Sujet Précédent Sujet Suivant

Adaware NavipromoB

Fermé
grandpierre Messages postés 106 Date d'inscription samedi 8 novembre 2003 Statut Membre Dernière intervention 26 mars 2016 - 4 nov. 2007 à 16:58
grandpierre Messages postés 106 Date d'inscription samedi 8 novembre 2003 Statut Membre Dernière intervention 26 mars 2016 - 3 déc. 2007 à 17:22
Bonjour, J'ai suivi les messages précédents correspondant à mon cas et enregistré le rapport de Navifix que je joins à mon message. Je précise que je dispose d'un PC HP Quad 2,4 avec 3 G de mémoire Ram et carte graphique nvidia 8500 GT. Malgré cela mon PC est lent, surtout sur Internet. Merci infiniment de me dépanner. Grandpierre<code>Configuration: Windows Vista
Internet Explorer 7.0</coSearch Navipromo version 3.3.4 commencé le 04/11/2007 à 16:43:17,34

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16546


*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\Windows ***



*** Recherche dossiers dans C:\Program Files ***

C:\Program Files\WebMediaPlayer trouvé !

*** Recherche dossiers dans C:\ProgramData ***


*** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***

...\WebMediaPlayer trouvé !

*** Recherche dossiers dans C:\USERS\PIERRE\APPDATA\ROAMING\MICROS~1\WINDOWS\STARTM~1\PROGRAMS ***

...\WebMediaPlayer trouvé !

*** Recherche dossiers dans C:\Users\Pierre\AppData\Local\virtualstore\Program Files ***



*** Recherche dossiers dans C:\Users\Pierre\AppData\Roaming ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\Users\Pierre\AppData\Local\Microsoft
- C:\Users\Pierre\AppData\Local\virtualstore\windows\system32
- C:\Users\Pierre\AppData\Local



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\Windows\system32 *

* Recherche dans C:\Users\Pierre\AppData\Local\Microsoft *

Fichiers trouvés :

ntlcoth.exe trouvé !

* Recherche dans C:\Users\Pierre\AppData\Local\virtualstore\windows\system32 *

* Recherche dans C:\Users\Pierre\AppData\Local *



*** Recherche fichiers ***


C:\Windows\pack.epk trouvé !
C:\Windows\system32\nvs2.inf trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :

C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx.dat trouvé !
C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw.dat trouvé !
C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx_nav.dat trouvé !
C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw_nav.dat trouvé !
C:\Users\Pierre\AppData\Local\Microsoft\mbsslbdia_navtmp.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !


*** Analyse terminée le 04/11/2007 à 16:44:10,88 ***
de>
A voir également:

60 réponses

Réponse 1 / 60
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
4 nov. 2007 à 17:25
slt,

Veille à ce que le contrôle des comptes utilisateurs (UAC) soit désactivé.
Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".

Au menu principal, Fais le choix 2
Laisse toi guider et patiente.
Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais-le toi-même)
Au redémarrage de ton PC, choisis ta session habituelle si nécessaire.
Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaître
Réactive le contrôle des comptes utilisateurs (UAC)

PS:Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Cela te fera apparaître ton bureau
0
Réponse 2 / 60
grandpierre Messages postés 106 Date d'inscription samedi 8 novembre 2003 Statut Membre Dernière intervention 26 mars 2016 10
6 nov. 2007 à 17:51
Message pour JLPJLP.

J'essaie depuis un bon moment à t'envoyer un message mais ça ne veut pas partit. Est-ce que parce qu'il était trop louds ? J'avais joint 2 pièces jointes - les rapports de recherches de virus et autres adaware. Si celui-ci part normalement je vais réessayer.
Grandpierre
0
Réponse 3 / 60
grandpierre Messages postés 106 Date d'inscription samedi 8 novembre 2003 Statut Membre Dernière intervention 26 mars 2016 10
6 nov. 2007 à 18:03
A JLPJLP. Je fais une nouvelle tentative en espèrant que ça marche. Tout d'abord, je veux te remercier pour l'aide que tu m'apportes. J'ai suivi tes conseils, mais je crois que ça n'a pas marché. Mon ordi continue de faire n'importe quoi. Exemple:Chaque fois que je clique sur une commande - par exemple Windows mail, Galerie de photos Windows, Internet Explorer, Windows Media Player, et(c....la réponse vient immédiatement: " a cessé de fonctionner". Au deuxième clic, ça marche. J'ai aussi des problemes avec Studio 11 de Pinnacle. Soudainement, tout s'efface et je me retrouve sur le Bureau. Je ne parle pas de la lenteur sur Internet: c'est une catastrophe. Je te suis infiniment reconnaissant de m'aider à me dépanne Je vais t'envoyer à part, les rapports de Fixnavi et Bit Defender.
Je te rappelle la configuration de mon PC Windows Vista HP 8180 Quad 2,4, 3Mo de mémoire Ram Carte graphique nvidia 8500GT.
Avec ça, il devrait pêter le feu, alors qu'il se traine.... Merci encore. Grandpierre
0
Réponse 4 / 60
grandpierre Messages postés 106 Date d'inscription samedi 8 novembre 2003 Statut Membre Dernière intervention 26 mars 2016 10
6 nov. 2007 à 18:10
A JLPJLP Rapport Bit Defender


//-----------------------------------------------------------------
//
// Product BitDefender Free Edition v10
// Product 10.2
//
// Created on: 06/11/2007 04:40:30
//
//-----------------------------------------------------------------


Virus Statistics

Scan path : C:\
E:\
F:\
Z:\
Folders : 16098
Files : 210328
Memory processes scanned : 83
Archives : 680
Runtime packers : 8984
Identified viruses : 1
Infected files : 1
Memory processes infected : 0
Suspect files : 0
Warnings : 0
Disinfected files : 0
Deleted files : 0
Moved files : 0
I/O errors : 79
Scan time : 00:37:37
Scan speed (files/sec) : 93

Spyware Statistics

Registry keys scanned : 1551
Registry keys infected : 0
Cookies scanned : 28
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 0


Virus definitions : 937794
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 7
Mail plugins : 6
System plugins : 5

Virus scan options

Detection
[X] Scan boot sectors
[X] Memory Processes
[ ] Scan archives
[X] Scan runtime packers
[X] Scan email

File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;

Action

Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Move to quarantine
[ ] Prompt user

Second action
[ ] Ignore
[ ] Delete
[X] Move to quarantine
[ ] Prompt user

Virus scan options
[X] Enable warnings
[X] Enable heuristics
[ ] Show all files in log
[X] Report file: C:\ProgramData\Bitdefender\Desktop\Profiles\Logs\full_scan\1194320430.log

Spyware scan options

[X] Scan for riskware
[ ] Skip dial and applications from scan
[X] Registry keys
[X] Cookies


Summary:

C:\ProgramData\BitDefender\Desktop\Quarantine\fkzqbfdeqw.exe Detected: Adware.Navipromo.BYZ
C:\ProgramData\BitDefender\Desktop\Quarantine\fkzqbfdeqw.exe Disinfection failed
C:\ProgramData\BitDefender\Desktop\Quarantine\fkzqbfdeqw.exe Move failed
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 60
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
7 nov. 2007 à 10:18
si tu ne peux faire navilog:



Lance AVG ANTI ROOTKIT :

http://www.libellules.ch/dotclear/index.php?2007/03/28/1781-avg-anti-rootkit


_________________

le fichier est en quarantaine dans bitdefender déja
pour le virer tu vas dans la partie quarantaine de bit defender et tu le vire
ou tu vire le fichier fkzqbfdeqw.exe en allant dans poste de travail puis C ...



C:\ProgramData\BitDefender\Desktop\Quarantine\fkzqbfdeqw.exe

___________________

encore des pbs?



si ca persiste

colle un rapport hijackthis
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html


manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html


Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 6 / 60
grandpierre Messages postés 106 Date d'inscription samedi 8 novembre 2003 Statut Membre Dernière intervention 26 mars 2016 10
7 nov. 2007 à 17:10
Bonjour JLPJLP. Je t'envoie le rapport Fixnavi qui n'a pas voulu partir hier. Je l'ai compressé en espèrant ne pas avoir de problemes. Je t'envoie ensu_ite un autre mail pour expliquer ce que j'ai fait. Encore merci. Grandpierre. Je n'ai pu l'envoyer décompressé...
Search Navipromo version 3.3.4 commencé le 06/11/2007 à 18:28:44,24

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16546


*** Recherche Programmes installés ***




*** Recherche dossiers dans C:\Windows ***



*** Recherche dossiers dans C:\Program Files ***

C:\Program Files\WebMediaPlayer trouvé !

*** Recherche dossiers dans C:\ProgramData ***


*** Recherche dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***

...\WebMediaPlayer trouvé !

*** Recherche dossiers dans C:\USERS\PIERRE\APPDATA\ROAMING\MICROS~1\WINDOWS\STARTM~1\PROGRAMS ***

...\WebMediaPlayer trouvé !

*** Recherche dossiers dans C:\Users\Pierre\AppData\Local\virtualstore\Program Files ***



*** Recherche dossiers dans C:\Users\Pierre\AppData\Roaming ***


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net

Aucun fichier trouvé dans :

- C:\Users\Pierre\AppData\Local\Microsoft
- C:\Users\Pierre\AppData\Local\virtualstore\windows\system32
- C:\Users\Pierre\AppData\Local



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans C:\Windows\system32 *

* Recherche dans C:\Users\Pierre\AppData\Local\Microsoft *

Fichiers trouvés :

ntlcoth.exe trouvé !

* Recherche dans C:\Users\Pierre\AppData\Local\virtualstore\windows\system32 *

* Recherche dans C:\Users\Pierre\AppData\Local *



*** Recherche fichiers ***


C:\Windows\pack.epk trouvé !
C:\Windows\system32\nvs2.inf trouvé !


*** Recherche clés spécifiques dans le Registre ***

HKEY_CURRENT_USER\Software\Lanconfig trouvé !

