
    Warnings : 0
    Disinfected files : 0
    Deleted files : 0
    Moved files : 0
    I/O errors : 79
    Scan time : 00:37:37
    Scan speed (files/sec) : 93

    Spyware Statistics

    Registry keys scanned : 1551
    Registry keys infected : 0
    Cookies scanned : 28
    Cookies infected : 0
    Spyware files infected : 0
    Spyware threats detected : 0

    Virus definitions : 937794
    Scan plugins : 16
    Archive plugins : 41
    Unpack plugins : 7
    Mail plugins : 6
    System plugins : 5

    Virus scan options

    Detection
    [X] Scan boot sectors
    [X] Memory Processes
    [ ] Scan archives
    [X] Scan runtime packers
    [X] Scan email

    File mask
    [ ] Programs
    [X] All files
    [ ] User defined extensions:
    [ ] Exclude extensions: ;

    Action

    Infected objects
    [ ] Ignore
    [X] Disinfect
    [ ] Delete
    [ ] Move to quarantine
    [ ] Prompt user

    Second action
    [ ] Ignore
    [ ] Delete
    [X] Move to quarantine
    [ ] Prompt user

    Virus scan options
    [X] Enable warnings
    [X] Enable heuristics
    [ ] Show all files in log
    [X] Report file: C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\full_scan\1194320430.log

    Spyware scan options

    [X] Scan for riskware
    [ ] Skip dial and applications from scan
    [X] Registry keys
    [X] Cookies

    Summary:

    C:\ProgramData\BitDefender\Desktop\Quarantine\fkzqbfdeqw.exe Detected: Adware.Navipromo.BYZ
    C:\ProgramData\BitDefender\Desktop\Quarantine\fkzqbfdeqw.exe Disinfection failed
    C:\ProgramData\BitDefender\Desktop\Quarantine\fkzqbfdeqw.exe Move failed
    0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    si tu ne peux faire navilog:

    Lance AVG ANTI ROOTKIT :

    http://www.libellules.ch/dotclear/index.php?2007/03/28/1781-avg-anti-rootkit

    _________________

    le fichier est en quarantaine dans bitdefender déja
    pour le virer tu vas dans la partie quarantaine de bit defender et tu le vire
    ou tu vire le fichier fkzqbfdeqw.exe en allant dans poste de travail puis C ...

    C:\ProgramData\BitDefender\Desktop\Quarantine\fkzqbfdeqw.exe

    ___________________

    encore des pbs?

    si ca persiste

    colle un rapport hijackthis
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
  7. grandpierre Messages postés 110 Statut Membre 10
     
    Bonjour JLPJLP. Je t'envoie le rapport Fixnavi qui n'a pas voulu partir hier. Je l'ai compressé en espèrant ne pas avoir de problemes. Je t'envoie ensu_ite un autre mail pour expliquer ce que j'ai fait. Encore merci. Grandpierre. Je n'ai pu l'envoyer décompressé...
    Search Navipromo version 3.3.4 commencé le 06/11/2007 à 18:28:44,24

    !!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
    !!! Postez ce rapport sur le forum pour le faire analyser !!!
    !!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO

    Microsoft Windows Vista 6.0.6000
    Internet Explorer : 7.0.6000.16546

    *** Recherche Programmes installés ***

    *** Recherche dossiers dans C:\Windows ***

    *** Recherche dossiers dans C:\Program Files ***

    C:\Program Files\WebMediaPlayer trouvé !

    *** Recherche dossiers dans C:\ProgramData ***

    *** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***

    ...\WebMediaPlayer trouvé !

    *** Recherche dossiers dans C:\USERS\PIERRE\APPDATA\ROAMING\MICROS~1\WINDOWS\STARTM~1\PROGRAMS ***

    ...\WebMediaPlayer trouvé !

    *** Recherche dossiers dans C:\Users\Pierre\AppData\Local\virtualstore\Program Files ***

    *** Recherche dossiers dans C:\Users\Pierre\AppData\Roaming ***

    *** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
    pour + d'infos : http://www.gmer.net

    Aucun fichier trouvé dans :

    - C:\Users\Pierre\AppData\Local\Microsoft
    - C:\Users\Pierre\AppData\Local\virtualstore\windows\system32
    - C:\Users\Pierre\AppData\Local

    *** Recherche avec GenericNaviSearch ***
    !!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
    !!! A vérifier impérativement avant toute suppression manuelle !!!

    * Recherche dans C:\Windows\system32 *

    * Recherche dans C:\Users\Pierre\AppData\Local\Microsoft *

    Fichiers trouvés :

    ntlcoth.exe trouvé !

    * Recherche dans C:\Users\Pierre\AppData\Local\virtualstore\windows\system32 *

    * Recherche dans C:\Users\Pierre\AppData\Local *

    *** Recherche fichiers ***

    C:\Windows\pack.epk trouvé !
    C:\Windows\system32\nvs2.inf trouvé !

    *** Recherche clés spécifiques dans le Registre ***

    HKEY_CURRENT_USER\Software\Lanconfig trouvé !

    *** Module de Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    2)Recherche Heuristique :

    C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx.dat trouvé !
    C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw.dat trouvé !
    C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx_nav.dat trouvé !
    C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw_nav.dat trouvé !
    C:\Users\Pierre\AppData\Local\Microsoft\mbsslbdia_navtmp.dat trouvé !

    3)Recherche Certificats :

    Certificat Egroup trouvé !

    *** Analyse terminée le 06/11/2007 à 18:29:32,17 ***
    0
  8. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    NAVILOG : A REFAIRE AVEC L'OPTION 2 cette fois

    Veille à ce que le contrôle des comptes utilisateurs (UAC) soit désactivé.
    Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".

    Au menu principal, Fais le choix 2
    Laisse toi guider et patiente.
    Le fix va t'informer qu'il va alors redémarrer ton PC
    Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
    Appuie sur une touche comme demandé.
    (si ton Pc ne redémarre pas automatiquement, fais-le toi-même)
    Au redémarrage de ton PC, choisis ta session habituelle si nécessaire.
    Patiente jusqu'au message :
    *** Nettoyage Termine le ..... ***
    Le blocnote va s'ouvrir.
    Sauvegarde le rapport de manière à le retrouver
    Referme le blocnote. Ton bureau va réapparaître
    Réactive le contrôle des comptes utilisateurs (UAC)

    PS:Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
    Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
    Tape explorer et valide. Cela te fera apparaître ton bureau
    0
  9. grandpierre Messages postés 110 Statut Membre 10
     
    Ci-joint le rapport fait il y a 10 minutes
    Clean Navipromo version 3.3.4 commencé le 07/11/2007 à 19:17:27,39

    Outil exécuté depuis C:\Program Files\navilog1
    Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO

    Microsoft Windows Vista 6.0.6000
    Internet Explorer : 7.0.6000.16546

    Mode suppression automatique

    *** fsbl1.txt non trouvé ***
    (Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)

    *** Suppression avec sauvegardes résultats GenericNaviSearch ***

    * Suppression dans C:\Windows\System32 *

    * Suppression dans C:\Users\Pierre\AppData\Local\Microsoft *

    ntlcoth.exe trouvé !
    Copie ntlcoth.exe réalisé avec succès !
    ntlcoth.exe supprimé !

    * Suppression dans C:\Users\Pierre\AppData\Local\virtualstore\windows\system32 *

    * Suppression dans C:\Users\Pierre\AppData\Local *

    *** Suppression dossiers dans C:\Windows ***

    *** Suppression dossiers dans C:\Program Files ***

    C:\Program Files\WebMediaPlayer ...suppression...
    C:\Program Files\WebMediaPlayer supprimé !

    *** Suppression dossiers dans C:\ProgramData ***

    *** Suppression dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***

    ...\WebMediaPlayer ...suppression...
    ...\WebMediaPlayer supprimé !

    *** Suppression dossiers dans C:\USERS\PIERRE\APPDATA\ROAMING\MICROS~1\WINDOWS\STARTM~1\PROGRAMS ***

    ...\WebMediaPlayer ...suppression...
    ...\WebMediaPlayer supprimé !

    *** Suppression dossiers dans C:\Users\Pierre\AppData\Local\virtualstore\Program Files ***

    *** Suppression dossiers dans C:\Users\Pierre\AppData\Roaming ***

    *** Suppression fichiers ***

    C:\Windows\pack.epk supprimé !
    C:\Windows\system32\nvs2.inf supprimé !

    *** Suppression fichiers temporaires ***

    Nettoyage contenu C:\Windows\Temp effectué !
    Nettoyage contenu C:\Users\Pierre\AppData\Local\Temp effectué !

    *** Traitement Recherche complémentaire ***
    (Recherche fichiers spécifiques)

    1)Recherche fichiers connus:

    2)Recherche, création sauvegardes et suppression Heuristique :

    C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx.dat trouvé !
    Copie C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx.dat réalisé avec succès !
    C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx.dat supprimé !

    C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw.dat trouvé !
    Copie C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw.dat réalisé avec succès !
    C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw.dat supprimé !

    C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx_nav.dat trouvé !
    Copie C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx_nav.dat réalisé avec succès !
    C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx_nav.dat supprimé !

    C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw_nav.dat trouvé !
    Copie C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw_nav.dat réalisé avec succès !
    C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw_nav.dat supprimé !

    C:\Users\Pierre\AppData\Local\Microsoft\mbsslbdia_navtmp.dat trouvé !
    Copie C:\Users\Pierre\AppData\Local\Microsoft\mbsslbdia_navtmp.dat réalisé avec succès !
    C:\Users\Pierre\AppData\Local\Microsoft\mbsslbdia_navtmp.dat supprimé !

    *** Sauvegarde du Registre vers dossier Backupnavi ***

    sauvegarde du Registre réalisé avec succès !

    *** Nettoyage Registre ***

    Nettoyage Registre Ok

    *** Certificats ***

    Certificat Egroup supprimé !

