Sujet Précédent Sujet Suivant

Virus lenteur ouverture word

lilye -  
 alain idf -
Bonjour,

Depuis 2 jours mystérieusement, Word Office 2007 s'ouvre avec une lenteur insupportable (plusieurs minutes). Par curiosité j'ai ouvert le programme Office 12 et 2 Cheval de Troie m'est indiqué par avast. (Que je supprime).
Voici l'analyse de SmitFraudFix fais à l'instant. Pouvez vous me dire ce que je dois faire s'il vous plait ?

SmitFraudFix v2.253

Scan done at 12:28:55,90, 18/11/2007
Run from C:\Users\L‹lye\Downloads\SmitfraudFix
OS: Microsoft Windows [version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Windows\RtHDVCpl.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\mobsync.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\aol\1136148254\ee\aolsoftware.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\L‹lye

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\L‹lye\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\LLYE~1\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Carte Fast Ethernet compatible Rhine II VIA
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 0.0.0.0

HKLM\SYSTEM\CCS\Services\Tcpip\..\{9A57FA04-365F-4F65-93E2-0641C1FC37FB}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\..\{9A57FA04-365F-4F65-93E2-0641C1FC37FB}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\..\{9A57FA04-365F-4F65-93E2-0641C1FC37FB}: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 0.0.0.0

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End
A voir également:

4 réponses

Réponse 1 / 4
lilye
 
Et l'analyse de Hijack:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:47:52, on 18/11/2007
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16546)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Common Files\aol\1136148254\ee\aolsoftware.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
C:\Program Files\NETGEAR\WG111T\wlan111t.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Common Files\Nokia\MPAPI\MPAPI3s.exe
C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\CPSHelpRunner.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Windows\system32\SearchFilterHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [HostManager] C:\Program Files\Common Files\AOL\1136148254\ee\AOLSoftware.exe
O4 - HKLM\..\Run: [RoxWatchTray] "C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [PCSuiteTrayApplication] C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [My Web Search Bar Search Scope Monitor] "C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0
O4 - HKLM\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKLM\..\Run: [MSConfig] "C:\Windows\system32\msconfig.exe" /auto
O4 - HKCU\..\Run: [SmpcSys] C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [PcSync] C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Reader Synchronizer.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
O4 - Global Startup: NETGEAR WG111T Smart Wizard.lnk = ?
O4 - Global Startup: OFFICE One Startup v7.lnk = ?
O8 - Extra context menu item: &Search - http://edits.mywebsearch.com/toolbaredits/menusearch.jhtml?p=ZNfox000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O13 - Gopher Prefix:
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
0
Réponse 2 / 4
lilye
 
Voici l'analyse:

***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
18/11/2007 13:38:58: Trojan Remover has been restarted
Unable to rename C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe to C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe.ren
(C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe does not appear to exist)
You should run a new scan to see if the problem persists.
If it does, you may want to run a scan with Trojan Remover in SAFE mode.
18/11/2007 13:39:45: Trojan Remover closed
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.4.2499. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 18/11/2007 13:08:02
Using Database v6890
Operating System: Windows Vista (Build 6000)
Edition: Windows Vista (TM) Home Premium
Data directory: C:\Users\Lïlye\AppData\Roaming\Simply Super Software\Trojan Remover\
Logfile directory: C:\Users\Lïlye\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

**************************************************
The following Anti-Malware program(s) are loaded:
Microsoft Windows Defender

**************************************************

Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

**************************************************
13:08:02: Scanning ----------WIN.INI-----------
WIN.INI found in C:\Windows

**************************************************
13:08:02: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\Windows