*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:

2)Recherche Heuristique :

C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx.dat trouvé !
C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw.dat trouvé !
C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx_nav.dat trouvé !
C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw_nav.dat trouvé !
C:\Users\Pierre\AppData\Local\Microsoft\mbsslbdia_navtmp.dat trouvé !

3)Recherche Certificats :

Certificat Egroup trouvé !


*** Analyse terminée le 06/11/2007 à 18:29:32,17 ***
0
Réponse 7 / 60
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
7 nov. 2007 à 17:14
NAVILOG : A REFAIRE AVEC L'OPTION 2 cette fois

Veille à ce que le contrôle des comptes utilisateurs (UAC) soit désactivé.
Fais un Clic-droit sur le raccourci Navilog1 présent sur ton bureau et choisis "Exécuter en tant qu'administrateur".

Au menu principal, Fais le choix 2
Laisse toi guider et patiente.
Le fix va t'informer qu'il va alors redémarrer ton PC
Ferme toutes les fenêtres ouvertes et enregistre tes documents personnels ouverts
Appuie sur une touche comme demandé.
(si ton Pc ne redémarre pas automatiquement, fais-le toi-même)
Au redémarrage de ton PC, choisis ta session habituelle si nécessaire.
Patiente jusqu'au message :
*** Nettoyage Termine le ..... ***
Le blocnote va s'ouvrir.
Sauvegarde le rapport de manière à le retrouver
Referme le blocnote. Ton bureau va réapparaître
Réactive le contrôle des comptes utilisateurs (UAC)

PS:Si ton bureau ne réapparaît pas, fais CTRL+ALT+SUPP pour ouvrir le gestionnaire de tâches.
Puis rends-toi à l'onglet "processus". Clique en haut à gauche sur fichiers et choisis "exécuter"
Tape explorer et valide. Cela te fera apparaître ton bureau
0
Réponse 8 / 60
grandpierre Messages postés 106 Date d'inscription samedi 8 novembre 2003 Statut Membre Dernière intervention 26 mars 2016 10
7 nov. 2007 à 19:28
Ci-joint le rapport fait il y a 10 minutes
Clean Navipromo version 3.3.4 commencé le 07/11/2007 à 19:17:27,39

Outil exécuté depuis C:\Program Files\navilog1
Mise à jour le 02.11.2007 à 12h00 par IL-MAFIOSO

Microsoft Windows Vista 6.0.6000
Internet Explorer : 7.0.6000.16546

Mode suppression automatique



*** fsbl1.txt non trouvé ***
(Assurez-vous que Catchme n'avait rien trouvé lors de la recherche)


*** Suppression avec sauvegardes résultats GenericNaviSearch ***

* Suppression dans C:\Windows\System32 *


* Suppression dans C:\Users\Pierre\AppData\Local\Microsoft *

ntlcoth.exe trouvé !
Copie ntlcoth.exe réalisé avec succès !
ntlcoth.exe supprimé !


* Suppression dans C:\Users\Pierre\AppData\Local\virtualstore\windows\system32 *


* Suppression dans C:\Users\Pierre\AppData\Local *



*** Suppression dossiers dans C:\Windows ***


*** Suppression dossiers dans C:\Program Files ***

C:\Program Files\WebMediaPlayer ...suppression...
C:\Program Files\WebMediaPlayer supprimé !


*** Suppression dossiers dans C:\ProgramData ***


*** Suppression dossiers dans C:\ProgramData\Microsoft\Windows\Start Menu\Programs ***

...\WebMediaPlayer ...suppression...
...\WebMediaPlayer supprimé !


*** Suppression dossiers dans C:\USERS\PIERRE\APPDATA\ROAMING\MICROS~1\WINDOWS\STARTM~1\PROGRAMS ***

...\WebMediaPlayer ...suppression...
...\WebMediaPlayer supprimé !


*** Suppression dossiers dans C:\Users\Pierre\AppData\Local\virtualstore\Program Files ***


*** Suppression dossiers dans C:\Users\Pierre\AppData\Roaming ***



*** Suppression fichiers ***

C:\Windows\pack.epk supprimé !
C:\Windows\system32\nvs2.inf supprimé !

*** Suppression fichiers temporaires ***

Nettoyage contenu C:\Windows\Temp effectué !
Nettoyage contenu C:\Users\Pierre\AppData\Local\Temp effectué !

*** Traitement Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche fichiers connus:


2)Recherche, création sauvegardes et suppression Heuristique :

C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx.dat trouvé !
Copie C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx.dat réalisé avec succès !
C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx.dat supprimé !

C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw.dat trouvé !
Copie C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw.dat réalisé avec succès !
C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw.dat supprimé !

C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx_nav.dat trouvé !
Copie C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx_nav.dat réalisé avec succès !
C:\Users\Pierre\AppData\Local\Microsoft\bsvtbx_nav.dat supprimé !

C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw_nav.dat trouvé !
Copie C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw_nav.dat réalisé avec succès !
C:\Users\Pierre\AppData\Local\Microsoft\fkzqbfdeqw_nav.dat supprimé !

C:\Users\Pierre\AppData\Local\Microsoft\mbsslbdia_navtmp.dat trouvé !
Copie C:\Users\Pierre\AppData\Local\Microsoft\mbsslbdia_navtmp.dat réalisé avec succès !
C:\Users\Pierre\AppData\Local\Microsoft\mbsslbdia_navtmp.dat supprimé !


*** Sauvegarde du Registre vers dossier Backupnavi ***

sauvegarde du Registre réalisé avec succès !

*** Nettoyage Registre ***

Nettoyage Registre Ok


*** Certificats ***

Certificat Egroup supprimé !

*** Nettoyage terminé le 07/11/2007 à 19:21:28,80 ***
0
Réponse 9 / 60
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
7 nov. 2007 à 20:02
encore des problemes?
0
Réponse 10 / 60
grandpierre Messages postés 106 Date d'inscription samedi 8 novembre 2003 Statut Membre Dernière intervention 26 mars 2016 10
8 nov. 2007 à 09:57
Bonjour JLPJLP et merci mille fois our ton aide. Je ne peux pas encore te dire si j'ai des problemes spécifiques, mais, par exemple, dans mon courrier de ce matin, j'ai cliqué sur le mail de Comment ça marche pour te répondre et l'attente est d'environ 2 minutes avant que la page ne s'ouvre. Est-ce normal ? Est-ce dû à mon fournisseur Noos ou à des logiciels espions. Je n'en sais rien. Y a-t-il d'autres moyens pour le savoir. En tout cas je te suis nfiniment reconnaissant de m'aider. Grandpierre
0
Réponse 11 / 60
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
8 nov. 2007 à 13:58
scan avec des antiespions (en mode sans échec):

spybot :

https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/26157.html

voir demo d utilisation (merci Balltrap)
http://pageperso.aol.fr/Balltrap34/demo%20spybot.htm

AD AWARE:
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/11643.html



_______________


utilise pour supprimer tes traces

CCLEANER: (lance un nettoyage et répare 3 fois les erreurs) sans installer la barre yahoo

https://www.01net.com/telecharger/windows/Utilitaire/nettoyeurs_et_installeurs/fiches/32599.html


__________________
si ca persiste

colle un rapport hijackthis
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html


manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html


Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 12 / 60
grandpierre Messages postés 106 Date d'inscription samedi 8 novembre 2003 Statut Membre Dernière intervention 26 mars 2016 10
9 nov. 2007 à 10:51
Bonjour JLPJLP. C'est encore moi. Je n'arrive pas à régler mon probleme. Je retrouve toujours les mêmes blocages, c'est-à-dire chaque fois que je veux ouvrir un fichier, Windows répond qu'il a cessé de fonctionn er. Au 2° clic, ça marche. Sur Internet, c'est toujours aussi long: au moins 2 minutes pour changer de pages, quand ce n'est pas 5'. J'ai essayé de faire un scan avec hijachthis mais je ne suis pas sûr que ce soit le bon car je n'arrive pas à traduire l'anglais. J'essaie de te l'envoyer et te remercie encore de ta patience. Grandpierre


* HijackThis v1.99.1 *
Written by Merijn - merijn@spywareinfo.com
http://www.merijn.org/files/hijackthis.zip
http://www.merijn.org/index.html

See bottom for version history.

The different sections of hijacking possibilities have been separated into the following groups.
You can get more detailed information about an item by selecting it from the list of found items OR highlighting the relevant line below, and clicking 'Info on selected item'.

R - Registry, StartPage/SearchPage changes
R0 - Changed registry value
R1 - Created registry value
R2 - Created registry key
R3 - Created extra registry value where only one should be
F - IniFiles, autoloading entries
F0 - Changed inifile value
F1 - Created inifile value
F2 - Changed inifile value, mapped to Registry
F3 - Created inifile value, mapped to Registry
N - Netscape/Mozilla StartPage/SearchPage changes
N1 - Change in prefs.js of Netscape 4.x
N2 - Change in prefs.js of Netscape 6
N3 - Change in prefs.js of Netscape 7
N4 - Change in prefs.js of Mozilla
O - Other, several sections which represent:
O1 - Hijack of auto.search.msn.com with Hosts file
O2 - Enumeration of existing MSIE BHO's
O3 - Enumeration of existing MSIE toolbars
O4 - Enumeration of suspicious autoloading Registry entries
O5 - Blocking of loading Internet Options in Control Panel
O6 - Disabling of 'Internet Options' Main tab with Policies
O7 - Disabling of Regedit with Policies
O8 - Extra MSIE context menu items
O9 - Extra 'Tools' menuitems and buttons
O10 - Breaking of Internet access by New.Net or WebHancer
O11 - Extra options in MSIE 'Advanced' settings tab
O12 - MSIE plugins for file extensions or MIME types
O13 - Hijack of default URL prefixes
O14 - Changing of IERESET.INF
O15 - Trusted Zone Autoadd
O16 - Download Program Files item
O17 - Domain hijack
O18 - Enumeration of existing protocols and filters
O19 - User stylesheet hijack
O20 - AppInit_DLLs autorun Registry value, Winlogon Notify Registry keys
O21 - ShellServiceObjectDelayLoad (SSODL) autorun Registry key
O22 - SharedTaskScheduler autorun Registry key
O23 - Enumeration of NT Services