    *** Nettoyage terminé le 07/11/2007 à 19:21:28,80 ***
    0
  10. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    encore des problemes?
    0
  11. grandpierre Messages postés 110 Statut Membre 10
     
    Bonjour JLPJLP et merci mille fois our ton aide. Je ne peux pas encore te dire si j'ai des problemes spécifiques, mais, par exemple, dans mon courrier de ce matin, j'ai cliqué sur le mail de Comment ça marche pour te répondre et l'attente est d'environ 2 minutes avant que la page ne s'ouvre. Est-ce normal ? Est-ce dû à mon fournisseur Noos ou à des logiciels espions. Je n'en sais rien. Y a-t-il d'autres moyens pour le savoir. En tout cas je te suis nfiniment reconnaissant de m'aider. Grandpierre
    0
  12. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    scan avec des antiespions (en mode sans échec):

    spybot :

    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

    voir demo d utilisation (merci Balltrap)
    http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

    AD AWARE:
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html

    _______________

    utilise pour supprimer tes traces

    CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

    https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html

    __________________
    si ca persiste

    colle un rapport hijackthis
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
  13. grandpierre Messages postés 110 Statut Membre 10
     
    Bonjour JLPJLP. C'est encore moi. Je n'arrive pas à régler mon probleme. Je retrouve toujours les mêmes blocages, c'est-à-dire chaque fois que je veux ouvrir un fichier, Windows répond qu'il a cessé de fonctionn er. Au 2° clic, ça marche. Sur Internet, c'est toujours aussi long: au moins 2 minutes pour changer de pages, quand ce n'est pas 5'. J'ai essayé de faire un scan avec hijachthis mais je ne suis pas sûr que ce soit le bon car je n'arrive pas à traduire l'anglais. J'essaie de te l'envoyer et te remercie encore de ta patience. Grandpierre

    * HijackThis v1.99.1 *
    Written by Merijn - merijn@spywareinfo.com
    http://www.merijn.org/files/hijackthis.zip
    http://www.merijn.org/index.html

    See bottom for version history.

    The different sections of hijacking possibilities have been separated into the following groups.
    You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.

    R - Registry, StartPage/SearchPage changes
    R0 - Changed registry value
    R1 - Created registry value
    R2 - Created registry key
    R3 - Created extra registry value where only one should be
    F - IniFiles, autoloading entries
    F0 - Changed inifile value
    F1 - Created inifile value
    F2 - Changed inifile value, mapped to Registry
    F3 - Created inifile value, mapped to Registry
    N - Netscape/Mozilla StartPage/SearchPage changes
    N1 - Change in prefs.js of Netscape 4.x
    N2 - Change in prefs.js of Netscape 6
    N3 - Change in prefs.js of Netscape 7
    N4 - Change in prefs.js of Mozilla
    O - Other, several sections which represent:
    O1 - Hijack of auto.search.msn.com with Hosts file
    O2 - Enumeration of existing MSIE BHO's
    O3 - Enumeration of existing MSIE toolbars
    O4 - Enumeration of suspicious autoloading Registry entries
    O5 - Blocking of loading Internet Options in Control Panel
    O6 - Disabling of 'Internet Options' Main tab with Policies
    O7 - Disabling of Regedit with Policies
    O8 - Extra MSIE context menu items
    O9 - Extra 'Tools' menuitems and buttons
    O10 - Breaking of Internet access by New.Net or WebHancer
    O11 - Extra options in MSIE 'Advanced' settings tab
    O12 - MSIE plugins for file extensions or MIME types
    O13 - Hijack of default URL prefixes
    O14 - Changing of IERESET.INF
    O15 - Trusted Zone Autoadd
    O16 - Download Program Files item
    O17 - Domain hijack
    O18 - Enumeration of existing protocols and filters
    O19 - User stylesheet hijack
    O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
    O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
    O22 - SharedTaskScheduler autorun Registry key
    O23 - Enumeration of NT Services

    Command-line parameters:
    * /autolog - Automatically scan the system, save a logfile and open it
    * /ihatewhitelists - ignore all internal whitelists
    * /uninstall - remove all HijackThis Registry entries, backups and quit

    * Version history *

    [v1.99.1]
    * Added Winlogon Notify keys to O20 listing
    * Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
    * Fixed lots and lots of 'unexpected error' bugs
    * Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
    * Added 'Delete NT Service' function in Misc Tools section
    * Added ProtocolDefaults to O15 listing
    * Fixed MD5 hashing not working
    * Fixed 'ISTSVC' autorun entries with garbage data not being fixed
    * Fixed HijackThis uninstall entry not being updated/created on new versions
    * Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
    * Added option to scan the system at startup, then show results or quit if nothing found
    [v1.99]
    * Added O23 (NT Services) in light of newer trojans
    * Integrated ADS Spy into Misc Tools section
    * Added 'Action taken' to info in 'More info on this item'
    [v1.98]
    * Definitive support for Japanese/Chinese/Korean systems
    * Added O20 (AppInit_DLLs) in light of newer trojans
    * Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
    * Added O22 (SharedTaskScheduler) in light of newer trojans
    * Backups of fixed items are now saved in separate folder
    * HijackThis now checks if it was started from a temp folder
    * Added a small process manager (Misc Tools section)
    [v1.96]
    * Lots of bugfixes and small enhancements! Among others:
    * Fix for Japanese IE toolbars
    * Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
    * Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
    * Added several files to the LSP whitelist
    * Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
    * All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
    [v1.95]
    * Added a new regval to check for from Whazit hijack (Start Page_bak).
    * Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
    * New in logfile: Running processes at time of scan.
    * Checkmarks for running StartupList with /full and /complete in HijackThis UI.
    * New O19 method to check for Datanotary hijack of user stylesheet.
    * Google.com IP added to whitelist for Hosts file check.
    [v1.94]
    * Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
    * Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
    * Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
    * Fixed a bug where DPF could not be deleted.
    * Fixed a stupid bug in enumeration of autostarting shortcuts.
    * Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
    * Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
    * Added support for backing up F0 and F1 items (d'oh!).
    [v1.93]
    * Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
    * Fixed a bug in LSP routine for Win95.
    * Made taborder nicer.
    * Fixed a bug in backup/restore of IE plugins.
    * Added UltimateSearch hijack in O17 method (I think).
    * Fixed a bug with detecting/removing BHO's disabled by BHODemon.
    * Also fixed a bug in StartupList (now version 1.52.1).
    [v1.92]
    * Fixed two stupid bugs in backup restore function.
    * Added DiamondCS file to LSP files safelist.
    * Added a few more items to the protocol safelist.
    * Log is now opened immediately after saving.
    * Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
    * Updated integrated StartupList to v1.52.
    * In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
    * Rudimentary proxy support for the Check for Updates function.
    [v1.91]
    * Added rd.yahoo.com to the Nonstandard But Safe Domains list.
    * Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
    * Added listing of programs/links in Startup folders (O4).
    * Fixed 'Check for Update' not detecting new versions.
    [v1.9]
    * Added check for Lop.com 'Domain' hijack (O17).
    * Bugfix in URLSearchHook (R3) fix.
    * Improved O1 (Hosts file) check.
    * Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
    * Added AutoConfigURL and proxyserver checks (R1).
    * IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
    * Added check for extra protocols (O18).
    [v1.81]
    * Added 'ignore non-standard but safe domains' option.
    * Improved Winsock LSP hijackers detection.
    * Integrated StartupList updated to v1.4.
    [v1.8]
    * Fixed a few bugs.
    * Adds detecting of free.aol.com in Trusted Zone.
    * Adds checking of URLSearchHooks key, which should have only one value.
    * Adds listing/deleting of Download Program Files.
    * Integrated StartupList into the new 'Misc Tools' section of the Config screen!
    [v1.71]
    * Improves detecting of O6.
    * Some internal changes/improvements.
    [v1.7]
    * Adds backup function! Yay!
    * Added check for default URL prefix
    * Added check for changing of IERESET.INF
    * Added check for changing of Netscape/Mozilla homepage and default search engine.
    [v1.61]
    * Fixes Runtime Error when Hosts file is empty.
    [v1.6]
    * Added enumerating of MSIE plugins
    * Added check for extra options in 'Advanced' tab of 'Internet Options'.
    [v1.5]
    * Adds 'Uninstall & Exit' and 'Check for update online' functions.
    * Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
    [v1.4]
    * Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
    * A few bugfixes/enhancements
    [v1.3]
    * Adds detecting of extra MSIE context menu items
    * Added detecting of extra 'Tools' menu items and extra buttons
    * Added 'Confirm deleting/ignoring items' checkbox
    [v1.2]
    * Adds 'Ignorelist' and 'Info' functions
    [v1.1]
    * Supports BHO's, some default URL changes
    [v1.0]
    * Original release

    A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.
    0
  14. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ce n'est pas un rapport bon de hijackthis regarde le manuel donné!