**************************************************
13:08:02: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
13:08:03: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\Windows\system32\userinit.exe - this entry has been left in place
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = Windows Defender
Value Data = %ProgramFiles%\Windows Defender\MSASCui.exe -hide - this command has been left in place
--------------------
Value Name = RtHDVCpl
Value Data = RtHDVCpl.exe - this command has been left in place
--------------------
Value Name = NvSvc
Value Data = RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart - this command has been left in place
--------------------
Value Name = NvCplDaemon
Value Data = RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup - this command has been left in place
--------------------
Value Name = NvMediaCenter
Value Data = RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit - this command has been left in place
--------------------
Value Name = HostManager
Value Data = C:\Program Files\Common Files\AOL\1136148254\ee\AOLSoftware.exe - this command has been left in place
--------------------
Value Name =
The Value Data for this entry appears to be blank
--------------------
Value Name = RoxWatchTray
Value Data = C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe - this command has been left in place
--------------------
Value Name = ISUSPM Startup
Value Data = C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup - this command has been left in place
--------------------
Value Name = ISUSScheduler
Value Data = C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start - this command has been left in place
--------------------
Value Name = SunJavaUpdateSched
Value Data = C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe - this command has been left in place
--------------------
Value Name = avast!
Value Data = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - this command has been left in place
--------------------
Value Name = PCSuiteTrayApplication
Value Data = C:\PROGRA~1\Nokia\NOKIAP~1\LAUNCH~1.EXE -startup - this command has been left in place
--------------------
Value Name = QuickTime Task
Value Data = C:\Program Files\QuickTime\QTTask.exe" -atboottime - this command has been left in place
--------------------
Value Name = iTunesHelper
Value Data = C:\Program Files\iTunes\iTunesHelper.exe - this command has been left in place
--------------------
Value Name = My Web Search Bar Search Scope Monitor
Value Data = C:\PROGRA~1\MYWEBS~1\bar\1.bin\m3SrchMn.exe" /m=0 - this command has been left in place
--------------------
Value Name = MyWebSearch Email Plugin
MyWebSearch Email Plugin - this registry value has been removed
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe - running process located and terminated
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe has been renamed to: C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe.ren
--------------------
Value Name = MSConfig
Value Data = C:\Windows\system32\msconfig.exe" /auto - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = SmpcSys
Value Data = C:\Program Files\Packard Bell\SetUpMyPC\SmpSys.exe - this command has been left in place
--------------------
Value Name = Sidebar
Value Data = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun - this command has been left in place
--------------------
Value Name = ehTray.exe
Value Data = C:\Windows\ehome\ehTray.exe - this command has been left in place
--------------------
Value Name = PcSync
Value Data = C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog - this command has been left in place
--------------------
Value Name = WMPNSCFG
Value Data = C:\Program Files\Windows Media Player\WMPNSCFG.exe - this command has been left in place
--------------------
Value Name = swg
Value Data = C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe - this command has been left in place
--------------------
Value Name = MyWebSearch Email Plugin
MyWebSearch Email Plugin - this registry value has been removed [file not found to scan]
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe - process is either not running or could not be terminated
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe - unable to take ownsership/change permissions
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe has been marked for renaming when the PC is restarted (if it exists)
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

**************************************************
13:08:19: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

**************************************************
13:08:19: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
13:08:20: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver=C:\Windows\system32\PhotoScreensaver.scr - this command has been left in place
--------------------

**************************************************
13:08:20: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\Windows\system32\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\Windows\system32\ie4uinit.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\Windows\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Windows Mail\WinMail.exe - this reference has been left in place
----------
Key={6BF52A52-394A-11d3-B153-00C04F79FAA6}
StubPath=C:\Windows\system32\unregmp2.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\Windows\system32\ie4uinit.exe - this reference has been left in place
----------