Command-line parameters:
* /autolog - Automatically scan the system, save a logfile and open it
* /ihatewhitelists - ignore all internal whitelists
* /uninstall - remove all HijackThis Registry entries, backups and quit

* Version history *

[v1.99.1]
* Added Winlogon Notify keys to O20 listing
* Fixed crashing bug on certain Win2000 and WinXP systems at O23 listing
* Fixed lots and lots of 'unexpected error' bugs
* Fixed lots of inproper functioning bugs (i.e. stuff that didn't work)
* Added 'Delete NT Service' function in Misc Tools section
* Added ProtocolDefaults to O15 listing
* Fixed MD5 hashing not working
* Fixed 'ISTSVC' autorun entries with garbage data not being fixed
* Fixed HijackThis uninstall entry not being updated/created on new versions
* Added Uninstall Manager in Misc Tools to manage 'Add/Remove Software' list
* Added option to scan the system at startup, then show results or quit if nothing found
[v1.99]
* Added O23 (NT Services) in light of newer trojans
* Integrated ADS Spy into Misc Tools section
* Added 'Action taken' to info in 'More info on this item'
[v1.98]
* Definitive support for Japanese/Chinese/Korean systems
* Added O20 (AppInit_DLLs) in light of newer trojans
* Added O21 (ShellServiceObjectDelayLoad, SSODL) in light of newer trojans
* Added O22 (SharedTaskScheduler) in light of newer trojans
* Backups of fixed items are now saved in separate folder
* HijackThis now checks if it was started from a temp folder
* Added a small process manager (Misc Tools section)
[v1.96]
* Lots of bugfixes and small enhancements! Among others:
* Fix for Japanese IE toolbars
* Fix for searchwww.com fake CLSID trick in IE toolbars and BHO's
* Attributes on Hosts file will now be restored when scanning/fixing/restoring it.
* Added several files to the LSP whitelist
* Fixed some issues with incorrectly re-encrypting data, making R0/R1 go undetected until a restart
* All sites in the Trusted Zone are now shown, with the exception of those on the nonstandard but safe domain list
[v1.95]
* Added a new regval to check for from Whazit hijack (Start Page_bak).
* Excluded IE logo change tweak from toolbar detection (BrandBitmap and SmBrandBitmap).
* New in logfile: Running processes at time of scan.
* Checkmarks for running StartupList with /full and /complete in HijackThis UI.
* New O19 method to check for Datanotary hijack of user stylesheet.
* Google.com IP added to whitelist for Hosts file check.
[v1.94]
* Fixed a bug in the Check for Updates function that could cause corrupt downloads on certain systems.
* Fixed a bug in enumeration of toolbars (Lop toolbars are now listed!).
* Added imon.dll, drwhook.dll and wspirda.dll to LSP safelist.
* Fixed a bug where DPF could not be deleted.
* Fixed a stupid bug in enumeration of autostarting shortcuts.
* Fixed info on Netscape 6/7 and Mozilla saying '%shitbrowser%' (oops).
* Fixed bug where logfile would not auto-open on systems that don't have .log filetype registered.
* Added support for backing up F0 and F1 items (d'oh!).
[v1.93]
* Added mclsp.dll (McAfee), WPS.DLL (Sygate Firewall), zklspr.dll (Zero Knowledge) and mxavlsp.dll (OnTrack) to LSP safelist.
* Fixed a bug in LSP routine for Win95.
* Made taborder nicer.
* Fixed a bug in backup/restore of IE plugins.
* Added UltimateSearch hijack in O17 method (I think).
* Fixed a bug with detecting/removing BHO's disabled by BHODemon.
* Also fixed a bug in StartupList (now version 1.52.1).
[v1.92]
* Fixed two stupid bugs in backup restore function.
* Added DiamondCS file to LSP files safelist.
* Added a few more items to the protocol safelist.
* Log is now opened immediately after saving.
* Removed rd.yahoo.com from NSBSD list (spammers are starting to use this, no doubt spyware authors will follow).
* Updated integrated StartupList to v1.52.
* In light of SpywareNuker/BPS Spyware Remover, any strings relevant to reverse-engineers are now encrypted.
* Rudimentary proxy support for the Check for Updates function.
[v1.91]
* Added rd.yahoo.com to the Nonstandard But Safe Domains list.
* Added 8 new protocols to the protocol check safelist, as well as showing the file that handles the protocol in the log (O18).
* Added listing of programs/links in Startup folders (O4).
* Fixed 'Check for Update' not detecting new versions.
[v1.9]
* Added check for Lop.com 'Domain' hijack (O17).
* Bugfix in URLSearchHook (R3) fix.
* Improved O1 (Hosts file) check.
* Rewrote code to delete BHO's, fixing a really nasty bug with orphaned BHO keys.
* Added AutoConfigURL and proxyserver checks (R1).
* IE Extensions (Button/Tools menuitem) in HKEY_CURRENT_USER are now also detected.
* Added check for extra protocols (O18).
[v1.81]
* Added 'ignore non-standard but safe domains' option.
* Improved Winsock LSP hijackers detection.
* Integrated StartupList updated to v1.4.
[v1.8]
* Fixed a few bugs.
* Adds detecting of free.aol.com in Trusted Zone.
* Adds checking of URLSearchHooks key, which should have only one value.
* Adds listing/deleting of Download Program Files.
* Integrated StartupList into the new 'Misc Tools' section of the Config screen!
[v1.71]
* Improves detecting of O6.
* Some internal changes/improvements.
[v1.7]
* Adds backup function! Yay!
* Added check for default URL prefix
* Added check for changing of IERESET.INF
* Added check for changing of Netscape/Mozilla homepage and default search engine.
[v1.61]
* Fixes Runtime Error when Hosts file is empty.
[v1.6]
* Added enumerating of MSIE plugins
* Added check for extra options in 'Advanced' tab of 'Internet Options'.
[v1.5]
* Adds 'Uninstall & Exit' and 'Check for update online' functions.
* Expands enumeration of autoloading Registry entries (now also scans for .vbs, .js, .dll, rundll32 and service)
[v1.4]
* Adds repairing of broken Internet access (aka Winsock or LSP fix) by New.Net/WebHancer
* A few bugfixes/enhancements
[v1.3]
* Adds detecting of extra MSIE context menu items
* Added detecting of extra 'Tools' menu items and extra buttons
* Added 'Confirm deleting/ignoring items' checkbox
[v1.2]
* Adds 'Ignorelist' and 'Info' functions
[v1.1]
* Supports BHO's, some default URL changes
[v1.0]
* Original release

A good thing to do after version updates is clear your Ignore list and re-add them, as the format of detected items sometimes changes.
0
Réponse 13 / 60
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
10 nov. 2007 à 19:23
ce n'est pas un rapport bon de hijackthis regarde le manuel donné!

_______________

AVG antispyware

https://www.01net.com/telecharger/

Tuto :
http://www.kachouri.com/tuto/tuto-161-avg-anti-spyware-75-pour-votre-securite.html


->Relance AVG AS -> "Analyse" ->"Paramètres"

Sous la question "Comment réagir ?" :

-> clique sur "Actions recommandées" et choisis "Quarantaines"
-> Re-clique sur l'onglet "Analyse" puis réalise une "Analyse complète du système"

Si un fichier est infecté en fin d'analyse

->Clique sur "Appliquer toutes les actions "

->Clique sur "Enregistrer le rapport" puis sur "Enregistrer le rapport sous".

->Enregistre ce fichier texte sur ton bureau ensuite colle le rapport ici

_______________

Colle le rapport :
Clean permettra de faire du nettoyage et supprimer des fichiers que des anti-virus et anti-spywares n'ont pas pu trouver. Le logiciel est régulièrement mis à jour, vous devrez donc le re-téléchargé pour obtenir une version plus récente.

• Téléchargez clean.zip, décompressez-le sur votre bureau (clic droit / extraire tout), vous obtenez alors un dossier clean
• Démarrez Windows en mode sans échec : Guide pour redémarrer en mode sans échec
• Ouvrez le dossier clean qui se trouve sur ton bureau, et double-cliquez sur clean.cmd, une fenêtre noire va apparaître pendant un instant, laissez la ouverte jusqu'à ce qu'elle se ferme.
Manuel de clean :
http://kerio.probb.fr/tuto-Clean-h37.html
0
Réponse 14 / 60
grandpierre Messages postés 106 Date d'inscription samedi 8 novembre 2003 Statut Membre Dernière intervention 26 mars 2016 10
11 nov. 2007 à 10:37
Bonjour jlpjlp et Bon Dimanche. J'essaie de suivre tes conseils un par un un afin de ne pas me mélanger les pédales. J'ai donc pour commencer, fait un nettoyage avec AVG dont j'espère pouvoir t'envoyer le rapport.Celui-ci indique que tout est normal, les parametres de sécurité garantissent un niveau de protection maximum.....Malgré ce bon rapport, il note 23 malawares. Je ne sais pas ce que ca veut dire. Par contre, je n'ai pas trouvé "Comment réagir". J'espère que malgré tout mon rapport est valable. Je vais continuer avec Kachouri et t'enverrai les résultats. Je commence à culpabiliser avec toutes mes interventions. J'espère ne pas trop dépasser les bornes et je te remercie encore de ta patience. Grandpierre
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@msnaccountservices.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@msnportal.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@msnservices.112.2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\pierre@2o7[1].txt -> TrackingCookie.2o7 : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@advertising[2].txt -> TrackingCookie.Advertising : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@atdmt[2].txt -> TrackingCookie.Atdmt : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@bluestreak[2].txt -> TrackingCookie.Bluestreak : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@casalemedia[1].txt -> TrackingCookie.Casalemedia : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@doubleclick[1].txt -> TrackingCookie.Doubleclick : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@fastclick[1].txt -> TrackingCookie.Fastclick : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@image.masterstats[1].txt -> TrackingCookie.Masterstats : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@mediaplex[1].txt -> TrackingCookie.Mediaplex : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@overture[1].txt -> TrackingCookie.Overture : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@realguide.real[1].txt -> TrackingCookie.Real : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@revsci[2].txt -> TrackingCookie.Revsci : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@bs.serving-sys[1].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@serving-sys[2].txt -> TrackingCookie.Serving-sys : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@smartadserver[2].txt -> TrackingCookie.Smartadserver : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@tradedoubler[2].txt -> TrackingCookie.Tradedoubler : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@tribalfusion[2].txt -> TrackingCookie.Tribalfusion : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@weborama[2].txt -> TrackingCookie.Weborama : Aucune action entreprise.
C:\Users\Pierre\AppData\Roaming\Microsoft\Windows\Cookies\Low\pierre@m.webtrends[2].txt -> TrackingCookie.Webtrends : Aucune action entreprise.
0
Réponse 15 / 60
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
11 nov. 2007 à 10:54
bon dimanche!!!