    _______________

    AVG antispyware

    https://www.01net.com/telecharger/

    Tuto :
    http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html

    ->Relance AVG AS -> "Analyse" ->"Paramètres"

    Sous la question "Comment réagir ?" :

    -> clique sur "Actions recommandées" et choisis "Quarantaines"
    -> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

    Si un fichier est infecté en fin d'analyse

    ->Clique sur "Appliquer toutes les actions "

    ->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

    ->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

    _______________

    Colle le rapport :
    Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

    • Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
    • Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
    • Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
    Manuel de clean :
    http://kerio.probb.fr/tuto-Clean-h37.html
    0
  15. grandpierre Messages postés 110 Statut Membre 10
     
    Bonjour jlpjlp et Bon Dimanche. J'essaie de suivre tes conseils un par un un afin de ne pas me mélanger les pédales. J'ai donc pour commencer, fait un nettoyage avec AVG dont j'espère pouvoir t'envoyer le rapport.Celui-ci indique que tout est normal, les parametres de sécurité garantissent un niveau de protection maximum.....Malgré ce bon rapport, il note 23 malawares. Je ne sais pas ce que ca veut dire. Par contre, je n'ai pas trouvé "Comment réagir". J'espère que malgré tout mon rapport est valable. Je vais continuer avec Kachouri et t'enverrai les résultats. Je commence à culpabiliser avec toutes mes interventions. J'espère ne pas trop dépasser les bornes et je te remercie encore de ta patience. Grandpierre
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\pierre@2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@casalemedia[1].txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@fastclick[1].txt -> TrackingCookie.Fastclick : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@image.masterstats[1].txt -> TrackingCookie.Masterstats : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@realguide.real[1].txt -> TrackingCookie.Real : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@revsci[2].txt -> TrackingCookie.Revsci : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
    C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@m.webtrends[2].txt -> TrackingCookie.Webtrends : Aucune action entreprise.
    0
  16. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    bon dimanche!!!

    si ca persiste

    colle un rapport hijackthis
    https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html

    manuel :

    https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html

    Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

    ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

    Ensuite avec Explorer créer un dossier c:\hijackthis
    Décompresser Hijackthis dans ce dossier.
    C'est important pour les sauvegardes."
    0
  17. grandpierre Messages postés 110 Statut Membre 10
     
    J'ai la tête grosse comme une citrouille mais je ne devrais pas me plaindre car vous, les bénévoles qui nous aidez avec tant d'abnégation, n'arrêtez pas de vous mettre à notre service, nous les ignares. Ce qui me fatigue, c'est d'attendre des heures pour passer d'une page à une autre. Je suis dessus depuis ce matin et ca n'avance pas. J'espère que le rapport Hijacktis est le bon. Je le joins en esperant que tout aille bien. Encore mille merci. Grandpierre

    Logfile of HijackThis v1.99.1
    Scan saved at 16:48:17, on 11/11/2007
    Platform: Unknown Windows (WinNT 6.00.1904)
    MSIE: Internet Explorer v7.00 (7.00.6000.16546)

    Running processes:
    C:\Windows\system32\Dwm.exe
    C:\Windows\Explorer.EXE
    C:\Windows\system32\taskeng.exe
    C:\Program Files\Windows Defender\MSASCui.exe
    C:\hp\support\hpsysdrv.exe
    C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe
    C:\Windows\RtHDVCpl.exe
    C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
    C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
    C:\Program Files\QuickTime\QTTask.exe
    C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
    C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
    C:\Program Files\Alwil Software\Avast4\ashDisp.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    C:\Program Files\Softwin\BitDefender10\bdmcon.exe
    C:\Program Files\Softwin\BitDefender10\bdagent.exe
    C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
    C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
    C:\Program Files\Common Files\Real\Update_OB\realsched.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Windows Sidebar\sidebar.exe
    C:\Program Files\Skype\Phone\Skype.exe
    C:\Windows\ehome\ehtray.exe
    C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
    C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
    C:\Program Files\Microsoft Money\System\mnyexpr.exe
    C:\Program Files\Windows Media Player\wmpnscfg.exe
    C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    C:\Windows\ehome\ehmsas.exe
    C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
    C:\Windows\System32\mobsync.exe
    C:\Program Files\Skype\Plugin Manager\skypePM.exe
    C:\Program Files\Windows Mail\WinMail.exe
    C:\hp\kbd\kbd.exe
    C:\Program Files\Internet Explorer\IEUser.exe
    C:\HijackThis.exe
    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
    C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
    C:\Windows\system32\NOTEPAD.EXE

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
    O1 - Hosts: ::1 localhost
    O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
    O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
    O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
    O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
    O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
    O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
    O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
    O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
    O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
    O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
    O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
    O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
    O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
    O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
    O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
    O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
    O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
    O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
    O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
    O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
    O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
    O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
    O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
    O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
    O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
    O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
    O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
    O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
    O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
    O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
    O11 - Options group: [INTERNATIONAL] International*
    O13 - Gopher Prefix:
    O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
    O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab
    O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
    O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
    O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
    O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
    O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
    O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
    O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
    O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
    O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
    O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
    O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
    O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
    O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
    O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
    O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
    O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
    O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
    O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
    O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
    O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
    O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
    O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
    O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
    O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
    O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
    O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
    O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
    O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
    O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
    0
  18. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    slt,

    1/
    je vois des traces de norton antivirus, bit defender et avast !

    il ne faut garder qu'un seul antivirus sinon ca va planter

    _____________________

    2/
    lance hijackhtis, fais DO A SYSTEM SCAN ONLY puis selectionne sur la gauche les lignes suivantes puis fais FIX CHEKED

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
    R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
    R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
    R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
    R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

    O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
    O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
    O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
    O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)

    O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

    O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

    O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe

    O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
    O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

    _____________________

    recolle ensuite un scan avec bitdefender

    un scan hijackthis

    et dis surtout tes problemes
    0
  19. grandpierre Messages postés 110 Statut Membre 10
     
    Bonjour jlpjlp. Avant de t'envoyer le rapport d'Hijackthis que j'ai beacoup de mal à trouver avec Vista, j'ai lu dans Micro Hebdo un antivirus Trojan remover que j'ai essayé et dont je te joins le rapport. J'espère qu'il n'est pas trop lourd. Je réunis le reste de mes investigations et je te les renvoie dès que possible. Pour te faire une idée dd'un des problemes que je rencontre, j'ai attendu 10 minutes pour avoir la page de Comment ça marche après avoir cliqué sur l'adresse. Merci encore. Grandpierre

    ***** NORMAL SCAN FOR ACTIVE MALWARE *****
    Trojan Remover Ver 6.6.4.2499. For information, email support@simplysup1.com
    [Unregistered version]
    Scan started at: 13/11/2007 06:47:10
    Using Database v6891
    Operating System: Windows Vista (Build 6000)
    Edition: Windows Vista (TM) Home Premium
    Data directory: C:\Users\Pierre\AppData\Roaming\Simply Super Software\Trojan Remover\
    Logfile directory: C:\Users\Pierre\Documents\Simply Super Software\Trojan Remover Logfiles\
    Program directory: C:\Program Files\Trojan Remover\
    Running with Administrator privileges

    **************************************************
    The following Anti-Malware program(s) are loaded:
    Microsoft Windows Defender

    **************************************************

    Checking Registry exefile command for modifications
    Checking Registry comfile command for modifications
    Checking Registry piffile command for modifications
    Checking Registry batfile command for modifications
    Checking Registry regfile command for modifications
    Checking Registry cmdfile command for modifications
    Checking Registry scrfile command for modifications

    **************************************************
    06:47:10: Scanning ----------WIN.INI-----------
    WIN.INI found in C:\Windows

    **************************************************
    06:47:10: Scanning --------SYSTEM.INI---------
    SYSTEM.INI found in C:\Windows

    **************************************************
    06:47:10: ----- SCANNING FOR ROOTKIT SERVICES -----
    No hidden Services were detected.

    **************************************************
    06:47:10: Scanning -----WINDOWS REGISTRY-----
    --------------------
    Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
    This key's "Shell" value calls the following program(s):
    explorer.exe - this entry has been left in place
    ----------
    This key's "Userinit" value calls the following program(s):
    C:\Windows\system32\userinit.exe - this entry has been left in place
    ----------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    --------------------
    Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
    Value Name = load
    The Data Value for this entry appears to be blank
    --------------------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
    This Registry Key attempts to run the following program(s):
    Value Name = Windows Defender
    Value Data = %ProgramFiles%\Windows Defender\MSASCui.exe -hide - this command has been left in place
    --------------------
    Value Name = hpsysdrv
    Value Data = c:\hp\support\hpsysdrv.exe - this command has been left in place
    --------------------
    Value Name = KBD
    Value Data = C:\HP\KBD\KbdStub.EXE - this command has been left in place
    --------------------
    Value Name = OsdMaestro
    Value Data = C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe - this command has been left in place
    --------------------
    Value Name = NvSvc
    Value Data = RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart - this command has been left in place
    --------------------
    Value Name = NvCplDaemon
    Value Data = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup - this command has been left in place
    --------------------
    Value Name = NvMediaCenter
    Value Data = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit - this command has been left in place
    --------------------
    Value Name = RtHDVCpl
    Value Data = RtHDVCpl.exe - this command has been left in place
    --------------------
    Value Name = CCUTRAYICON
    Value Data = C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe - this command has been left in place
    --------------------
    Value Name = HP Software Update
    Value Data = c:\Program Files\HP\HP Software Update\HPWuSchd2.exe - this command has been left in place
    --------------------
    Value Name = Symantec PIF AlertEng
    Value Data = C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll - this command has been left in place
    --------------------
    Value Name = NeroFilterCheck
    Value Data = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe - this command has been left in place
    --------------------
    Value Name = PMCRemote
    Value Data = C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe - this command has been left in place
    --------------------
    Value Name = avast!
    Value Data = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - this command has been left in place
    --------------------
    Value Name = AVFX Engine
    Value Data = C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe - this command has been left in place
    --------------------
    Value Name = BDMCon
    Value Data = C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg - this command has been left in place
    --------------------
    Value Name = BDAgent
    Value Data = C:\Program Files\Softwin\BitDefender10\bdagent.exe - this command has been left in place
    --------------------
    Value Name = SSBkgdUpdate
    Value Data = C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot - this command has been left in place
    --------------------
    Value Name = WrtMon.exe
    Value Data = C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe - this command has been left in place
    --------------------
    Value Name = TkBellExe
    Value Data = C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot - this command has been left in place
    --------------------
    Value Name = TrojanScanner
    Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
    --------------------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
    This Registry Key attempts to run the following program(s):
    Value Name = Launcher
    Value Data = %WINDIR%\SMINST\launcher.exe - this command has been left in place
    --------------------
    --------------------
    Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    This Registry Key attempts to run the following program(s):
    Value Name = Sidebar
    Value Data = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun - this command has been left in place
    --------------------
    Value Name = Skype
    Value Data = C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized - this command has been left in place
    --------------------
    Value Name = ehTray.exe
    Value Data = C:\Windows\ehome\ehTray.exe - this command has been left in place
    --------------------
    Value Name = BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
    Value Data = C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe - this command has been left in place
    --------------------
    Value Name = swg
    Value Data = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - this command has been left in place
    --------------------
    Value Name = MoneyAgent
    Value Data = C:\Program Files\Microsoft Money\System\mnyexpr.exe - this command has been left in place
    --------------------
    Value Name = WMPNSCFG
    Value Data = C:\Program Files\Windows Media Player\WMPNSCFG.exe - this command has been left in place
    --------------------
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
    This Registry Key appears to be empty
    --------------------
    Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
    This Registry Key appears to be empty