**************************************************
13:08:21: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=AeLookupSvc
ServiceDLL=%SystemRoot%\System32\aelupsvc.dll - this reference has been left in place
--------------------
Key=Appinfo
ServiceDLL=%SystemRoot%\System32\appinfo.dll - this reference has been left in place
--------------------
Key=AudioEndpointBuilder
ServiceDLL=%SystemRoot%\System32\Audiosrv.dll - this reference has been left in place
--------------------
Key=Audiosrv
ServiceDLL=%SystemRoot%\System32\Audiosrv.dll - this reference has been left in place
--------------------
Key=BFE
ServiceDLL=%SystemRoot%\System32\bfe.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=%SystemRoot%\System32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CertPropSvc
ServiceDLL=%SystemRoot%\System32\certprop.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\system32\cryptsvc.dll - this reference has been left in place
--------------------
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=dot3svc
ServiceDLL=%SystemRoot%\System32\dot3svc.dll - this reference has been left in place
--------------------
Key=DPS
ServiceDLL=%SystemRoot%\system32\dps.dll - this reference has been left in place
--------------------
Key=EapHost
ServiceDLL=%SystemRoot%\System32\eapsvc.dll - this reference has been left in place
--------------------
Key=ehstart
ServiceDLL=%SystemRoot%\ehome\ehstart.dll - this reference has been left in place
--------------------
Key=EMDMgmt
ServiceDLL=%systemroot%\system32\emdmgmt.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=%systemroot%\system32\es.dll - this reference has been left in place
--------------------
Key=fdPHost
ServiceDLL=%SystemRoot%\system32\fdPHost.dll - this reference has been left in place
--------------------
Key=FDResPub
ServiceDLL=%SystemRoot%\system32\fdrespub.dll - this reference has been left in place
--------------------
Key=gpsvc
ServiceDLL=%SystemRoot%\System32\gpsvc.dll - this reference has been left in place
--------------------
Key=hidserv
ServiceDLL=%SystemRoot%\system32\hidserv.dll - this reference has been left in place
--------------------
Key=hkmsvc
ServiceDLL=%SystemRoot%\system32\kmsvc.dll - this reference has been left in place
--------------------
Key=IKEEXT
ServiceDLL=%SystemRoot%\System32\ikeext.dll - this reference has been left in place
--------------------
Key=IPBusEnum
ServiceDLL=%SystemRoot%\system32\ipbusenum.dll - this reference has been left in place
--------------------
Key=iphlpsvc
ServiceDLL=%SystemRoot%\System32\iphlpsvc.dll - this reference has been left in place
--------------------
Key=KtmRm
ServiceDLL=%systemroot%\system32\msdtckrm.dll - this reference has been left in place
--------------------
Key=LanmanServer
ServiceDLL=%SystemRoot%\system32\srvsvc.dll - this reference has been left in place
--------------------
Key=LanmanWorkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=lltdsvc
ServiceDLL=%SystemRoot%\System32\lltdsvc.dll - this reference has been left in place
--------------------
Key=lmhosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Mcx2Svc
ServiceDLL=%SystemRoot%\system32\Mcx2Svc.dll - this reference has been left in place
--------------------
Key=MMCSS
ServiceDLL=%SystemRoot%\system32\mmcss.dll - this reference has been left in place
--------------------
Key=MpsSvc
ServiceDLL=%SystemRoot%\system32\mpssvc.dll - this reference has been left in place
--------------------
Key=MSiSCSI
ServiceDLL=%systemroot%\system32\iscsiexe.dll - this reference has been left in place
--------------------
Key=napagent
ServiceDLL=%SystemRoot%\system32\qagentRT.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=netprofm
ServiceDLL=%SystemRoot%\System32\netprofm.dll - this reference has been left in place
--------------------
Key=NlaSvc
ServiceDLL=%SystemRoot%\System32\nlasvc.dll - this reference has been left in place
--------------------
Key=nsi
ServiceDLL=%systemroot%\system32\nsisvc.dll - this reference has been left in place
--------------------
Key=p2pimsvc
ServiceDLL=%SystemRoot%\system32\p2psvc.dll - this reference has been left in place
--------------------
Key=p2psvc
ServiceDLL=%SystemRoot%\system32\p2psvc.dll - this reference has been left in place
--------------------
Key=PcaSvc
ServiceDLL=%SystemRoot%\System32\pcasvc.dll - this reference has been left in place
--------------------
Key=pla
ServiceDLL=%systemroot%\system32\pla.dll - this reference has been left in place