si ca persiste

colle un rapport hijackthis
https://www.01net.com/telecharger/windows/Securite/anti-spyware/fiches/29061.html


manuel :

https://leblogdeclaude.blogspot.com/2006/10/informatique-section-hijackthis.html


Je conseille de renomer Hijackthis, pour contrer une éventuelle infection de Vundo.

ex:Renomme le fichier HijackThis.exe en eden.exe pour cela, fais un clic droit sur le fichier HijackThis.exe et choisis renommer dans la liste

Ensuite avec Explorer créer un dossier c:\hijackthis
Décompresser Hijackthis dans ce dossier.
C'est important pour les sauvegardes."
0
Réponse 16 / 60
grandpierre Messages postés 106 Date d'inscription samedi 8 novembre 2003 Statut Membre Dernière intervention 26 mars 2016 10
11 nov. 2007 à 17:01
J'ai la tête grosse comme une citrouille mais je ne devrais pas me plaindre car vous, les bénévoles qui nous aidez avec tant d'abnégation, n'arrêtez pas de vous mettre à notre service, nous les ignares. Ce qui me fatigue, c'est d'attendre des heures pour passer d'une page à une autre. Je suis dessus depuis ce matin et ca n'avance pas. J'espère que le rapport Hijacktis est le bon. Je le joins en esperant que tout aille bien. Encore mille merci. Grandpierre

Logfile of HijackThis v1.99.1
Scan saved at 16:48:17, on 11/11/2007
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
C:\Program Files\Intel\IntelDH\CCU\CCU_Engine.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Pinnacle\Shared Files\Programs\Remote\remoterm.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
C:\Program Files\Softwin\BitDefender10\bdmcon.exe
C:\Program Files\Softwin\BitDefender10\bdagent.exe
C:\Program Files\ScanSoft\OmniPageSE4.0\OpWareSE4.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe
C:\Program Files\Microsoft Money\System\mnyexpr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\Google Updater\GoogleUpdater.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Windows Mail\WinMail.exe
C:\hp\kbd\kbd.exe
C:\Program Files\Internet Explorer\IEUser.exe
C:\HijackThis.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Hijackthis Version Française\hijackthis vf.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr?cobrand=hp-desktop.msn.com&ocid=HPDHP&pc=HPDTDF
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O1 - Hosts: ::1 localhost
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)
O3 - Toolbar: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [hpsysdrv] c:\hp\support\hpsysdrv.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KbdStub.EXE
O4 - HKLM\..\Run: [OsdMaestro] "C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe"
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [CCUTRAYICON] C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [PMCRemote] C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [AVFX Engine] C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\Softwin\BitDefender10\bdagent.exe"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"
O4 - HKLM\..\Run: [WrtMon.exe] C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - Global Startup: Outil de mise à jour Google.lnk = C:\Program Files\Google\Google Updater\GoogleUpdater.exe
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: &Envoyer à OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/download/scanner/fr-fr/wlscctrl2.cab
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Intel(R) Alert Service (AlertService) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\CCU\AlertService.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: DQLWinService - Unknown owner - C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) Software Services Manager (ISSM) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Unknown owner - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon (file missing)
O23 - Service: LiveUpdate Notice Service - Unknown owner - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll (file missing)
O23 - Service: Intel(R) Viiv(TM) Media Server (M1 Server) - Unknown owner - C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe
O23 - Service: Intel(R) Application Tracker (MCLServiceATL) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PCLEPCI - Pinnacle Systems GmbH - C:\Windows\system32\drivers\pclepci.sys
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Remoting Service (Remote UI Service) - Intel(R) Corporation - C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\System32\ZoneLabs\vsmon.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30001 (WAS) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
0
Réponse 17 / 60
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
11 nov. 2007 à 19:21
slt,

1/
je vois des traces de norton antivirus, bit defender et avast !

il ne faut garder qu'un seul antivirus sinon ca va planter

_____________________

2/
lance hijackhtis, fais DO A SYSTEM SCAN ONLY puis selectionne sur la gauche les lignes suivantes puis fais FIX CHEKED


R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - C:\Program Files\AskTBar\SrchAstt\1.bin\A5SRCHAS.DLL (file missing)
R3 - URLSearchHook: (no name) - {0579B4B6-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: Ask Search Assistant BHO - {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2} - C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL

O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Ask Toolbar BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Ask Toolbar - {FE063DB9-4EC0-403e-8DD8-394C54984B2C} - C:\Program Files\AskTBar\bar\1.bin\ASKTBAR.DLL (file missing)

O3 - Toolbar: Ask Toolbar - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"


O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [OpwareSE4] "C:\Program Files\ScanSoft\OmniPageSE4.0\OpwareSE4.exe"

O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunOnce: [Launcher] %WINDIR%\SMINST\launcher.exe


O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll


_____________________

recolle ensuite un scan avec bitdefender

un scan hijackthis

et dis surtout tes problemes
0
Réponse 18 / 60
grandpierre Messages postés 106 Date d'inscription samedi 8 novembre 2003 Statut Membre Dernière intervention 26 mars 2016 10
13 nov. 2007 à 10:40
Bonjour jlpjlp. Avant de t'envoyer le rapport d'Hijackthis que j'ai beacoup de mal à trouver avec Vista, j'ai lu dans Micro Hebdo un antivirus Trojan remover que j'ai essayé et dont je te joins le rapport. J'espère qu'il n'est pas trop lourd. Je réunis le reste de mes investigations et je te les renvoie dès que possible. Pour te faire une idée dd'un des problemes que je rencontre, j'ai attendu 10 minutes pour avoir la page de Comment ça marche après avoir cliqué sur l'adresse. Merci encore. Grandpierre

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.4.2499. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 13/11/2007 06:47:10
Using Database v6891
Operating System: Windows Vista (Build 6000)
Edition: Windows Vista (TM) Home Premium
Data directory: C:\Users\Pierre\AppData\Roaming\Simply Super Software\Trojan Remover\
Logfile directory: C:\Users\Pierre\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges


**************************************************
The following Anti-Malware program(s) are loaded:
Microsoft Windows Defender

**************************************************

Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

**************************************************
06:47:10: Scanning ----------WIN.INI-----------
WIN.INI found in C:\Windows

**************************************************
06:47:10: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\Windows

**************************************************
06:47:10: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
06:47:10: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\Windows\system32\userinit.exe - this entry has been left in place
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = Windows Defender
Value Data = %ProgramFiles%\Windows Defender\MSASCui.exe -hide - this command has been left in place
--------------------
Value Name = hpsysdrv
Value Data = c:\hp\support\hpsysdrv.exe - this command has been left in place
--------------------
Value Name = KBD
Value Data = C:\HP\KBD\KbdStub.EXE - this command has been left in place
--------------------
Value Name = OsdMaestro
Value Data = C:\Program Files\Hewlett-Packard\On-Screen OSD Indicator\OSD.exe - this command has been left in place
--------------------
Value Name = NvSvc
Value Data = RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart - this command has been left in place
--------------------
Value Name = NvCplDaemon
Value Data = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup - this command has been left in place
--------------------
Value Name = NvMediaCenter
Value Data = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit - this command has been left in place
--------------------
Value Name = RtHDVCpl
Value Data = RtHDVCpl.exe - this command has been left in place
--------------------
Value Name = CCUTRAYICON
Value Data = C:\Program Files\Intel\IntelDH\CCU\CCU_TrayIcon.exe - this command has been left in place
--------------------
Value Name = HP Software Update
Value Data = c:\Program Files\HP\HP Software Update\HPWuSchd2.exe - this command has been left in place
--------------------
Value Name = Symantec PIF AlertEng
Value Data = C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll - this command has been left in place
--------------------
Value Name = NeroFilterCheck
Value Data = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe - this command has been left in place
--------------------
Value Name = PMCRemote
Value Data = C:\Program Files\Pinnacle\Shared Files\Programs\Remote\Remoterm.exe - this command has been left in place
--------------------
Value Name = avast!
Value Data = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - this command has been left in place
--------------------
Value Name = AVFX Engine
Value Data = C:\Program Files\Creative\Creative Live! Cam\VideoFX\StartFX.exe - this command has been left in place
--------------------
Value Name = BDMCon
Value Data = C:\Program Files\Softwin\BitDefender10\bdmcon.exe" /reg - this command has been left in place
--------------------
Value Name = BDAgent
Value Data = C:\Program Files\Softwin\BitDefender10\bdagent.exe - this command has been left in place
--------------------
Value Name = SSBkgdUpdate
Value Data = C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot - this command has been left in place
--------------------
Value Name = WrtMon.exe
Value Data = C:\Windows\system32\spool\drivers\w32x86\3\WrtMon.exe - this command has been left in place
--------------------
Value Name = TkBellExe
Value Data = C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key attempts to run the following program(s):
Value Name = Launcher
Value Data = %WINDIR%\SMINST\launcher.exe - this command has been left in place
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = Sidebar
Value Data = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun - this command has been left in place
--------------------
Value Name = Skype
Value Data = C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized - this command has been left in place
--------------------
Value Name = ehTray.exe
Value Data = C:\Windows\ehome\ehTray.exe - this command has been left in place
--------------------
Value Name = BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
Value Data = C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe - this command has been left in place
--------------------
Value Name = swg
Value Data = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - this command has been left in place
--------------------
Value Name = MoneyAgent
Value Data = C:\Program Files\Microsoft Money\System\mnyexpr.exe - this command has been left in place
--------------------
Value Name = WMPNSCFG
Value Data = C:\Program Files\Windows Media Player\WMPNSCFG.exe - this command has been left in place
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty

**************************************************
06:47:11: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {57B86673-276A-48B2-BAE7-C6DBB3020EB8}
Value: AVG Anti-Spyware 7.5
File: C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\shellexecutehook.dll - this ShellExecuteHook has been left in place
----------

**************************************************
06:47:11: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
06:47:11: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver=C:\Windows\system32\logon.scr - this command has been left in place
--------------------

**************************************************
06:47:11: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\Windows\system32\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\Windows\system32\ie4uinit.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\Windows\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Windows Mail\WinMail.exe - this reference has been left in place
----------
Key={6BF52A52-394A-11d3-B153-00C04F79FAA6}
StubPath=C:\Windows\system32\unregmp2.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\Windows\system32\ie4uinit.exe - this reference has been left in place
----------

**************************************************
06:47:12: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=AeLookupSvc
ServiceDLL=%SystemRoot%\System32\aelupsvc.dll - this reference has been left in place
--------------------
Key=Appinfo
ServiceDLL=%SystemRoot%\System32\appinfo.dll - this reference has been left in place
--------------------
Key=AudioEndpointBuilder
ServiceDLL=%SystemRoot%\System32\Audiosrv.dll - this reference has been left in place
--------------------
Key=Audiosrv
ServiceDLL=%SystemRoot%\System32\Audiosrv.dll - this reference has been left in place
--------------------
Key=BFE
ServiceDLL=%SystemRoot%\System32\bfe.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=%SystemRoot%\System32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CertPropSvc
ServiceDLL=%SystemRoot%\System32\certprop.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\system32\cryptsvc.dll - this reference has been left in place
--------------------
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=dot3svc
ServiceDLL=%SystemRoot%\System32\dot3svc.dll - this reference has been left in place
--------------------
Key=DPS
ServiceDLL=%SystemRoot%\system32\dps.dll - this reference has been left in place
--------------------
Key=EapHost
ServiceDLL=%SystemRoot%\System32\eapsvc.dll - this reference has been left in place
--------------------
Key=ehstart
ServiceDLL=%SystemRoot%\ehome\ehstart.dll - this reference has been left in place
--------------------
Key=EMDMgmt
ServiceDLL=%systemroot%\system32\emdmgmt.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=%systemroot%\system32\es.dll - this reference has been left in place
--------------------
Key=fdPHost
ServiceDLL=%SystemRoot%\system32\fdPHost.dll - this reference has been left in place
--------------------
Key=FDResPub
ServiceDLL=%SystemRoot%\system32\fdrespub.dll - this reference has been left in place
--------------------
Key=gpsvc
ServiceDLL=%SystemRoot%\System32\gpsvc.dll - this reference has been left in place
--------------------
Key=hidserv
ServiceDLL=%SystemRoot%\system32\hidserv.dll - this reference has been left in place
--------------------
Key=hkmsvc
ServiceDLL=%SystemRoot%\system32\kmsvc.dll - this reference has been left in place
--------------------
Key=IKEEXT
ServiceDLL=%SystemRoot%\System32\ikeext.dll - this reference has been left in place
--------------------
Key=IPBusEnum
ServiceDLL=%SystemRoot%\system32\ipbusenum.dll - this reference has been left in place
--------------------
Key=iphlpsvc
ServiceDLL=%SystemRoot%\System32\iphlpsvc.dll - this reference has been left in place
--------------------
Key=KtmRm
ServiceDLL=%systemroot%\system32\msdtckrm.dll - this reference has been left in place
--------------------
Key=LanmanServer
ServiceDLL=%SystemRoot%\system32\srvsvc.dll - this reference has been left in place
--------------------
Key=LanmanWorkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=lltdsvc
ServiceDLL=%SystemRoot%\System32\lltdsvc.dll - this reference has been left in place
--------------------
Key=lmhosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Mcx2Svc
ServiceDLL=%SystemRoot%\system32\Mcx2Svc.dll - this reference has been left in place
--------------------
Key=MMCSS
ServiceDLL=%SystemRoot%\system32\mmcss.dll - this reference has been left in place
--------------------
Key=MpsSvc
ServiceDLL=%SystemRoot%\system32\mpssvc.dll - this reference has been left in place
--------------------
Key=MSiSCSI
ServiceDLL=%systemroot%\system32\iscsiexe.dll - this reference has been left in place
--------------------
Key=napagent
ServiceDLL=%SystemRoot%\system32\qagentRT.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=netprofm
ServiceDLL=%SystemRoot%\System32\netprofm.dll - this reference has been left in place
--------------------
Key=NlaSvc
ServiceDLL=%SystemRoot%\System32\nlasvc.dll - this reference has been left in place
--------------------
Key=nsi
ServiceDLL=%systemroot%\system32\nsisvc.dll - this reference has been left in place
--------------------
Key=p2pimsvc
ServiceDLL=%SystemRoot%\system32\p2psvc.dll - this reference has been left in place
--------------------
Key=p2psvc
ServiceDLL=%SystemRoot%\system32\p2psvc.dll - this reference has been left in place
--------------------
Key=PcaSvc
ServiceDLL=%SystemRoot%\System32\pcasvc.dll - this reference has been left in place
--------------------
Key=pla
ServiceDLL=%systemroot%\system32\pla.dll - this reference has been left in place
--------------------
Key=PlugPlay
ServiceDLL=%SystemRoot%\system32\umpnpmgr.dll - this reference has been left in place
--------------------
Key=PNRPAutoReg
ServiceDLL=%SystemRoot%\system32\p2psvc.dll - this reference has been left in place
--------------------
Key=PNRPsvc
ServiceDLL=%SystemRoot%\system32\p2psvc.dll - this reference has been left in place
--------------------
Key=PolicyAgent
ServiceDLL=%SystemRoot%\System32\ipsecsvc.dll - this reference has been left in place
--------------------
Key=ProfSvc
ServiceDLL=%systemroot%\system32\profsvc.dll - this reference has been left in place
--------------------
Key=QWAVE
ServiceDLL=%windir%\system32\qwave.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RemoteRegistry
ServiceDLL=%SystemRoot%\system32\regsvc.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=SCardSvr
ServiceDLL=%SystemRoot%\System32\SCardSvr.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%systemroot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=SCPolicySvc
ServiceDLL=%SystemRoot%\System32\certprop.dll - this reference has been left in place
--------------------
Key=SDRSVC
ServiceDLL=%Systemroot%\System32\SDRSVC.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%windir%\system32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\System32\sens.dll - this reference has been left in place
--------------------
Key=SessionEnv
ServiceDLL=%SystemRoot%\system32\sessenv.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=SLUINotify
ServiceDLL=%SystemRoot%\system32\SLUINotify.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\System32\wiaservc.dll - this reference has been left in place
--------------------
Key=swprv
ServiceDLL=%Systemroot%\System32\swprv.dll - this reference has been left in place
--------------------
Key=SysMain
ServiceDLL=%systemroot%\system32\sysmain.dll - this reference has been left in place
--------------------
Key=TabletInputService
ServiceDLL=%SystemRoot%\System32\TabSvc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TBS
ServiceDLL=%SystemRoot%\System32\tbssvc.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\system32\shsvcs.dll - this reference has been left in place
--------------------
Key=THREADORDER
ServiceDLL=%SystemRoot%\system32\mmcss.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\System32\trkwks.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=UxSms
ServiceDLL=%SystemRoot%\System32\uxsms.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=%systemroot%\system32\w32time.dll - this reference has been left in place
--------------------
Key=W3SVC
ServiceDLL=%windir%\system32\inetsrv\iisw3adm.dll - this reference has been left in place
--------------------
Key=WAS
ServiceDLL=%windir%\system32\inetsrv\iisw3adm.dll - this reference has been left in place
--------------------
Key=wcncsvc
ServiceDLL=%SystemRoot%\System32\wcncsvc.dll - this reference has been left in place
--------------------
Key=WcsPlugInService
ServiceDLL=%SystemRoot%\System32\WcsPlugInService.dll - this reference has been left in place
--------------------
Key=WdiServiceHost
ServiceDLL=%SystemRoot%\system32\wdi.dll - this reference has been left in place
--------------------
Key=WdiSystemHost
ServiceDLL=%SystemRoot%\system32\wdi.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=Wecsvc
ServiceDLL=%SystemRoot%\system32\wecsvc.dll - this reference has been left in place
--------------------
Key=wercplsupport
ServiceDLL=%SystemRoot%\System32\wercplsupport.dll - this reference has been left in place
--------------------
Key=WerSvc
ServiceDLL=%SystemRoot%\System32\WerSvc.dll - this reference has been left in place
--------------------
Key=WinDefend
ServiceDLL=%ProgramFiles%\Windows Defender\mpsvc.dll - this reference has been left in place
--------------------
Key=WinHttpAutoProxySvc
ServiceDLL=winhttp.dll - this reference has been left in place
--------------------
Key=Winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WinRM
ServiceDLL=%SystemRoot%\system32\WsmSvc.dll - this reference has been left in place
--------------------
Key=Wlansvc
ServiceDLL=%SystemRoot%\System32\wlansvc.dll - this reference has been left in place
--------------------
Key=WPCSvc
ServiceDLL=%SystemRoot%\System32\wpcsvc.dll - this reference has been left in place
--------------------
Key=WPDBusEnum
ServiceDLL=%SystemRoot%\system32\wpdbusenum.dll - this reference has been left in place
--------------------
Key=wscsvc
ServiceDLL=%SystemRoot%\System32\wscsvc.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=%systemroot%\system32\wuaueng.dll - this reference has been left in place
--------------------
Key=wudfsvc
ServiceDLL=%SystemRoot%\System32\WUDFSvc.dll - this reference has been left in place