    **************************************************
    06:47:11: Scanning -----SHELLEXECUTEHOOKS-----
    ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
    Value: AVG Anti-Spyware 7.5
    File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll - this ShellExecuteHook has been left in place
    ----------

    **************************************************
    06:47:11: Scanning -----HIDDEN REGISTRY ENTRIES-----
    Taskdir check completed
    ----------
    No Hidden File-loading Registry Entries found
    ----------

    **************************************************
    06:47:11: Scanning -----ACTIVE SCREENSAVER-----
    ScreenSaver=C:\Windows\system32\logon.scr - this command has been left in place
    --------------------

    **************************************************
    06:47:11: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
    Checking the StubPath calls in the Active Setup\Installed Components registry keys:
    Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
    StubPath=C:\Windows\system32\unregmp2.exe - this reference has been left in place
    ----------
    Key=>{26923b43-4d38-484f-9b9e-de460746276c}
    StubPath=C:\Windows\system32\ie4uinit.exe - this reference has been left in place
    ----------
    Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
    StubPath=C:\Windows\system32\regsvr32.exe - this reference has been left in place
    ----------
    Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
    StubPath=C:\Program Files\Windows Mail\WinMail.exe - this reference has been left in place
    ----------
    Key={6BF52A52-394A-11d3-B153-00C04F79FAA6}
    StubPath=C:\Windows\system32\unregmp2.exe - this reference has been left in place
    ----------
    Key={89820200-ECBD-11cf-8B85-00AA005B4340}
    StubPath=regsvr32.exe - this reference has been left in place
    ----------
    Key={89820200-ECBD-11cf-8B85-00AA005B4383}
    StubPath=C:\Windows\system32\ie4uinit.exe - this reference has been left in place
    ----------

    **************************************************
    06:47:12: Scanning ----- SERVICEDLL REGISTRY KEYS -----
    Checking DLL files called from the CurrentControlSet\Services Keys:
    --------------------
    Key=AeLookupSvc
    ServiceDLL=%SystemRoot%\System32\aelupsvc.dll - this reference has been left in place
    --------------------
    Key=Appinfo
    ServiceDLL=%SystemRoot%\System32\appinfo.dll - this reference has been left in place
    --------------------
    Key=AudioEndpointBuilder
    ServiceDLL=%SystemRoot%\System32\Audiosrv.dll - this reference has been left in place
    --------------------
    Key=Audiosrv
    ServiceDLL=%SystemRoot%\System32\Audiosrv.dll - this reference has been left in place
    --------------------
    Key=BFE
    ServiceDLL=%SystemRoot%\System32\bfe.dll - this reference has been left in place
    --------------------
    Key=BITS
    ServiceDLL=%SystemRoot%\System32\qmgr.dll - this reference has been left in place
    --------------------
    Key=Browser
    ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
    --------------------
    Key=CertPropSvc
    ServiceDLL=%SystemRoot%\System32\certprop.dll - this reference has been left in place
    --------------------
    Key=CryptSvc
    ServiceDLL=%SystemRoot%\system32\cryptsvc.dll - this reference has been left in place
    --------------------
    Key=DcomLaunch
    ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
    --------------------
    Key=Dhcp
    ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
    --------------------
    Key=Dnscache
    ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
    --------------------
    Key=dot3svc
    ServiceDLL=%SystemRoot%\System32\dot3svc.dll - this reference has been left in place
    --------------------
    Key=DPS
    ServiceDLL=%SystemRoot%\system32\dps.dll - this reference has been left in place
    --------------------
    Key=EapHost
    ServiceDLL=%SystemRoot%\System32\eapsvc.dll - this reference has been left in place
    --------------------
    Key=ehstart
    ServiceDLL=%SystemRoot%\ehome\ehstart.dll - this reference has been left in place
    --------------------
    Key=EMDMgmt
    ServiceDLL=%systemroot%\system32\emdmgmt.dll - this reference has been left in place
    --------------------
    Key=EventSystem
    ServiceDLL=%systemroot%\system32\es.dll - this reference has been left in place
    --------------------
    Key=fdPHost
    ServiceDLL=%SystemRoot%\system32\fdPHost.dll - this reference has been left in place
    --------------------
    Key=FDResPub
    ServiceDLL=%SystemRoot%\system32\fdrespub.dll - this reference has been left in place
    --------------------
    Key=gpsvc
    ServiceDLL=%SystemRoot%\System32\gpsvc.dll - this reference has been left in place
    --------------------
    Key=hidserv
    ServiceDLL=%SystemRoot%\system32\hidserv.dll - this reference has been left in place
    --------------------
    Key=hkmsvc
    ServiceDLL=%SystemRoot%\system32\kmsvc.dll - this reference has been left in place
    --------------------
    Key=IKEEXT
    ServiceDLL=%SystemRoot%\System32\ikeext.dll - this reference has been left in place
    --------------------
    Key=IPBusEnum
    ServiceDLL=%SystemRoot%\system32\ipbusenum.dll - this reference has been left in place
    --------------------
    Key=iphlpsvc
    ServiceDLL=%SystemRoot%\System32\iphlpsvc.dll - this reference has been left in place
    --------------------
    Key=KtmRm
    ServiceDLL=%systemroot%\system32\msdtckrm.dll - this reference has been left in place
    --------------------
    Key=LanmanServer
    ServiceDLL=%SystemRoot%\system32\srvsvc.dll - this reference has been left in place
    --------------------
    Key=LanmanWorkstation
    ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
    --------------------
    Key=lltdsvc
    ServiceDLL=%SystemRoot%\System32\lltdsvc.dll - this reference has been left in place
    --------------------
    Key=lmhosts
    ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
    --------------------
    Key=Mcx2Svc
    ServiceDLL=%SystemRoot%\system32\Mcx2Svc.dll - this reference has been left in place
    --------------------
    Key=MMCSS
    ServiceDLL=%SystemRoot%\system32\mmcss.dll - this reference has been left in place
    --------------------
    Key=MpsSvc
    ServiceDLL=%SystemRoot%\system32\mpssvc.dll - this reference has been left in place
    --------------------
    Key=MSiSCSI
    ServiceDLL=%systemroot%\system32\iscsiexe.dll - this reference has been left in place
    --------------------
    Key=napagent
    ServiceDLL=%SystemRoot%\system32\qagentRT.dll - this reference has been left in place
    --------------------
    Key=Netman
    ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
    --------------------
    Key=netprofm
    ServiceDLL=%SystemRoot%\System32\netprofm.dll - this reference has been left in place
    --------------------
    Key=NlaSvc
    ServiceDLL=%SystemRoot%\System32\nlasvc.dll - this reference has been left in place
    --------------------
    Key=nsi
    ServiceDLL=%systemroot%\system32\nsisvc.dll - this reference has been left in place
    --------------------
    Key=p2pimsvc
    ServiceDLL=%SystemRoot%\system32\p2psvc.dll - this reference has been left in place
    --------------------
    Key=p2psvc
    ServiceDLL=%SystemRoot%\system32\p2psvc.dll - this reference has been left in place
    --------------------
    Key=PcaSvc
    ServiceDLL=%SystemRoot%\System32\pcasvc.dll - this reference has been left in place
    --------------------
    Key=pla
    ServiceDLL=%systemroot%\system32\pla.dll - this reference has been left in place
    --------------------
    Key=PlugPlay
    ServiceDLL=%SystemRoot%\system32\umpnpmgr.dll - this reference has been left in place
    --------------------
    Key=PNRPAutoReg
    ServiceDLL=%SystemRoot%\system32\p2psvc.dll - this reference has been left in place
    --------------------
    Key=PNRPsvc
    ServiceDLL=%SystemRoot%\system32\p2psvc.dll - this reference has been left in place
    --------------------
    Key=PolicyAgent
    ServiceDLL=%SystemRoot%\System32\ipsecsvc.dll - this reference has been left in place
    --------------------
    Key=ProfSvc
    ServiceDLL=%systemroot%\system32\profsvc.dll - this reference has been left in place
    --------------------
    Key=QWAVE
    ServiceDLL=%windir%\system32\qwave.dll - this reference has been left in place
    --------------------
    Key=RasAuto
    ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
    --------------------
    Key=RasMan
    ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
    --------------------
    Key=RemoteAccess
    ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
    --------------------
    Key=RemoteRegistry
    ServiceDLL=%SystemRoot%\system32\regsvc.dll - this reference has been left in place
    --------------------
    Key=RpcSs
    ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
    --------------------
    Key=SCardSvr
    ServiceDLL=%SystemRoot%\System32\SCardSvr.dll - this reference has been left in place
    --------------------
    Key=Schedule
    ServiceDLL=%systemroot%\system32\schedsvc.dll - this reference has been left in place
    --------------------
    Key=SCPolicySvc
    ServiceDLL=%SystemRoot%\System32\certprop.dll - this reference has been left in place
    --------------------
    Key=SDRSVC
    ServiceDLL=%Systemroot%\System32\SDRSVC.dll - this reference has been left in place
    --------------------
    Key=seclogon
    ServiceDLL=%windir%\system32\seclogon.dll - this reference has been left in place
    --------------------
    Key=SENS
    ServiceDLL=%SystemRoot%\System32\sens.dll - this reference has been left in place
    --------------------
    Key=SessionEnv
    ServiceDLL=%SystemRoot%\system32\sessenv.dll - this reference has been left in place
    --------------------
    Key=SharedAccess
    ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
    --------------------
    Key=ShellHWDetection
    ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
    --------------------
    Key=SLUINotify
    ServiceDLL=%SystemRoot%\system32\SLUINotify.dll - this reference has been left in place
    --------------------
    Key=SSDPSRV
    ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
    --------------------
    Key=stisvc
    ServiceDLL=%SystemRoot%\System32\wiaservc.dll - this reference has been left in place
    --------------------
    Key=swprv
    ServiceDLL=%Systemroot%\System32\swprv.dll - this reference has been left in place
    --------------------
    Key=SysMain
    ServiceDLL=%systemroot%\system32\sysmain.dll - this reference has been left in place
    --------------------
    Key=TabletInputService
    ServiceDLL=%SystemRoot%\System32\TabSvc.dll - this reference has been left in place
    --------------------
    Key=TapiSrv
    ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
    --------------------
    Key=TBS
    ServiceDLL=%SystemRoot%\System32\tbssvc.dll - this reference has been left in place
    --------------------
    Key=TermService
    ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
    --------------------
    Key=Themes
    ServiceDLL=%SystemRoot%\system32\shsvcs.dll - this reference has been left in place
    --------------------
    Key=THREADORDER
    ServiceDLL=%SystemRoot%\system32\mmcss.dll - this reference has been left in place
    --------------------
    Key=TrkWks
    ServiceDLL=%SystemRoot%\System32\trkwks.dll - this reference has been left in place
    --------------------
    Key=upnphost
    ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
    --------------------
    Key=UxSms
    ServiceDLL=%SystemRoot%\System32\uxsms.dll - this reference has been left in place
    --------------------
    Key=W32Time
    ServiceDLL=%systemroot%\system32\w32time.dll - this reference has been left in place
    --------------------
    Key=W3SVC
    ServiceDLL=%windir%\system32\inetsrv\iisw3adm.dll - this reference has been left in place
    --------------------
    Key=WAS
    ServiceDLL=%windir%\system32\inetsrv\iisw3adm.dll - this reference has been left in place
    --------------------
    Key=wcncsvc
    ServiceDLL=%SystemRoot%\System32\wcncsvc.dll - this reference has been left in place
    --------------------
    Key=WcsPlugInService
    ServiceDLL=%SystemRoot%\System32\WcsPlugInService.dll - this reference has been left in place
    --------------------
    Key=WdiServiceHost
    ServiceDLL=%SystemRoot%\system32\wdi.dll - this reference has been left in place
    --------------------
    Key=WdiSystemHost
    ServiceDLL=%SystemRoot%\system32\wdi.dll - this reference has been left in place
    --------------------
    Key=WebClient
    ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
    --------------------
    Key=Wecsvc
    ServiceDLL=%SystemRoot%\system32\wecsvc.dll - this reference has been left in place
    --------------------
    Key=wercplsupport
    ServiceDLL=%SystemRoot%\System32\wercplsupport.dll - this reference has been left in place
    --------------------
    Key=WerSvc
    ServiceDLL=%SystemRoot%\System32\WerSvc.dll - this reference has been left in place
    --------------------
    Key=WinDefend
    ServiceDLL=%ProgramFiles%\Windows Defender\mpsvc.dll - this reference has been left in place
    --------------------
    Key=WinHttpAutoProxySvc
    ServiceDLL=winhttp.dll - this reference has been left in place
    --------------------
    Key=Winmgmt
    ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
    --------------------
    Key=WinRM
    ServiceDLL=%SystemRoot%\system32\WsmSvc.dll - this reference has been left in place
    --------------------
    Key=Wlansvc
    ServiceDLL=%SystemRoot%\System32\wlansvc.dll - this reference has been left in place
    --------------------
    Key=WPCSvc
    ServiceDLL=%SystemRoot%\System32\wpcsvc.dll - this reference has been left in place
    --------------------
    Key=WPDBusEnum
    ServiceDLL=%SystemRoot%\system32\wpdbusenum.dll - this reference has been left in place
    --------------------
    Key=wscsvc
    ServiceDLL=%SystemRoot%\System32\wscsvc.dll - this reference has been left in place
    --------------------
    Key=wuauserv
    ServiceDLL=%systemroot%\system32\wuaueng.dll - this reference has been left in place
    --------------------
    Key=wudfsvc
    ServiceDLL=%SystemRoot%\System32\WUDFSvc.dll - this reference has been left in place