--------------------
Key=PlugPlay
ServiceDLL=%SystemRoot%\system32\umpnpmgr.dll - this reference has been left in place
--------------------
Key=PNRPAutoReg
ServiceDLL=%SystemRoot%\system32\p2psvc.dll - this reference has been left in place
--------------------
Key=PNRPsvc
ServiceDLL=%SystemRoot%\system32\p2psvc.dll - this reference has been left in place
--------------------
Key=PolicyAgent
ServiceDLL=%SystemRoot%\System32\ipsecsvc.dll - this reference has been left in place
--------------------
Key=ProfSvc
ServiceDLL=%systemroot%\system32\profsvc.dll - this reference has been left in place
--------------------
Key=QWAVE
ServiceDLL=%windir%\system32\qwave.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RemoteRegistry
ServiceDLL=%SystemRoot%\system32\regsvc.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=SCardSvr
ServiceDLL=%SystemRoot%\System32\SCardSvr.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%systemroot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=SCPolicySvc
ServiceDLL=%SystemRoot%\System32\certprop.dll - this reference has been left in place
--------------------
Key=SDRSVC
ServiceDLL=%Systemroot%\System32\SDRSVC.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%windir%\system32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\System32\sens.dll - this reference has been left in place
--------------------
Key=SessionEnv
ServiceDLL=%SystemRoot%\system32\sessenv.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=SLUINotify
ServiceDLL=%SystemRoot%\system32\SLUINotify.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\System32\wiaservc.dll - this reference has been left in place
--------------------
Key=swprv
ServiceDLL=%Systemroot%\System32\swprv.dll - this reference has been left in place
--------------------
Key=SysMain
ServiceDLL=%systemroot%\system32\sysmain.dll - this reference has been left in place
--------------------
Key=TabletInputService
ServiceDLL=%SystemRoot%\System32\TabSvc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TBS
ServiceDLL=%SystemRoot%\System32\tbssvc.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\system32\shsvcs.dll - this reference has been left in place
--------------------
Key=THREADORDER
ServiceDLL=%SystemRoot%\system32\mmcss.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\System32\trkwks.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=UxSms
ServiceDLL=%SystemRoot%\System32\uxsms.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=%systemroot%\system32\w32time.dll - this reference has been left in place
--------------------
Key=wcncsvc
ServiceDLL=%SystemRoot%\System32\wcncsvc.dll - this reference has been left in place
--------------------
Key=WcsPlugInService
ServiceDLL=%SystemRoot%\System32\WcsPlugInService.dll - this reference has been left in place
--------------------
Key=WdiServiceHost
ServiceDLL=%SystemRoot%\system32\wdi.dll - this reference has been left in place
--------------------
Key=WdiSystemHost
ServiceDLL=%SystemRoot%\system32\wdi.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=Wecsvc
ServiceDLL=%SystemRoot%\system32\wecsvc.dll - this reference has been left in place
--------------------
Key=wercplsupport
ServiceDLL=%SystemRoot%\System32\wercplsupport.dll - this reference has been left in place
--------------------
Key=WerSvc
ServiceDLL=%SystemRoot%\System32\WerSvc.dll - this reference has been left in place
--------------------
Key=WinDefend
ServiceDLL=%ProgramFiles%\Windows Defender\mpsvc.dll - this reference has been left in place
--------------------
Key=WinHttpAutoProxySvc
ServiceDLL=winhttp.dll - this reference has been left in place
--------------------
Key=Winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WinRM
ServiceDLL=%SystemRoot%\system32\WsmSvc.dll - this reference has been left in place
--------------------
Key=Wlansvc
ServiceDLL=%SystemRoot%\System32\wlansvc.dll - this reference has been left in place
--------------------
Key=WPCSvc
ServiceDLL=%SystemRoot%\System32\wpcsvc.dll - this reference has been left in place
--------------------
Key=WPDBusEnum
ServiceDLL=%SystemRoot%\system32\wpdbusenum.dll - this reference has been left in place
--------------------
Key=wscsvc
ServiceDLL=%SystemRoot%\System32\wscsvc.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=%systemroot%\system32\wuaueng.dll - this reference has been left in place
--------------------
Key=wudfsvc
ServiceDLL=%SystemRoot%\System32\WUDFSvc.dll - this reference has been left in place