**************************************************
06:47:16: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=61883
ImagePath=system32\DRIVERS\61883.sys - this reference has been left in place
----------
Key=ACPI
ImagePath=system32\drivers\acpi.sys - this reference has been left in place
----------
Key=adp94xx
ImagePath=\SystemRoot\system32\drivers\adp94xx.sys - this reference has been left in place
----------
Key=adpahci
ImagePath=\SystemRoot\system32\drivers\adpahci.sys - this reference has been left in place
----------
Key=adpu160m
ImagePath=\SystemRoot\system32\drivers\adpu160m.sys - this reference has been left in place
----------
Key=adpu320
ImagePath=\SystemRoot\system32\drivers\adpu320.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\system32\drivers\afd.sys - this reference has been left in place
----------
Key=agp440
ImagePath=\SystemRoot\system32\drivers\agp440.sys - this reference has been left in place
----------
Key=aic78xx
ImagePath=\SystemRoot\system32\drivers\djsvs.sys - this reference has been left in place
----------
Key=AlertService
ImagePath="C:\Program Files\Intel\IntelDH\CCU\AlertService.exe" - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=aliide
ImagePath=\SystemRoot\system32\drivers\aliide.sys - this reference has been left in place
----------
Key=amdagp
ImagePath=\SystemRoot\system32\drivers\amdagp.sys - this reference has been left in place
----------
Key=amdide
ImagePath=\SystemRoot\system32\drivers\amdide.sys - this reference has been left in place
----------
Key=AmdK7
ImagePath=\SystemRoot\system32\drivers\amdk7.sys - this reference has been left in place
----------
Key=AmdK8
ImagePath=\SystemRoot\system32\drivers\amdk8.sys - this reference has been left in place
----------
Key=Apple Mobile Device
ImagePath="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" - this reference has been left in place
----------
Key=arc
ImagePath=\SystemRoot\system32\drivers\arc.sys - this reference has been left in place
----------
Key=arcsas
ImagePath=\SystemRoot\system32\drivers\arcsas.sys - this reference has been left in place
----------
Key=aswMonFlt
ImagePath=system32\DRIVERS\aswMonFlt.sys - this reference has been left in place
----------
Key=aswUpdSv
ImagePath="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" - this reference has been left in place
----------
Key=AsyncMac
ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=system32\drivers\atapi.sys - this reference has been left in place
----------
Key=avast! Antivirus
ImagePath="C:\Program Files\Alwil Software\Avast4\ashServ.exe" - this reference has been left in place
----------
Key=avast! Mail Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service - this reference has been left in place
----------
Key=avast! Web Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service - this reference has been left in place
----------
Key=Avc
ImagePath=system32\DRIVERS\avc.sys - this reference has been left in place
----------
Key=AVG Anti-Spyware Driver
ImagePath=\??\C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys - this reference has been left in place
----------
Key=AVG Anti-Spyware Guard
ImagePath=C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe - this reference has been left in place
----------
Key=AvgAsCln
ImagePath=System32\DRIVERS\AvgAsCln.sys - this reference has been left in place
----------
Key=bdfdll
ImagePath=\??\C:\Program Files\Softwin\BitDefender10\bdfdll.sys - this reference has been left in place
----------
Key=bdss
ImagePath="C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe" /service - this reference has been left in place
----------
Key=blbdrive
ImagePath=\SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key=bowser
ImagePath=system32\DRIVERS\bowser.sys - this reference has been left in place
----------
Key=BrFiltLo
ImagePath=\SystemRoot\system32\drivers\brfiltlo.sys - this reference has been left in place
----------
Key=BrFiltUp
ImagePath=\SystemRoot\system32\drivers\brfiltup.sys - this reference has been left in place
----------
Key=Brserid
ImagePath=\SystemRoot\system32\drivers\brserid.sys - this reference has been left in place
----------
Key=BrSerWdm
ImagePath=\SystemRoot\system32\drivers\brserwdm.sys - this reference has been left in place
----------
Key=BrUsbMdm
ImagePath=\SystemRoot\system32\drivers\brusbmdm.sys - this reference has been left in place
----------
Key=BrUsbSer
ImagePath=\SystemRoot\system32\drivers\brusbser.sys - this reference has been left in place
----------
Key=BTHMODEM
ImagePath=\SystemRoot\system32\drivers\bthmodem.sys - this reference has been left in place
----------
Key=cdfs
ImagePath=system32\DRIVERS\cdfs.sys - this reference has been left in place
----------
Key=cdrom
ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=circlass
ImagePath=\SystemRoot\system32\drivers\circlass.sys - this reference has been left in place
----------
Key=CLFS
ImagePath=System32\CLFS.sys - this reference has been left in place
----------
Key=clr_optimization_v2.0.50727_32
ImagePath=%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - this reference has been left in place
----------
Key=cmdide
ImagePath=\SystemRoot\system32\drivers\cmdide.sys - this reference has been left in place
----------
Key=Compbatt
ImagePath=\SystemRoot\system32\drivers\compbatt.sys - this reference has been left in place
----------
Key=COMSysApp
ImagePath=%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=crcdisk
ImagePath=system32\drivers\crcdisk.sys - this reference has been left in place
----------
Key=Crusoe
ImagePath=\SystemRoot\system32\drivers\crusoe.sys - this reference has been left in place
----------
Key=DfsC
ImagePath=System32\Drivers\dfsc.sys - this reference has been left in place
----------
Key=DFSR
ImagePath=%SystemRoot%\system32\DFSR.exe - this reference has been left in place
----------
Key=disk
ImagePath=system32\drivers\disk.sys - this reference has been left in place
----------
Key=DQLWinService
ImagePath="C:\Program Files\Common Files\Intel\IntelDH\NMS\AdpPlugins\DQLWinService.exe" - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=DXGKrnl
ImagePath=\SystemRoot\System32\drivers\dxgkrnl.sys - this reference has been left in place
----------
Key=e1express
ImagePath=system32\DRIVERS\e1e6032.sys - this reference has been left in place
----------
Key=E1G60
ImagePath=system32\DRIVERS\E1G60I32.sys - this reference has been left in place
----------
Key=Ecache
ImagePath=System32\drivers\ecache.sys - this reference has been left in place
----------
Key=ehRecvr
ImagePath=%systemroot%\ehome\ehRecvr.exe - this reference has been left in place
----------
Key=ehSched
ImagePath=%systemroot%\ehome\ehsched.exe - this reference has been left in place
----------
Key=elxstor
ImagePath=\SystemRoot\system32\drivers\elxstor.sys - this reference has been left in place
----------
Key=fdc
ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=FileInfo
ImagePath=system32\drivers\fileinfo.sys - this reference has been left in place
----------
Key=Filetrace
ImagePath=system32\drivers\filetrace.sys - this reference has been left in place
----------
Key=flpydisk
ImagePath=system32\DRIVERS\flpydisk.sys - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\drivers\fltmgr.sys - this reference has been left in place
----------
Key=FontCache3.0.0.0
ImagePath=%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe - this reference has been left in place
----------
Key=gagp30kx
ImagePath=\SystemRoot\system32\drivers\gagp30kx.sys - this reference has been left in place
----------
Key=GEARAspiWDM
ImagePath=System32\Drivers\GEARAspiWDM.sys - this reference has been left in place
----------
Key=gusvc
ImagePath="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
----------
Key=HdAudAddService
ImagePath=system32\drivers\HdAudio.sys - this reference has been left in place
----------
Key=HDAudBus
ImagePath=system32\DRIVERS\HDAudBus.sys - this reference has been left in place
----------
Key=HidBth
ImagePath=\SystemRoot\system32\drivers\hidbth.sys - this reference has been left in place
----------
Key=HidIr
ImagePath=\SystemRoot\system32\drivers\hidir.sys - this reference has been left in place
----------
Key=HidUsb
ImagePath=system32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=HpCISSs
ImagePath=\SystemRoot\system32\drivers\hpcisss.sys - this reference has been left in place
----------
Key=HTTP
ImagePath=system32\drivers\HTTP.sys - this reference has been left in place
----------
Key=i2omp
ImagePath=\SystemRoot\system32\drivers\i2omp.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=iaStor
ImagePath=\SystemRoot\system32\drivers\iastor.sys - this reference has been left in place
----------
Key=iaStorV
ImagePath=\SystemRoot\system32\drivers\iastorv.sys - this reference has been left in place
----------
Key=IDriverT
ImagePath="c:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" - this reference has been left in place
----------
Key=idsvc
ImagePath="%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" - this reference has been left in place
----------
Key=iirsp
ImagePath=\SystemRoot\system32\drivers\iirsp.sys - this reference has been left in place
----------
Key=IntcAzAudAddService
ImagePath=system32\drivers\RTKVHDA.sys - this reference has been left in place
----------
Key=intelide
ImagePath=\SystemRoot\system32\DRIVERS\intelide.sys - this reference has been left in place
----------
Key=intelppm
ImagePath=system32\DRIVERS\intelppm.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key=IPMIDRV
ImagePath=\SystemRoot\system32\drivers\ipmidrv.sys - this reference has been left in place
----------
Key=IPNAT
ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=iPod Service
ImagePath="C:\Program Files\iPod\bin\iPodService.exe" - this reference has been left in place
----------
Key=IRENUM
ImagePath=system32\drivers\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=\SystemRoot\system32\drivers\isapnp.sys - this reference has been left in place
----------
Key=iScsiPrt
ImagePath=system32\DRIVERS\msiscsi.sys - this reference has been left in place
----------
Key=ISSM
ImagePath="C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\ISSM.exe" - this reference has been left in place
----------
Key=iteatapi
ImagePath=\SystemRoot\system32\drivers\iteatapi.sys - this reference has been left in place
----------
Key=iteraid
ImagePath=\SystemRoot\system32\drivers\iteraid.sys - this reference has been left in place
----------
Key=kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kbdhid
ImagePath=system32\DRIVERS\kbdhid.sys - this reference has been left in place
----------
Key=KeyIso
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=kl1
ImagePath=system32\DRIVERS\kl1.sys - this reference has been left in place
----------
Key=KLIF
ImagePath=system32\DRIVERS\klif.sys - this reference has been left in place
----------
Key=KSecDD
ImagePath=System32\Drivers\ksecdd.sys - this reference has been left in place
----------
Key=LightScribeService
ImagePath="c:\Program Files\Common Files\LightScribe\LSSrvc.exe" - this reference has been left in place
----------
Key=LIVESRV
ImagePath="C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe" /service - this reference has been left in place
----------
Key=LiveUpdate
ImagePath="C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" - this reference has been left in place
----------
Key=LiveUpdate Notice Service
ImagePath="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll" - this reference has been left in place
----------
Key=lltdio
ImagePath=system32\DRIVERS\lltdio.sys - this reference has been left in place
----------
Key=LSI_FC
ImagePath=\SystemRoot\system32\drivers\lsi_fc.sys - this reference has been left in place
----------
Key=LSI_SAS
ImagePath=\SystemRoot\system32\drivers\lsi_sas.sys - this reference has been left in place
----------
Key=LSI_SCSI
ImagePath=\SystemRoot\system32\drivers\lsi_scsi.sys - this reference has been left in place
----------
Key=luafv
ImagePath=\SystemRoot\system32\drivers\luafv.sys - this reference has been left in place
----------
Key=M1 Server
ImagePath=C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\mediaserver.exe - this reference has been left in place
----------
Key=MarvinBus
ImagePath=system32\DRIVERS\MarvinBus.sys - this reference has been left in place
----------
Key=MCLServiceATL
ImagePath="C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\MCLServiceATL.exe" - this reference has been left in place
----------
Key=megasas
ImagePath=\SystemRoot\system32\drivers\megasas.sys - this reference has been left in place
----------
Key=Modem
ImagePath=system32\drivers\modem.sys - this reference has been left in place
----------
Key=monitor
ImagePath=system32\DRIVERS\monitor.sys - this reference has been left in place
----------
Key=mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=system32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=MountMgr
ImagePath=System32\drivers\mountmgr.sys - this reference has been left in place
----------
Key=mpio
ImagePath=\SystemRoot\system32\drivers\mpio.sys - this reference has been left in place
----------
Key=mpsdrv
ImagePath=System32\drivers\mpsdrv.sys - this reference has been left in place
----------
Key=Mraid35x
ImagePath=\SystemRoot\system32\drivers\mraid35x.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=\SystemRoot\system32\drivers\mrxdav.sys - this reference has been left in place
----------