    **************************************************
    06:47:16: Scanning ----- SERVICES REGISTRY KEYS -----
    Checking files called from the CurrentControlSet\Services Keys:
    Key=61883
    ImagePath=system32\DRIVERS\61883.sys - this reference has been left in place
    ----------
    Key=ACPI
    ImagePath=system32\drivers\acpi.sys - this reference has been left in place
    ----------
    Key=adp94xx
    ImagePath=\SystemRoot\system32\drivers\adp94xx.sys - this reference has been left in place
    ----------
    Key=adpahci
    ImagePath=\SystemRoot\system32\drivers\adpahci.sys - this reference has been left in place
    ----------
    Key=adpu160m
    ImagePath=\SystemRoot\system32\drivers\adpu160m.sys - this reference has been left in place
    ----------
    Key=adpu320
    ImagePath=\SystemRoot\system32\drivers\adpu320.sys - this reference has been left in place
    ----------
    Key=AFD
    ImagePath=\SystemRoot\system32\drivers\afd.sys - this reference has been left in place
    ----------
    Key=agp440
    ImagePath=\SystemRoot\system32\drivers\agp440.sys - this reference has been left in place
    ----------
    Key=aic78xx
    ImagePath=\SystemRoot\system32\drivers\djsvs.sys - this reference has been left in place
    ----------
    Key=AlertService
    ImagePath="C:\Program Files\Intel\IntelDH\CCU\AlertService.exe" - this reference has been left in place
    ----------
    Key=ALG
    ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
    ----------
    Key=aliide
    ImagePath=\SystemRoot\system32\drivers\aliide.sys - this reference has been left in place
    ----------
    Key=amdagp
    ImagePath=\SystemRoot\system32\drivers\amdagp.sys - this reference has been left in place
    ----------
    Key=amdide
    ImagePath=\SystemRoot\system32\drivers\amdide.sys - this reference has been left in place
    ----------
    Key=AmdK7
    ImagePath=\SystemRoot\system32\drivers\amdk7.sys - this reference has been left in place
    ----------
    Key=AmdK8
    ImagePath=\SystemRoot\system32\drivers\amdk8.sys - this reference has been left in place
    ----------
    Key=Apple Mobile Device
    ImagePath="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" - this reference has been left in place
    ----------
    Key=arc
    ImagePath=\SystemRoot\system32\drivers\arc.sys - this reference has been left in place
    ----------
    Key=arcsas
    ImagePath=\SystemRoot\system32\drivers\arcsas.sys - this reference has been left in place
    ----------
    Key=aswMonFlt
    ImagePath=system32\DRIVERS\aswMonFlt.sys - this reference has been left in place
    ----------
    Key=aswUpdSv
    ImagePath="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" - this reference has been left in place
    ----------
    Key=AsyncMac
    ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
    ----------
    Key=atapi
    ImagePath=system32\drivers\atapi.sys - this reference has been left in place
    ----------
    Key=avast! Antivirus
    ImagePath="C:\Program Files\Alwil Software\Avast4\ashServ.exe" - this reference has been left in place
    ----------
    Key=avast! Mail Scanner
    ImagePath="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service - this reference has been left in place
    ----------
    Key=avast! Web Scanner
    ImagePath="C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service - this reference has been left in place
    ----------
    Key=Avc
    ImagePath=system32\DRIVERS\avc.sys - this reference has been left in place
    ----------
    Key=AVG Anti-Spyware Driver
    ImagePath=\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys - this reference has been left in place
    ----------
    Key=AVG Anti-Spyware Guard
    ImagePath=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - this reference has been left in place
    ----------
    Key=AvgAsCln
    ImagePath=System32\DRIVERS\AvgAsCln.sys - this reference has been left in place
    ----------
    Key=bdfdll
    ImagePath=\??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys - this reference has been left in place
    ----------
    Key=bdss
    ImagePath="C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service - this reference has been left in place
    ----------
    Key=blbdrive
    ImagePath=\SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
    ----------
    Key=bowser
    ImagePath=system32\DRIVERS\bowser.sys - this reference has been left in place
    ----------
    Key=BrFiltLo
    ImagePath=\SystemRoot\system32\drivers\brfiltlo.sys - this reference has been left in place
    ----------
    Key=BrFiltUp
    ImagePath=\SystemRoot\system32\drivers\brfiltup.sys - this reference has been left in place
    ----------
    Key=Brserid
    ImagePath=\SystemRoot\system32\drivers\brserid.sys - this reference has been left in place
    ----------
    Key=BrSerWdm
    ImagePath=\SystemRoot\system32\drivers\brserwdm.sys - this reference has been left in place
    ----------
    Key=BrUsbMdm
    ImagePath=\SystemRoot\system32\drivers\brusbmdm.sys - this reference has been left in place
    ----------
    Key=BrUsbSer
    ImagePath=\SystemRoot\system32\drivers\brusbser.sys - this reference has been left in place
    ----------
    Key=BTHMODEM
    ImagePath=\SystemRoot\system32\drivers\bthmodem.sys - this reference has been left in place
    ----------
    Key=cdfs
    ImagePath=system32\DRIVERS\cdfs.sys - this reference has been left in place
    ----------
    Key=cdrom
    ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
    ----------
    Key=circlass
    ImagePath=\SystemRoot\system32\drivers\circlass.sys - this reference has been left in place
    ----------
    Key=CLFS
    ImagePath=System32\CLFS.sys - this reference has been left in place
    ----------
    Key=clr_optimization_v2.0.50727_32
    ImagePath=%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - this reference has been left in place
    ----------
    Key=cmdide
    ImagePath=\SystemRoot\system32\drivers\cmdide.sys - this reference has been left in place
    ----------
    Key=Compbatt
    ImagePath=\SystemRoot\system32\drivers\compbatt.sys - this reference has been left in place
    ----------
    Key=COMSysApp
    ImagePath=%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
    ----------
    Key=crcdisk
    ImagePath=system32\drivers\crcdisk.sys - this reference has been left in place
    ----------
    Key=Crusoe
    ImagePath=\SystemRoot\system32\drivers\crusoe.sys - this reference has been left in place
    ----------
    Key=DfsC
    ImagePath=System32\Drivers\dfsc.sys - this reference has been left in place
    ----------
    Key=DFSR
    ImagePath=%SystemRoot%\system32\DFSR.exe - this reference has been left in place
    ----------
    Key=disk
    ImagePath=system32\drivers\disk.sys - this reference has been left in place
    ----------
    Key=DQLWinService
    ImagePath="C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" - this reference has been left in place
    ----------
    Key=drmkaud
    ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
    ----------
    Key=DXGKrnl
    ImagePath=\SystemRoot\System32\drivers\dxgkrnl.sys - this reference has been left in place
    ----------
    Key=e1express
    ImagePath=system32\DRIVERS\e1e6032.sys - this reference has been left in place
    ----------
    Key=E1G60
    ImagePath=system32\DRIVERS\E1G60I32.sys - this reference has been left in place
    ----------
    Key=Ecache
    ImagePath=System32\drivers\ecache.sys - this reference has been left in place
    ----------
    Key=ehRecvr
    ImagePath=%systemroot%\ehome\ehRecvr.exe - this reference has been left in place
    ----------
    Key=ehSched
    ImagePath=%systemroot%\ehome\ehsched.exe - this reference has been left in place
    ----------
    Key=elxstor
    ImagePath=\SystemRoot\system32\drivers\elxstor.sys - this reference has been left in place
    ----------
    Key=fdc
    ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place
    ----------
    Key=FileInfo
    ImagePath=system32\drivers\fileinfo.sys - this reference has been left in place
    ----------
    Key=Filetrace
    ImagePath=system32\drivers\filetrace.sys - this reference has been left in place
    ----------
    Key=flpydisk
    ImagePath=system32\DRIVERS\flpydisk.sys - this reference has been left in place
    ----------
    Key=FltMgr
    ImagePath=system32\drivers\fltmgr.sys - this reference has been left in place
    ----------
    Key=FontCache3.0.0.0
    ImagePath=%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe - this reference has been left in place
    ----------
    Key=gagp30kx
    ImagePath=\SystemRoot\system32\drivers\gagp30kx.sys - this reference has been left in place
    ----------
    Key=GEARAspiWDM
    ImagePath=System32\Drivers\GEARAspiWDM.sys - this reference has been left in place
    ----------
    Key=gusvc
    ImagePath="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
    ----------
    Key=HdAudAddService
    ImagePath=system32\drivers\HdAudio.sys - this reference has been left in place
    ----------
    Key=HDAudBus
    ImagePath=system32\DRIVERS\HDAudBus.sys - this reference has been left in place
    ----------
    Key=HidBth
    ImagePath=\SystemRoot\system32\drivers\hidbth.sys - this reference has been left in place
    ----------
    Key=HidIr
    ImagePath=\SystemRoot\system32\drivers\hidir.sys - this reference has been left in place
    ----------
    Key=HidUsb
    ImagePath=system32\DRIVERS\hidusb.sys - this reference has been left in place
    ----------
    Key=HpCISSs
    ImagePath=\SystemRoot\system32\drivers\hpcisss.sys - this reference has been left in place
    ----------
    Key=HTTP
    ImagePath=system32\drivers\HTTP.sys - this reference has been left in place
    ----------
    Key=i2omp
    ImagePath=\SystemRoot\system32\drivers\i2omp.sys - this reference has been left in place
    ----------
    Key=i8042prt
    ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
    ----------
    Key=iaStor
    ImagePath=\SystemRoot\system32\drivers\iastor.sys - this reference has been left in place
    ----------
    Key=iaStorV
    ImagePath=\SystemRoot\system32\drivers\iastorv.sys - this reference has been left in place
    ----------
    Key=IDriverT
    ImagePath="c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" - this reference has been left in place
    ----------
    Key=idsvc
    ImagePath="%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" - this reference has been left in place
    ----------
    Key=iirsp
    ImagePath=\SystemRoot\system32\drivers\iirsp.sys - this reference has been left in place
    ----------
    Key=IntcAzAudAddService
    ImagePath=system32\drivers\RTKVHDA.sys - this reference has been left in place
    ----------
    Key=intelide
    ImagePath=\SystemRoot\system32\DRIVERS\intelide.sys - this reference has been left in place
    ----------
    Key=intelppm
    ImagePath=system32\DRIVERS\intelppm.sys - this reference has been left in place