**************************************************
13:08:29: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=ACPI
ImagePath=system32\drivers\acpi.sys - this reference has been left in place
----------
Key=adp94xx
ImagePath=\SystemRoot\system32\drivers\adp94xx.sys - this reference has been left in place
----------
Key=adpahci
ImagePath=\SystemRoot\system32\drivers\adpahci.sys - this reference has been left in place
----------
Key=adpu160m
ImagePath=\SystemRoot\system32\drivers\adpu160m.sys - this reference has been left in place
----------
Key=adpu320
ImagePath=\SystemRoot\system32\drivers\adpu320.sys - this reference has been left in place
----------
Key=AegisP
ImagePath=system32\DRIVERS\AegisP.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\system32\drivers\afd.sys - this reference has been left in place
----------
Key=agp440
ImagePath=\SystemRoot\system32\drivers\agp440.sys - this reference has been left in place
----------
Key=aic78xx
ImagePath=\SystemRoot\system32\drivers\djsvs.sys - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=aliide
ImagePath=\SystemRoot\system32\drivers\aliide.sys - this reference has been left in place
----------
Key=amdagp
ImagePath=\SystemRoot\system32\drivers\amdagp.sys - this reference has been left in place
----------
Key=amdide
ImagePath=\SystemRoot\system32\drivers\amdide.sys - this reference has been left in place
----------
Key=AmdK7
ImagePath=\SystemRoot\system32\drivers\amdk7.sys - this reference has been left in place
----------
Key=AmdK8
ImagePath=\SystemRoot\system32\drivers\amdk8.sys - this reference has been left in place
----------
Key=Apple Mobile Device
ImagePath="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" - this reference has been left in place
----------
Key=AR5523
ImagePath=system32\DRIVERS\WG11TND5.sys - this reference has been left in place
----------
Key=arc
ImagePath=\SystemRoot\system32\drivers\arc.sys - this reference has been left in place
----------
Key=arcsas
ImagePath=\SystemRoot\system32\drivers\arcsas.sys - this reference has been left in place
----------
Key=aswMonFlt
ImagePath=system32\DRIVERS\aswMonFlt.sys - this reference has been left in place
----------
Key=aswUpdSv
ImagePath="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" - this reference has been left in place
----------
Key=AsyncMac
ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=system32\drivers\atapi.sys - this reference has been left in place
----------
Key=avast! Antivirus
ImagePath="C:\Program Files\Alwil Software\Avast4\ashServ.exe" - this reference has been left in place
----------
Key=avast! Mail Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service - this reference has been left in place
----------
Key=avast! Web Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service - this reference has been left in place
----------
Key=blbdrive
ImagePath=\SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key=Bonjour Service
ImagePath="C:\Program Files\Bonjour\mDNSResponder.exe" - this reference has been left in place
----------
Key=bowser
ImagePath=system32\DRIVERS\bowser.sys - this reference has been left in place
----------
Key=BrFiltLo
ImagePath=\SystemRoot\system32\drivers\brfiltlo.sys - this reference has been left in place
----------
Key=BrFiltUp
ImagePath=\SystemRoot\system32\drivers\brfiltup.sys - this reference has been left in place
----------
Key=Brserid
ImagePath=\SystemRoot\system32\drivers\brserid.sys - this reference has been left in place
----------
Key=BrSerWdm
ImagePath=\SystemRoot\system32\drivers\brserwdm.sys - this reference has been left in place
----------
Key=BrUsbMdm
ImagePath=\SystemRoot\system32\drivers\brusbmdm.sys - this reference has been left in place
----------
Key=BrUsbSer
ImagePath=\SystemRoot\system32\drivers\brusbser.sys - this reference has been left in place
----------
Key=BTHMODEM
ImagePath=\SystemRoot\system32\drivers\bthmodem.sys - this reference has been left in place
----------
Key=ccEvtMgr
ImagePath="C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon - this reference has been left in place
----------
Key=ccSetMgr
ImagePath="C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon - this reference has been left in place
----------
Key=cdfs
ImagePath=system32\DRIVERS\cdfs.sys - this reference has been left in place
----------
Key=cdrom
ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=circlass
ImagePath=\SystemRoot\system32\drivers\circlass.sys - this reference has been left in place
----------
Key=CLFS
ImagePath=System32\CLFS.sys - this reference has been left in place
----------
Key=clr_optimization_v2.0.50727_32
ImagePath=%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - this reference has been left in place
----------
Key=CLTNetCnService
ImagePath="C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe" /h ccCommon - this reference has been left in place
----------
Key=cmdide
ImagePath=\SystemRoot\system32\drivers\cmdide.sys - this reference has been left in place
----------
Key=comHost
ImagePath="C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe" - this reference has been left in place