Key=mrxsmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=mrxsmb10
ImagePath=system32\DRIVERS\mrxsmb10.sys - this reference has been left in place
----------
Key=mrxsmb20
ImagePath=system32\DRIVERS\mrxsmb20.sys - this reference has been left in place
----------
Key=msahci
ImagePath=\SystemRoot\system32\drivers\msahci.sys - this reference has been left in place
----------
Key=msdsm
ImagePath=\SystemRoot\system32\drivers\msdsm.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=%SystemRoot%\System32\msdtc.exe - this reference has been left in place
----------
Key=MSDV
ImagePath=system32\DRIVERS\msdv.sys - this reference has been left in place
----------
Key=msisadrv
ImagePath=system32\drivers\msisadrv.sys - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\Windows\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=MSTEE
ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
----------
Key=Mup
ImagePath=System32\Drivers\mup.sys - this reference has been left in place
----------
Key=NativeWifiP
ImagePath=system32\DRIVERS\nwifi.sys - this reference has been left in place
----------
Key=NBService
ImagePath=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe - this reference has been left in place
----------
Key=NDIS
ImagePath=system32\drivers\ndis.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=netbt
ImagePath=System32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=Netlogon
ImagePath=%systemroot%\system32\lsass.exe - this reference has been left in place
----------
Key=netr73
ImagePath=system32\DRIVERS\netr73.sys - this reference has been left in place
----------
Key=nfrd960
ImagePath=\SystemRoot\system32\drivers\nfrd960.sys - this reference has been left in place
----------
Key=NMIndexingService
ImagePath="C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" - this reference has been left in place
----------
Key=nsiproxy
ImagePath=system32\drivers\nsiproxy.sys - this reference has been left in place
----------
Key=ntrigdigi
ImagePath=\SystemRoot\system32\drivers\ntrigdigi.sys - this reference has been left in place
----------
Key=nvlddmkm
ImagePath=system32\DRIVERS\nvlddmkm.sys - this reference has been left in place
----------
Key=nvraid
ImagePath=\SystemRoot\system32\drivers\nvraid.sys - this reference has been left in place
----------
Key=nvstor
ImagePath=\SystemRoot\system32\drivers\nvstor.sys - this reference has been left in place
----------
Key=nv_agp
ImagePath=\SystemRoot\system32\drivers\nv_agp.sys - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key=NwlnkFwd
ImagePath=system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key=odserv
ImagePath="C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" - this reference has been left in place
----------
Key=ohci1394
ImagePath=system32\DRIVERS\ohci1394.sys - this reference has been left in place
----------
Key=ose
ImagePath="C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" - this reference has been left in place
----------
Key=Parport
ImagePath=\SystemRoot\system32\drivers\parport.sys - this reference has been left in place
----------
Key=partmgr
ImagePath=System32\drivers\partmgr.sys - this reference has been left in place
----------
Key=Parvdm
ImagePath=\SystemRoot\system32\drivers\parvdm.sys - this reference has been left in place
----------
Key=pci
ImagePath=system32\drivers\pci.sys - this reference has been left in place
----------
Key=pciide
ImagePath=system32\drivers\pciide.sys - this reference has been left in place
----------
Key=PCLEPCI
ImagePath=C:\Windows\system32\drivers\pclepci.sys - this reference has been left in place
----------
Key=pcmcia
ImagePath=\SystemRoot\system32\drivers\pcmcia.sys - this reference has been left in place
----------
Key=PEAUTH
ImagePath=system32\drivers\peauth.sys - this reference has been left in place
----------
Key=Planificateur LiveUpdate automatique
ImagePath="C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=Processor
ImagePath=\SystemRoot\system32\drivers\processr.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=Ps2
ImagePath=system32\DRIVERS\PS2.sys - this reference has been left in place
----------
Key=PSched
ImagePath=system32\DRIVERS\pacer.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
----------
Key=ql2300
ImagePath=\SystemRoot\system32\drivers\ql2300.sys - this reference has been left in place
----------
Key=ql40xx
ImagePath=\SystemRoot\system32\drivers\ql40xx.sys - this reference has been left in place
----------
Key=QWAVEdrv
ImagePath=\SystemRoot\system32\drivers\qwavedrv.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=System32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=rdbss
ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=rdpdr
ImagePath=\SystemRoot\system32\drivers\rdpdr.sys - this reference has been left in place
----------
Key=RDPENCDD
ImagePath=system32\drivers\rdpencdd.sys - this reference has been left in place
----------
Key=Remote UI Service
ImagePath="C:\Program Files\Intel\IntelDH\Intel Media Server\Shells\Remote UI Service.exe" - this reference has been left in place
----------
Key=RoxMediaDB9
ImagePath="c:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe" - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
----------
Key=rspndr
ImagePath=system32\DRIVERS\rspndr.sys - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=sbp2port
ImagePath=\SystemRoot\system32\drivers\sbp2port.sys - this reference has been left in place
----------
Key=SBSDWSCService
ImagePath=C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe - this reference has been left in place
----------
Key=Serenum
ImagePath=\SystemRoot\system32\drivers\serenum.sys - this reference has been left in place
----------
Key=Serial
ImagePath=\SystemRoot\system32\drivers\serial.sys - this reference has been left in place
----------
Key=sermouse
ImagePath=\SystemRoot\system32\drivers\sermouse.sys - this reference has been left in place
----------
Key=sffdisk
ImagePath=\SystemRoot\system32\drivers\sffdisk.sys - this reference has been left in place
----------
Key=sffp_mmc
ImagePath=\SystemRoot\system32\drivers\sffp_mmc.sys - this reference has been left in place
----------
Key=sffp_sd
ImagePath=\SystemRoot\system32\drivers\sffp_sd.sys - this reference has been left in place
----------
Key=sfloppy
ImagePath=\SystemRoot\system32\drivers\sfloppy.sys - this reference has been left in place
----------
Key=sisagp
ImagePath=\SystemRoot\system32\drivers\sisagp.sys - this reference has been left in place
----------
Key=SiSRaid2
ImagePath=\SystemRoot\system32\drivers\sisraid2.sys - this reference has been left in place
----------
Key=SiSRaid4
ImagePath=\SystemRoot\system32\drivers\sisraid4.sys - this reference has been left in place
----------
Key=slsvc
ImagePath=%SystemRoot%\system32\SLsvc.exe - this reference has been left in place
----------
Key=Smb
ImagePath=system32\DRIVERS\smb.sys - this reference has been left in place
----------
Key=SNMPTRAP
ImagePath=%SystemRoot%\System32\snmptrap.exe - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\System32\spoolsv.exe - this reference has been left in place
----------
Key=srv
ImagePath=System32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=srv2
ImagePath=System32\DRIVERS\srv2.sys - this reference has been left in place
----------
Key=srvnet
ImagePath=System32\DRIVERS\srvnet.sys - this reference has been left in place
----------
Key=stllssvr
ImagePath="c:\Program Files\Common Files\SureThing Shared\stllssvr.exe" - this reference has been left in place
----------
Key=swenum
ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=Symc8xx
ImagePath=\SystemRoot\system32\drivers\symc8xx.sys - this reference has been left in place
----------
Key=Sym_hi
ImagePath=\SystemRoot\system32\drivers\sym_hi.sys - this reference has been left in place
----------
Key=Sym_u3
ImagePath=\SystemRoot\system32\drivers\sym_u3.sys - this reference has been left in place
----------
Key=Tcpip
ImagePath=System32\drivers\tcpip.sys - this reference has been left in place
----------
Key=Tcpip6
ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=tcpipreg
ImagePath=System32\drivers\tcpipreg.sys - this reference has been left in place
----------
Key=TDPIPE
ImagePath=system32\drivers\tdpipe.sys - this reference has been left in place
----------
Key=TDTCP
ImagePath=system32\drivers\tdtcp.sys - this reference has been left in place
----------
Key=tdx
ImagePath=system32\DRIVERS\tdx.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=TrustedInstaller
ImagePath=%SystemRoot%\servicing\TrustedInstaller.exe - this reference has been left in place
----------
Key=tssecsrv
ImagePath=System32\DRIVERS\tssecsrv.sys - this reference has been left in place
----------
Key=tunmp
ImagePath=system32\DRIVERS\tunmp.sys - this reference has been left in place
----------
Key=tunnel
ImagePath=system32\DRIVERS\tunnel.sys - this reference has been left in place
----------
Key=uagp35
ImagePath=\SystemRoot\system32\drivers\uagp35.sys - this reference has been left in place
----------
Key=udfs
ImagePath=system32\DRIVERS\udfs.sys - this reference has been left in place
----------
Key=UI0Detect
ImagePath=%SystemRoot%\system32\UI0Detect.exe - this reference has been left in place
----------
Key=uliagpkx
ImagePath=\SystemRoot\system32\drivers\uliagpkx.sys - this reference has been left in place
----------
Key=uliahci
ImagePath=\SystemRoot\system32\drivers\uliahci.sys - this reference has been left in place
----------
Key=UlSata
ImagePath=\SystemRoot\system32\drivers\ulsata.sys - this reference has been left in place
----------
Key=ulsata2
ImagePath=\SystemRoot\system32\drivers\ulsata2.sys - this reference has been left in place
----------
Key=umbus
ImagePath=system32\DRIVERS\umbus.sys - this reference has been left in place
----------
Key=USB28xxBGA
ImagePath=system32\DRIVERS\emBDA.sys - this reference has been left in place
----------
Key=USB28xxOEM
ImagePath=system32\DRIVERS\emOEM.sys - this reference has been left in place
----------
Key=usbaudio
ImagePath=system32\drivers\usbaudio.sys - this reference has been left in place
----------
Key=usbccgp
ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbcir
ImagePath=\SystemRoot\system32\drivers\usbcir.sys - this reference has been left in place
----------
Key=usbehci
ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbohci
ImagePath=\SystemRoot\system32\drivers\usbohci.sys - this reference has been left in place
----------
Key=usbprint
ImagePath=system32\DRIVERS\usbprint.sys - this reference has been left in place
----------
Key=usbscan
ImagePath=system32\DRIVERS\usbscan.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usbuhci
ImagePath=system32\DRIVERS\usbuhci.sys - this reference has been left in place
----------
Key=vds
ImagePath=%SystemRoot%\System32\vds.exe - this reference has been left in place
----------
Key=vga
ImagePath=system32\DRIVERS\vgapnp.sys - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=viaagp
ImagePath=\SystemRoot\system32\drivers\viaagp.sys - this reference has been left in place
----------
Key=ViaC7
ImagePath=\SystemRoot\system32\drivers\viac7.sys - this reference has been left in place
----------
Key=viaide
ImagePath=\SystemRoot\system32\drivers\viaide.sys - this reference has been left in place
----------
Key=volmgr
ImagePath=system32\drivers\volmgr.sys - this reference has been left in place
----------
Key=volmgrx
ImagePath=System32\drivers\volmgrx.sys - this reference has been left in place
----------
Key=volsnap
ImagePath=system32\drivers\volsnap.sys - this reference has been left in place
----------
Key=Vsdatant
ImagePath=system32\DRIVERS\vsdatant.sys - this reference has been left in place
----------
Key=vsmon
ImagePath=C:\Windows\System32\ZoneLabs\vsmon.exe -service - this file is globally excluded
----------
Key=vsmraid
ImagePath=\SystemRoot\system32\drivers\vsmraid.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%systemroot%\system32\vssvc.exe - this reference has been left in place
----------
Key=VSSERV
ImagePath="C:\Program Files\Softwin\BitDefender10\vsserv.exe" /service - this reference has been left in place
----------
Key=WacomPen
ImagePath=\SystemRoot\system32\drivers\wacompen.sys - this reference has been left in place
----------
Key=Wanarp
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=Wanarpv6
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=Wd
ImagePath=\SystemRoot\system32\drivers\wd.sys - this reference has been left in place
----------
Key=Wdf01000
ImagePath=system32\drivers\Wdf01000.sys - this reference has been left in place
----------
Key=WmiAcpi
ImagePath=\SystemRoot\system32\drivers\wmiacpi.sys - this reference has been left in place
----------
Key=wmiApSrv
ImagePath=%systemroot%\system32\wbem\WmiApSrv.exe - this reference has been left in place
----------
Key=WMPNetworkSvc
ImagePath="%ProgramFiles%\Windows Media Player\wmpnetwk.exe" - this reference has been left in place
----------
Key=WpdUsb
ImagePath=system32\DRIVERS\wpdusb.sys - this reference has been left in place
----------
Key=ws2ifsl
ImagePath=\SystemRoot\system32\drivers\ws2ifsl.sys - this reference has been left in place
----------
Key=WSearch
ImagePath=%systemroot%\system32\SearchIndexer.exe /Embedding - this reference has been left in place
----------
Key=WUDFRd
ImagePath=system32\DRIVERS\WUDFRd.sys - this reference has been left in place
----------
Key=XCOMM
ImagePath="C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe" /service - this reference has been left in place
----------