    ----------
    Key=IpFilterDriver
    ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
    ----------
    Key=IpInIp
    ImagePath=system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
    ----------
    Key=IPMIDRV
    ImagePath=\SystemRoot\system32\drivers\ipmidrv.sys - this reference has been left in place
    ----------
    Key=IPNAT
    ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
    ----------
    Key=iPod Service
    ImagePath="C:\Program Files\iPod\bin\iPodService.exe" - this reference has been left in place
    ----------
    Key=IRENUM
    ImagePath=system32\drivers\irenum.sys - this reference has been left in place
    ----------
    Key=isapnp
    ImagePath=\SystemRoot\system32\drivers\isapnp.sys - this reference has been left in place
    ----------
    Key=iScsiPrt
    ImagePath=system32\DRIVERS\msiscsi.sys - this reference has been left in place
    ----------
    Key=ISSM
    ImagePath="C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe" - this reference has been left in place
    ----------
    Key=iteatapi
    ImagePath=\SystemRoot\system32\drivers\iteatapi.sys - this reference has been left in place
    ----------
    Key=iteraid
    ImagePath=\SystemRoot\system32\drivers\iteraid.sys - this reference has been left in place
    ----------
    Key=kbdclass
    ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
    ----------
    Key=kbdhid
    ImagePath=system32\DRIVERS\kbdhid.sys - this reference has been left in place
    ----------
    Key=KeyIso
    ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
    ----------
    Key=kl1
    ImagePath=system32\DRIVERS\kl1.sys - this reference has been left in place
    ----------
    Key=KLIF
    ImagePath=system32\DRIVERS\klif.sys - this reference has been left in place
    ----------
    Key=KSecDD
    ImagePath=System32\Drivers\ksecdd.sys - this reference has been left in place
    ----------
    Key=LightScribeService
    ImagePath="c:\Program Files\Common Files\LightScribe\LSSrvc.exe" - this reference has been left in place
    ----------
    Key=LIVESRV
    ImagePath="C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service - this reference has been left in place
    ----------
    Key=LiveUpdate
    ImagePath="C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" - this reference has been left in place
    ----------
    Key=LiveUpdate Notice Service
    ImagePath="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" - this reference has been left in place
    ----------
    Key=lltdio
    ImagePath=system32\DRIVERS\lltdio.sys - this reference has been left in place
    ----------
    Key=LSI_FC
    ImagePath=\SystemRoot\system32\drivers\lsi_fc.sys - this reference has been left in place
    ----------
    Key=LSI_SAS
    ImagePath=\SystemRoot\system32\drivers\lsi_sas.sys - this reference has been left in place
    ----------
    Key=LSI_SCSI
    ImagePath=\SystemRoot\system32\drivers\lsi_scsi.sys - this reference has been left in place
    ----------
    Key=luafv
    ImagePath=\SystemRoot\system32\drivers\luafv.sys - this reference has been left in place
    ----------
    Key=M1 Server
    ImagePath=C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe - this reference has been left in place
    ----------
    Key=MarvinBus
    ImagePath=system32\DRIVERS\MarvinBus.sys - this reference has been left in place
    ----------
    Key=MCLServiceATL
    ImagePath="C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe" - this reference has been left in place
    ----------
    Key=megasas
    ImagePath=\SystemRoot\system32\drivers\megasas.sys - this reference has been left in place
    ----------
    Key=Modem
    ImagePath=system32\drivers\modem.sys - this reference has been left in place
    ----------
    Key=monitor
    ImagePath=system32\DRIVERS\monitor.sys - this reference has been left in place
    ----------
    Key=mouclass
    ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
    ----------
    Key=mouhid
    ImagePath=system32\DRIVERS\mouhid.sys - this reference has been left in place
    ----------
    Key=MountMgr
    ImagePath=System32\drivers\mountmgr.sys - this reference has been left in place
    ----------
    Key=mpio
    ImagePath=\SystemRoot\system32\drivers\mpio.sys - this reference has been left in place
    ----------
    Key=mpsdrv
    ImagePath=System32\drivers\mpsdrv.sys - this reference has been left in place
    ----------
    Key=Mraid35x
    ImagePath=\SystemRoot\system32\drivers\mraid35x.sys - this reference has been left in place
    ----------
    Key=MRxDAV
    ImagePath=\SystemRoot\system32\drivers\mrxdav.sys - this reference has been left in place
    ----------
    Key=mrxsmb
    ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
    ----------
    Key=mrxsmb10
    ImagePath=system32\DRIVERS\mrxsmb10.sys - this reference has been left in place
    ----------
    Key=mrxsmb20
    ImagePath=system32\DRIVERS\mrxsmb20.sys - this reference has been left in place
    ----------
    Key=msahci
    ImagePath=\SystemRoot\system32\drivers\msahci.sys - this reference has been left in place
    ----------
    Key=msdsm
    ImagePath=\SystemRoot\system32\drivers\msdsm.sys - this reference has been left in place
    ----------
    Key=MSDTC
    ImagePath=%SystemRoot%\System32\msdtc.exe - this reference has been left in place
    ----------
    Key=MSDV
    ImagePath=system32\DRIVERS\msdv.sys - this reference has been left in place
    ----------
    Key=msisadrv
    ImagePath=system32\drivers\msisadrv.sys - this reference has been left in place
    ----------
    Key=MSIServer
    ImagePath=C:\Windows\system32\msiexec.exe /V - this reference has been left in place
    ----------
    Key=MSKSSRV
    ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
    ----------
    Key=MSPCLOCK
    ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
    ----------
    Key=MSPQM
    ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
    ----------
    Key=mssmbios
    ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
    ----------
    Key=MSTEE
    ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
    ----------
    Key=Mup
    ImagePath=System32\Drivers\mup.sys - this reference has been left in place
    ----------
    Key=NativeWifiP
    ImagePath=system32\DRIVERS\nwifi.sys - this reference has been left in place
    ----------
    Key=NBService
    ImagePath=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe - this reference has been left in place
    ----------
    Key=NDIS
    ImagePath=system32\drivers\ndis.sys - this reference has been left in place
    ----------
    Key=NdisTapi
    ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
    ----------
    Key=Ndisuio
    ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
    ----------
    Key=NdisWan
    ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
    ----------
    Key=NetBIOS
    ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
    ----------
    Key=netbt
    ImagePath=System32\DRIVERS\netbt.sys - this reference has been left in place
    ----------
    Key=Netlogon
    ImagePath=%systemroot%\system32\lsass.exe - this reference has been left in place
    ----------
    Key=netr73
    ImagePath=system32\DRIVERS\netr73.sys - this reference has been left in place
    ----------
    Key=nfrd960
    ImagePath=\SystemRoot\system32\drivers\nfrd960.sys - this reference has been left in place
    ----------
    Key=NMIndexingService
    ImagePath="C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" - this reference has been left in place
    ----------
    Key=nsiproxy
    ImagePath=system32\drivers\nsiproxy.sys - this reference has been left in place
    ----------
    Key=ntrigdigi
    ImagePath=\SystemRoot\system32\drivers\ntrigdigi.sys - this reference has been left in place
    ----------
    Key=nvlddmkm
    ImagePath=system32\DRIVERS\nvlddmkm.sys - this reference has been left in place
    ----------
    Key=nvraid
    ImagePath=\SystemRoot\system32\drivers\nvraid.sys - this reference has been left in place
    ----------
    Key=nvstor
    ImagePath=\SystemRoot\system32\drivers\nvstor.sys - this reference has been left in place
    ----------
    Key=nv_agp
    ImagePath=\SystemRoot\system32\drivers\nv_agp.sys - this reference has been left in place
    ----------
    Key=NwlnkFlt
    ImagePath=system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
    ----------
    Key=NwlnkFwd
    ImagePath=system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
    ----------
    Key=odserv
    ImagePath="C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" - this reference has been left in place
    ----------
    Key=ohci1394
    ImagePath=system32\DRIVERS\ohci1394.sys - this reference has been left in place
    ----------
    Key=ose
    ImagePath="C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" - this reference has been left in place
    ----------
    Key=Parport
    ImagePath=\SystemRoot\system32\drivers\parport.sys - this reference has been left in place
    ----------
    Key=partmgr
    ImagePath=System32\drivers\partmgr.sys - this reference has been left in place
    ----------
    Key=Parvdm
    ImagePath=\SystemRoot\system32\drivers\parvdm.sys - this reference has been left in place
    ----------
    Key=pci
    ImagePath=system32\drivers\pci.sys - this reference has been left in place
    ----------
    Key=pciide
    ImagePath=system32\drivers\pciide.sys - this reference has been left in place
    ----------
    Key=PCLEPCI
    ImagePath=C:\Windows\system32\drivers\pclepci.sys - this reference has been left in place
    ----------
    Key=pcmcia
    ImagePath=\SystemRoot\system32\drivers\pcmcia.sys - this reference has been left in place
    ----------
    Key=PEAUTH
    ImagePath=system32\drivers\peauth.sys - this reference has been left in place
    ----------
    Key=Planificateur LiveUpdate automatique
    ImagePath="C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" - this reference has been left in place
    ----------
    Key=PptpMiniport
    ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
    ----------
    Key=Processor
    ImagePath=\SystemRoot\system32\drivers\processr.sys - this reference has been left in place
    ----------
    Key=ProtectedStorage
    ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
    ----------
    Key=Ps2
    ImagePath=system32\DRIVERS\PS2.sys - this reference has been left in place
    ----------
    Key=PSched
    ImagePath=system32\DRIVERS\pacer.sys - this reference has been left in place
    ----------
    Key=PxHelp20
    ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
    ----------
    Key=ql2300
    ImagePath=\SystemRoot\system32\drivers\ql2300.sys - this reference has been left in place
    ----------
    Key=ql40xx
    ImagePath=\SystemRoot\system32\drivers\ql40xx.sys - this reference has been left in place
    ----------
    Key=QWAVEdrv