----------
Key=Compbatt
ImagePath=\SystemRoot\system32\drivers\compbatt.sys - this reference has been left in place
----------
Key=COMSysApp
ImagePath=%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=crcdisk
ImagePath=system32\drivers\crcdisk.sys - this reference has been left in place
----------
Key=Crusoe
ImagePath=\SystemRoot\system32\drivers\crusoe.sys - this reference has been left in place
----------
Key=DfsC
ImagePath=System32\Drivers\dfsc.sys - this reference has been left in place
----------
Key=DFSR
ImagePath=%SystemRoot%\system32\DFSR.exe - this reference has been left in place
----------
Key=disk
ImagePath=system32\drivers\disk.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=DXGKrnl
ImagePath=\SystemRoot\System32\drivers\dxgkrnl.sys - this reference has been left in place
----------
Key=E1G60
ImagePath=system32\DRIVERS\E1G60I32.sys - this reference has been left in place
----------
Key=Ecache
ImagePath=System32\drivers\ecache.sys - this reference has been left in place
----------
Key=eeCtrl
ImagePath=\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys - this reference has been left in place
----------
Key=ehRecvr
ImagePath=%systemroot%\ehome\ehRecvr.exe - this reference has been left in place
----------
Key=ehSched
ImagePath=%systemroot%\ehome\ehsched.exe - this reference has been left in place
----------
Key=elxstor
ImagePath=\SystemRoot\system32\drivers\elxstor.sys - this reference has been left in place
----------
Key=EraserUtilRebootDrv
ImagePath=\??\C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys - this reference has been left in place
----------
Key=fdc
ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=FETNDIS
ImagePath=system32\DRIVERS\fetnd5.sys - this reference has been left in place
----------
Key=FileInfo
ImagePath=system32\drivers\fileinfo.sys - this reference has been left in place
----------
Key=Filetrace
ImagePath=system32\drivers\filetrace.sys - this reference has been left in place
----------
Key=FLEXnet Licensing Service
ImagePath="C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe" - this reference has been left in place
----------
Key=flpydisk
ImagePath=system32\DRIVERS\flpydisk.sys - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\drivers\fltmgr.sys - this reference has been left in place
----------
Key=FontCache3.0.0.0
ImagePath=%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe - this reference has been left in place
----------
Key=gagp30kx
ImagePath=\SystemRoot\system32\drivers\gagp30kx.sys - this reference has been left in place
----------
Key=GEARAspiWDM
ImagePath=System32\Drivers\GEARAspiWDM.sys - this reference has been left in place
----------
Key=gusvc
ImagePath="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
----------
Key=HDAudBus
ImagePath=system32\DRIVERS\HDAudBus.sys - this reference has been left in place
----------
Key=HidBth
ImagePath=\SystemRoot\system32\drivers\hidbth.sys - this reference has been left in place
----------
Key=HidIr
ImagePath=\SystemRoot\system32\drivers\hidir.sys - this reference has been left in place
----------
Key=HidUsb
ImagePath=system32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=HpCISSs
ImagePath=\SystemRoot\system32\drivers\hpcisss.sys - this reference has been left in place
----------
Key=HTTP
ImagePath=system32\drivers\HTTP.sys - this reference has been left in place
----------
Key=i2omp
ImagePath=\SystemRoot\system32\drivers\i2omp.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=iaStorV
ImagePath=\SystemRoot\system32\drivers\iastorv.sys - this reference has been left in place
----------
Key=IDriverT
ImagePath="C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe" - this reference has been left in place
----------
Key=idsvc
ImagePath="%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" - this reference has been left in place
----------
Key=IDSvix86
ImagePath=\??\C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20061025.029\IDSvix86.sys - this reference has been left in place
----------
Key=iirsp
ImagePath=\SystemRoot\system32\drivers\iirsp.sys - this reference has been left in place
----------
Key=IntcAzAudAddService
ImagePath=system32\drivers\RTKVHDA.sys - this reference has been left in place
----------
Key=intelide
ImagePath=\SystemRoot\system32\drivers\intelide.sys - this reference has been left in place
----------
Key=intelppm
ImagePath=system32\DRIVERS\intelppm.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key=IPMIDRV
ImagePath=\SystemRoot\system32\drivers\ipmidrv.sys - this reference has been left in place
----------
Key=IPNAT
ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=iPod Service
ImagePath="C:\Program Files\iPod\bin\iPodService.exe" - this reference has been left in place
----------
Key=IRENUM
ImagePath=system32\drivers\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=\SystemRoot\system32\drivers\isapnp.sys - this reference has been left in place
----------
Key=iScsiPrt
ImagePath=system32\DRIVERS\msiscsi.sys - this reference has been left in place
----------