**************************************************
06:47:32: Scanning -----VXD ENTRIES-----
Checking VMM32 VxD files being loaded

**************************************************
06:47:32: Scanning ----- WINLOGON\NOTIFY DLLS -----
No WINLOGON\NOTIFY DLLs found to scan

**************************************************
06:47:32: Scanning ----- CONTEXTMENUHANDLERS -----
Key = avast
CLSID = {472083B0-C522-11CF-8763-00608CC02F24}
C:\Program Files\Alwil Software\Avast4\ashShell.dll - this ContextMenuHandler has been left in place
----------
Key = AVG Anti-Spyware
CLSID = {8934FCEF-F5B8-468f-951F-78A921CD3920}
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\context.dll - this ContextMenuHandler has been left in place
----------
Key = BriefcaseMenu
CLSID = {85BBD920-42A0-1069-A2E4-08002B30309D}
syncui.dll - this ContextMenuHandler has been left in place
----------
Key = Cover Designer
CLSID = {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\shell32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\shell32.dll - this ContextMenuHandler has been left in place
----------
Key = Sharing
CLSID = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
ntshrui.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = ZLAVShExt
CLSID = {D9872D13-7651-4471-9EEE-F0A00218BEBB}
C:\Program Files\Zone Labs\ZoneAlarm\zlavscan.dll - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\shell32.dll - this ContextMenuHandler has been left in place
----------
Key = {D653647D-D607-4df6-A5B8-48D2BA195F7B}
C:\Program Files\Softwin\BitDefender10\bdshelxt.dll - this ContextMenuHandler has been left in place
----------
Key = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll - this ContextMenuHandler has been left in place
----------

**************************************************
06:47:32: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {7D4D6379-F301-4311-BEBA-E26EB0561882}
C:\Program Files\Common Files\Ahead\Lib\NeroDigitalExt.dll - this Folder\ColumnHandler has been left in place
----------
Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
----------

**************************************************
06:47:32: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {02478D38-C3F9-4EFB-9B51-7695ECA05670}
C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll - this Browser Helper Object has been left in place
----------
Key = {0579B4B1-0293-4d73-B02D-5EBB0BA0F0A2}
C:\Program Files\AskSBar\SrchAstt\1.bin\A2SRCHAS.DLL - this Browser Helper Object has been left in place
----------
Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place
----------
Key = {243B17DE-77C7-46BF-B94B-0B5F309A0E64}
C:\Program Files\Microsoft Money\System\mnyside.dll - this Browser Helper Object has been left in place
----------
Key = {53707962-6F74-2D53-2644-206D7942484F}
C:\PROGRA~1\SPYBOT~1\SDHelper.dll - this Browser Helper Object has been left in place
----------
Key = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - this Browser Helper Object has been left in place
----------
Key = {AA58ED58-01DD-4d91-8333-CF10577473F7}
c:\program files\google\googletoolbar2.dll - this Browser Helper Object has been left in place
----------
Key = {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll - this Browser Helper Object has been left in place
----------
Key = {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}
C:\Program Files\AskSBar\bar\1.bin\ASKSBAR.DLL - this Browser Helper Object has been left in place
----------

**************************************************
06:47:33: Scanning ----- SHELLSERVICEOBJECTS -----
Key = WebCheck
CLSID = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
C:\Windows\system32\webcheck.dll - this ShellServiceObject has been left in place
----------

**************************************************
0
Réponse 19 / 60
jlpjlp Messages postés 51580 Date d'inscription vendredi 18 mai 2007 Statut Contributeur sécurité Dernière intervention 3 mai 2022 5 040
13 nov. 2007 à 10:53
ok
fais bien tout ce que j'ai mis en 17
0
Réponse 20 / 60
grandpierre Messages postés 106 Date d'inscription samedi 8 novembre 2003 Statut Membre Dernière intervention 26 mars 2016 10
13 nov. 2007 à 12:55
A jlpj lp.
Je crois que je n'y arriverai pas. Après avoir coché les lignes que tu m'avas indiqué, puis cliqué sur FIX CHEKED, un message que je n'ai pas réussi à copier en cliquant sur Impr Syst, disait ceci:
An inexpected error has occured at procedure
wordbackup-MakeBackup (sltem=09 - Extra button no name
08BOE5CO-4FCB-11CF-AAA5-00401C608501 - C:\\ProgramFiles......
Error 5 Invalid procedure call on argument

J'ai essayé plusieurs fois, mais c'est toujours pareil.
Grandpierre
0

Discussions similaires

Les Live CD et Live USB Antivirus
jlpjlp -
jlpjlp -

0 réponse
web companion et resultat roguekiller positif
pasterma -
pasterma -

5 réponses
message "Web Companion"
cycy08 -
bazfile -

6 réponses
KASPERSKY & ADAWARE incompatibles ?
BAMBOUS -
bambou71 -

8 réponses