    ImagePath=\SystemRoot\system32\drivers\qwavedrv.sys - this reference has been left in place
    ----------
    Key=RasAcd
    ImagePath=System32\DRIVERS\rasacd.sys - this reference has been left in place
    ----------
    Key=Rasl2tp
    ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
    ----------
    Key=RasPppoe
    ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
    ----------
    Key=rdbss
    ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
    ----------
    Key=RDPCDD
    ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
    ----------
    Key=rdpdr
    ImagePath=\SystemRoot\system32\drivers\rdpdr.sys - this reference has been left in place
    ----------
    Key=RDPENCDD
    ImagePath=system32\drivers\rdpencdd.sys - this reference has been left in place
    ----------
    Key=Remote UI Service
    ImagePath="C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe" - this reference has been left in place
    ----------
    Key=RoxMediaDB9
    ImagePath="c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe" - this reference has been left in place
    ----------
    Key=RpcLocator
    ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
    ----------
    Key=rspndr
    ImagePath=system32\DRIVERS\rspndr.sys - this reference has been left in place
    ----------
    Key=SamSs
    ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
    ----------
    Key=sbp2port
    ImagePath=\SystemRoot\system32\drivers\sbp2port.sys - this reference has been left in place
    ----------
    Key=SBSDWSCService
    ImagePath=C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe - this reference has been left in place
    ----------
    Key=Serenum
    ImagePath=\SystemRoot\system32\drivers\serenum.sys - this reference has been left in place
    ----------
    Key=Serial
    ImagePath=\SystemRoot\system32\drivers\serial.sys - this reference has been left in place
    ----------
    Key=sermouse
    ImagePath=\SystemRoot\system32\drivers\sermouse.sys - this reference has been left in place
    ----------
    Key=sffdisk
    ImagePath=\SystemRoot\system32\drivers\sffdisk.sys - this reference has been left in place
    ----------
    Key=sffp_mmc
    ImagePath=\SystemRoot\system32\drivers\sffp_mmc.sys - this reference has been left in place
    ----------
    Key=sffp_sd
    ImagePath=\SystemRoot\system32\drivers\sffp_sd.sys - this reference has been left in place
    ----------
    Key=sfloppy
    ImagePath=\SystemRoot\system32\drivers\sfloppy.sys - this reference has been left in place
    ----------
    Key=sisagp
    ImagePath=\SystemRoot\system32\drivers\sisagp.sys - this reference has been left in place
    ----------
    Key=SiSRaid2
    ImagePath=\SystemRoot\system32\drivers\sisraid2.sys - this reference has been left in place
    ----------
    Key=SiSRaid4
    ImagePath=\SystemRoot\system32\drivers\sisraid4.sys - this reference has been left in place
    ----------
    Key=slsvc
    ImagePath=%SystemRoot%\system32\SLsvc.exe - this reference has been left in place
    ----------
    Key=Smb
    ImagePath=system32\DRIVERS\smb.sys - this reference has been left in place
    ----------
    Key=SNMPTRAP
    ImagePath=%SystemRoot%\System32\snmptrap.exe - this reference has been left in place
    ----------
    Key=Spooler
    ImagePath=%SystemRoot%\System32\spoolsv.exe - this reference has been left in place
    ----------
    Key=srv
    ImagePath=System32\DRIVERS\srv.sys - this reference has been left in place
    ----------
    Key=srv2
    ImagePath=System32\DRIVERS\srv2.sys - this reference has been left in place
    ----------
    Key=srvnet
    ImagePath=System32\DRIVERS\srvnet.sys - this reference has been left in place
    ----------
    Key=stllssvr
    ImagePath="c:\Program Files\Common Files\SureThing Shared\stllssvr.exe" - this reference has been left in place
    ----------
    Key=swenum
    ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
    ----------
    Key=Symc8xx
    ImagePath=\SystemRoot\system32\drivers\symc8xx.sys - this reference has been left in place
    ----------
    Key=Sym_hi
    ImagePath=\SystemRoot\system32\drivers\sym_hi.sys - this reference has been left in place
    ----------
    Key=Sym_u3
    ImagePath=\SystemRoot\system32\drivers\sym_u3.sys - this reference has been left in place
    ----------
    Key=Tcpip
    ImagePath=System32\drivers\tcpip.sys - this reference has been left in place
    ----------
    Key=Tcpip6
    ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
    ----------
    Key=tcpipreg
    ImagePath=System32\drivers\tcpipreg.sys - this reference has been left in place
    ----------
    Key=TDPIPE
    ImagePath=system32\drivers\tdpipe.sys - this reference has been left in place
    ----------
    Key=TDTCP
    ImagePath=system32\drivers\tdtcp.sys - this reference has been left in place
    ----------
    Key=tdx
    ImagePath=system32\DRIVERS\tdx.sys - this reference has been left in place
    ----------
    Key=TermDD
    ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
    ----------
    Key=TrustedInstaller
    ImagePath=%SystemRoot%\servicing\TrustedInstaller.exe - this reference has been left in place
    ----------
    Key=tssecsrv
    ImagePath=System32\DRIVERS\tssecsrv.sys - this reference has been left in place
    ----------
    Key=tunmp
    ImagePath=system32\DRIVERS\tunmp.sys - this reference has been left in place
    ----------
    Key=tunnel
    ImagePath=system32\DRIVERS\tunnel.sys - this reference has been left in place
    ----------
    Key=uagp35
    ImagePath=\SystemRoot\system32\drivers\uagp35.sys - this reference has been left in place
    ----------
    Key=udfs
    ImagePath=system32\DRIVERS\udfs.sys - this reference has been left in place
    ----------
    Key=UI0Detect
    ImagePath=%SystemRoot%\system32\UI0Detect.exe - this reference has been left in place
    ----------
    Key=uliagpkx
    ImagePath=\SystemRoot\system32\drivers\uliagpkx.sys - this reference has been left in place
    ----------
    Key=uliahci
    ImagePath=\SystemRoot\system32\drivers\uliahci.sys - this reference has been left in place
    ----------
    Key=UlSata
    ImagePath=\SystemRoot\system32\drivers\ulsata.sys - this reference has been left in place
    ----------
    Key=ulsata2
    ImagePath=\SystemRoot\system32\drivers\ulsata2.sys - this reference has been left in place
    ----------
    Key=umbus
    ImagePath=system32\DRIVERS\umbus.sys - this reference has been left in place
    ----------
    Key=USB28xxBGA
    ImagePath=system32\DRIVERS\emBDA.sys - this reference has been left in place
    ----------
    Key=USB28xxOEM
    ImagePath=system32\DRIVERS\emOEM.sys - this reference has been left in place
    ----------
    Key=usbaudio
    ImagePath=system32\drivers\usbaudio.sys - this reference has been left in place
    ----------
    Key=usbccgp
    ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place
    ----------
    Key=usbcir
    ImagePath=\SystemRoot\system32\drivers\usbcir.sys - this reference has been left in place
    ----------
    Key=usbehci
    ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
    ----------
    Key=usbhub
    ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
    ----------
    Key=usbohci
    ImagePath=\SystemRoot\system32\drivers\usbohci.sys - this reference has been left in place
    ----------
    Key=usbprint
    ImagePath=system32\DRIVERS\usbprint.sys - this reference has been left in place
    ----------
    Key=usbscan
    ImagePath=system32\DRIVERS\usbscan.sys - this reference has been left in place
    ----------
    Key=USBSTOR
    ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
    ----------
    Key=usbuhci
    ImagePath=system32\DRIVERS\usbuhci.sys - this reference has been left in place
    ----------
    Key=vds
    ImagePath=%SystemRoot%\System32\vds.exe - this reference has been left in place
    ----------
    Key=vga
    ImagePath=system32\DRIVERS\vgapnp.sys - this reference has been left in place
    ----------
    Key=VgaSave
    ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
    ----------
    Key=viaagp
    ImagePath=\SystemRoot\system32\drivers\viaagp.sys - this reference has been left in place
    ----------
    Key=ViaC7
    ImagePath=\SystemRoot\system32\drivers\viac7.sys - this reference has been left in place
    ----------
    Key=viaide
    ImagePath=\SystemRoot\system32\drivers\viaide.sys - this reference has been left in place
    ----------
    Key=volmgr
    ImagePath=system32\drivers\volmgr.sys - this reference has been left in place
    ----------
    Key=volmgrx
    ImagePath=System32\drivers\volmgrx.sys - this reference has been left in place
    ----------
    Key=volsnap
    ImagePath=system32\drivers\volsnap.sys - this reference has been left in place
    ----------
    Key=Vsdatant
    ImagePath=system32\DRIVERS\vsdatant.sys - this reference has been left in place
    ----------
    Key=vsmon
    ImagePath=C:\Windows\System32\ZoneLabs\vsmon.exe -service - this file is globally excluded
    ----------
    Key=vsmraid
    ImagePath=\SystemRoot\system32\drivers\vsmraid.sys - this reference has been left in place
    ----------
    Key=VSS
    ImagePath=%systemroot%\system32\vssvc.exe - this reference has been left in place
    ----------
    Key=VSSERV
    ImagePath="C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service - this reference has been left in place
    ----------
    Key=WacomPen
    ImagePath=\SystemRoot\system32\drivers\wacompen.sys - this reference has been left in place
    ----------
    Key=Wanarp
    ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
    ----------
    Key=Wanarpv6
    ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
    ----------
    Key=Wd
    ImagePath=\SystemRoot\system32\drivers\wd.sys - this reference has been left in place
    ----------
    Key=Wdf01000
    ImagePath=system32\drivers\Wdf01000.sys - this reference has been left in place
    ----------
    Key=WmiAcpi
    ImagePath=\SystemRoot\system32\drivers\wmiacpi.sys - this reference has been left in place
    ----------
    Key=wmiApSrv
    ImagePath=%systemroot%\system32\wbem\WmiApSrv.exe - this reference has been left in place
    ----------
    Key=WMPNetworkSvc
    ImagePath="%ProgramFiles%\Windows Media Player\wmpnetwk.exe" - this reference has been left in place
    ----------
    Key=WpdUsb
    ImagePath=system32\DRIVERS\wpdusb.sys - this reference has been left in place
    ----------
    Key=ws2ifsl
    ImagePath=\SystemRoot\system32\drivers\ws2ifsl.sys - this reference has been left in place
    ----------
    Key=WSearch
    ImagePath=%systemroot%\system32\SearchIndexer.exe /Embedding - this reference has been left in place
    ----------
    Key=WUDFRd
    ImagePath=system32\DRIVERS\WUDFRd.sys - this reference has been left in place
    ----------
    Key=XCOMM
    ImagePath="C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service - this reference has been left in place
    ----------