Key=ISPwdSvc
ImagePath="C:\Program Files\Norton Internet Security\isPwdSvc.exe" - this reference has been left in place
----------
Key=iteatapi
ImagePath=\SystemRoot\system32\drivers\iteatapi.sys - this reference has been left in place
----------
Key=iteraid
ImagePath=\SystemRoot\system32\drivers\iteraid.sys - this reference has been left in place
----------
Key=kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kbdhid
ImagePath=\SystemRoot\system32\drivers\kbdhid.sys - this reference has been left in place
----------
Key=KeyIso
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=KSecDD
ImagePath=System32\Drivers\ksecdd.sys - this reference has been left in place
----------
Key=LiveUpdate
ImagePath="C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" - this reference has been removed [file not found to scan]
----------
Key=lltdio
ImagePath=system32\DRIVERS\lltdio.sys - this reference has been left in place
----------
Key=LSI_FC
ImagePath=\SystemRoot\system32\drivers\lsi_fc.sys - this reference has been left in place
----------
Key=LSI_SAS
ImagePath=\SystemRoot\system32\drivers\lsi_sas.sys - this reference has been left in place
----------
Key=LSI_SCSI
ImagePath=\SystemRoot\system32\drivers\lsi_scsi.sys - this reference has been left in place
----------
Key=luafv
ImagePath=\SystemRoot\system32\drivers\luafv.sys - this reference has been left in place
----------
Key=megasas
ImagePath=\SystemRoot\system32\drivers\megasas.sys - this reference has been left in place
----------
Key=Modem
ImagePath=system32\drivers\modem.sys - this reference has been left in place
----------
Key=monitor
ImagePath=system32\DRIVERS\monitor.sys - this reference has been left in place
----------
Key=mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=system32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=MountMgr
ImagePath=System32\drivers\mountmgr.sys - this reference has been left in place
----------
Key=mpio
ImagePath=\SystemRoot\system32\drivers\mpio.sys - this reference has been left in place
----------
Key=mpsdrv
ImagePath=System32\drivers\mpsdrv.sys - this reference has been left in place
----------
Key=Mraid35x
ImagePath=\SystemRoot\system32\drivers\mraid35x.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=\SystemRoot\system32\drivers\mrxdav.sys - this reference has been left in place
----------
Key=mrxsmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=mrxsmb10
ImagePath=system32\DRIVERS\mrxsmb10.sys - this reference has been left in place
----------
Key=mrxsmb20
ImagePath=system32\DRIVERS\mrxsmb20.sys - this reference has been left in place
----------
Key=msahci
ImagePath=\SystemRoot\system32\drivers\msahci.sys - this reference has been left in place
----------
Key=msdsm
ImagePath=\SystemRoot\system32\drivers\msdsm.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=%SystemRoot%\System32\msdtc.exe - this reference has been left in place
----------
Key=msisadrv
ImagePath=system32\drivers\msisadrv.sys - this reference has been left in place
----------
Key=msiserver
ImagePath=%systemroot%\system32\msiexec /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=MSTEE
ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
----------
Key=Mup
ImagePath=System32\Drivers\mup.sys - this reference has been left in place
----------
Key=MyWebSearchService
ImagePath=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe - this reference has been left in place
----------
Key=NativeWifiP
ImagePath=system32\DRIVERS\nwifi.sys - this reference has been left in place
----------
Key=NAVENG
ImagePath=\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVENG.SYS - this reference has been left in place
----------
Key=NAVEX15
ImagePath=\??\C:\PROGRA~2\Symantec\DEFINI~1\VIRUSD~1\20061106.064\NAVEX15.SYS - this reference has been left in place
----------
Key=NDIS
ImagePath=system32\drivers\ndis.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=netbt
ImagePath=System32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=Netlogon
ImagePath=%systemroot%\system32\lsass.exe - this reference has been left in place
----------
Key=nfrd960
ImagePath=\SystemRoot\system32\drivers\nfrd960.sys - this reference has been left in place
----------
Key=Nokia USB Generic
ImagePath=system32\drivers\nmwcdc.sys - this reference has been left in place
----------
Key=Nokia USB Modem
ImagePath=system32\drivers\nmwcdcm.sys - this reference has been left in place
----------
Key=Nokia USB Phone Parent
ImagePath=system32\drivers\nmwcd.sys - this reference has been left in place
----------
Key=nsiproxy
ImagePath=system32\drivers\nsiproxy.sys - this reference has been left in place
----------
Key=ntrigdigi
ImagePath=\SystemRoot\system32\drivers\ntrigdigi.sys - this reference has been left in place
----------
Key=nvlddmkm
ImagePath=system32\DRIVERS\nvlddmkm.sys - this reference has been left in place
----------
Key=nvraid
ImagePath=\SystemRoot\system32\drivers\nvraid.sys - this reference has been left in place
----------
Key=nvstor
ImagePath=\SystemRoot\system32\drivers\nvstor.sys - this reference has been left in place