    **************************************************
    06:47:32: Scanning -----VXD ENTRIES-----
    Checking VMM32 VxD files being loaded

    **************************************************
    06:47:32: Scanning ----- WINLOGON\NOTIFY DLLS -----
    No WINLOGON\NOTIFY DLLs found to scan

    **************************************************
    06:47:32: Scanning ----- CONTEXTMENUHANDLERS -----
    Key = avast
    CLSID = {472083B0-C522-11CF-8763-00608CC02F24}
    C:\Program Files\Alwil Software\Avast4\ashShell.dll - this ContextMenuHandler has been left in place
    ----------
    Key = AVG Anti-Spyware
    CLSID = {8934FCEF-F5B8-468f-951F-78A921CD3920}
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll - this ContextMenuHandler has been left in place
    ----------
    Key = BriefcaseMenu
    CLSID = {85BBD920-42A0-1069-A2E4-08002B30309D}
    syncui.dll - this ContextMenuHandler has been left in place
    ----------
    Key = Cover Designer
    CLSID = {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
    C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll - this ContextMenuHandler has been left in place
    ----------
    Key = Open With
    CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
    %SystemRoot%\system32\shell32.dll - this ContextMenuHandler has been left in place
    ----------
    Key = Open With EncryptionMenu
    CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
    %SystemRoot%\system32\shell32.dll - this ContextMenuHandler has been left in place
    ----------
    Key = Sharing
    CLSID = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
    ntshrui.dll - this ContextMenuHandler has been left in place
    ----------
    Key = Trojan Remover
    CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
    C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
    ----------
    Key = ZLAVShExt
    CLSID = {D9872D13-7651-4471-9EEE-F0A00218BEBB}
    C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll - this ContextMenuHandler has been left in place
    ----------
    Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
    %SystemRoot%\system32\shell32.dll - this ContextMenuHandler has been left in place
    ----------
    Key = {D653647D-D607-4df6-A5B8-48D2BA195F7B}
    C:\Program Files\Softwin\BitDefender10\bdshelxt.dll - this ContextMenuHandler has been left in place
    ----------
    Key = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
    C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll - this ContextMenuHandler has been left in place
    ----------

    **************************************************
    06:47:32: Scanning ----- FOLDER\COLUMNHANDLERS -----
    Key = {7D4D6379-F301-4311-BEBA-E26EB0561882}
    C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll - this Folder\ColumnHandler has been left in place
    ----------
    Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
    C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
    ----------

    **************************************************
    06:47:32: Scanning ----- BROWSER HELPER OBJECTS -----
    Key = {02478D38-C3F9-4EFB-9B51-7695ECA05670}
    C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - this Browser Helper Object has been left in place
    ----------
    Key = {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
    C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL - this Browser Helper Object has been left in place
    ----------
    Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
    C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place
    ----------
    Key = {243B17DE-77C7-46BF-B94B-0B5F309A0E64}
    C:\Program Files\Microsoft Money\System\mnyside.dll - this Browser Helper Object has been left in place
    ----------
    Key = {53707962-6F74-2D53-2644-206D7942484F}
    C:\PROGRA~1\SPYBOT~1\SDHelper.dll - this Browser Helper Object has been left in place
    ----------
    Key = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
    C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - this Browser Helper Object has been left in place
    ----------
    Key = {AA58ED58-01DD-4d91-8333-CF10577473F7}
    c:\program files\google\googletoolbar2.dll - this Browser Helper Object has been left in place
    ----------
    Key = {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
    C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll - this Browser Helper Object has been left in place
    ----------
    Key = {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
    C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL - this Browser Helper Object has been left in place
    ----------

    **************************************************
    06:47:33: Scanning ----- SHELLSERVICEOBJECTS -----
    Key = WebCheck
    CLSID = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
    C:\Windows\system32\webcheck.dll - this ShellServiceObject has been left in place
    ----------

    **************************************************
    0
  20. jlpjlp Messages postés 52399 Statut Contributeur sécurité 5 041
     
    ok
    fais bien tout ce que j'ai mis en 17
    0
  21. grandpierre Messages postés 110 Statut Membre 10
     
    A jlpj lp.
    Je crois que je n'y arriverai pas. Après avoir coché les lignes que tu m'avas indiqué, puis cliqué sur FIX CHEKED, un message que je n'ai pas réussi à copier en cliquant sur Impr Syst, disait ceci:
    An inexpected error has occured at procedure
    wordbackup-MakeBackup (sltem=09 - Extra button no name
    08BOE5CO-4FCB-11CF-AAA5-00401C608501 - C:\\ProgramFiles......
    Error 5 Invalid procedure call on argument

    J'ai essayé plusieurs fois, mais c'est toujours pareil.
    Grandpierre
    0
  • 1
  • 2
  • 3