----------
Key=nv_agp
ImagePath=\SystemRoot\system32\drivers\nv_agp.sys - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key=NwlnkFwd
ImagePath=system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key=odserv
ImagePath="C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" - this reference has been left in place
----------
Key=ohci1394
ImagePath=system32\DRIVERS\ohci1394.sys - this reference has been left in place
----------
Key=ose
ImagePath="C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" - this reference has been left in place
----------
Key=Parport
ImagePath=\SystemRoot\system32\drivers\parport.sys - this reference has been left in place
----------
Key=partmgr
ImagePath=System32\drivers\partmgr.sys - this reference has been left in place
----------
Key=Parvdm
ImagePath=\SystemRoot\system32\drivers\parvdm.sys - this reference has been left in place
----------
Key=pci
ImagePath=system32\drivers\pci.sys - this reference has been left in place
----------
Key=pciide
ImagePath=\SystemRoot\system32\drivers\pciide.sys - this reference has been left in place
----------
Key=pcmcia
ImagePath=\SystemRoot\system32\drivers\pcmcia.sys - this reference has been left in place
----------
Key=PEAUTH
ImagePath=system32\drivers\peauth.sys - this reference has been left in place
----------
Key=Planificateur LiveUpdate automatique
ImagePath="C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" - this reference has been removed [file not found to scan]
----------
Key=PptpMiniport
ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=Processor
ImagePath=\SystemRoot\system32\drivers\processr.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=system32\DRIVERS\pacer.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
----------
Key=ql2300
ImagePath=\SystemRoot\system32\drivers\ql2300.sys - this reference has been left in place
----------
Key=ql40xx
ImagePath=\SystemRoot\system32\drivers\ql40xx.sys - this reference has been left in place
----------
Key=QWAVEdrv
ImagePath=\SystemRoot\system32\drivers\qwavedrv.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=System32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=rdbss
ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=rdpdr
ImagePath=\SystemRoot\system32\drivers\rdpdr.sys - this reference has been left in place
----------
Key=RDPENCDD
ImagePath=system32\drivers\rdpencdd.sys - this reference has been left in place
----------
Key=RoxMediaDB9
ImagePath="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe" - this reference has been left in place
----------
Key=RoxWatch9
ImagePath="C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe" - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
----------
Key=rspndr
ImagePath=system32\DRIVERS\rspndr.sys - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=sbp2port
ImagePath=\SystemRoot\system32\drivers\sbp2port.sys - this reference has been left in place
----------
Key=Serenum
ImagePath=\SystemRoot\system32\drivers\serenum.sys - this reference has been left in place
----------
Key=Serial
ImagePath=\SystemRoot\system32\drivers\serial.sys - this reference has been left in place
----------
Key=sermouse
ImagePath=\SystemRoot\system32\drivers\sermouse.sys - this reference has been left in place
----------
Key=ServiceLayer
ImagePath="C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe" - this reference has been left in place
----------
Key=sffdisk
ImagePath=\SystemRoot\system32\drivers\sffdisk.sys - this reference has been left in place
----------
Key=sffp_mmc
ImagePath=\SystemRoot\system32\drivers\sffp_mmc.sys - this reference has been left in place
----------
Key=sffp_sd
ImagePath=\SystemRoot\system32\drivers\sffp_sd.sys - this reference has been left in place
----------
Key=sfloppy
ImagePath=\SystemRoot\system32\drivers\sfloppy.sys - this reference has been left in place
----------
Key=sisagp
ImagePath=\SystemRoot\system32\drivers\sisagp.sys - this reference has been left in place
----------
Key=SiSRaid2
ImagePath=\SystemRoot\system32\drivers\sisraid2.sys - this reference has been left in place
----------
Key=SiSRaid4
ImagePath=\SystemRoot\system32\drivers\sisraid4.sys - this reference has been left in place
----------
Key=slsvc
ImagePath=%SystemRoot%\system32\SLsvc.exe - this reference has been left in place
----------
Key=Smb
ImagePath=system32\DRIVERS\smb.sys - this reference has been left in place
----------
Key=SNMPTRAP
ImagePath=%SystemRoot%\System32\snmptrap.exe - this reference has been left in place
----------
Key=SPBBCDrv
ImagePath=\??\C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\System32\spoolsv.exe - this reference has been left in place
----------
Key=SRTSP
ImagePath=System32\Drivers\SRTSP.SYS - this reference has been left in place
----------
Key=SRTSPL
ImagePath=System32\Drivers\SRTSPL.SYS - this reference has been left in place
----------
Key=SRTSPX
ImagePath=System32\Drivers\SRTSPX.SYS - this reference has been left in place
----------
Key=srv
ImagePath=System32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=srv2
ImagePath=System32\DRIVERS\srv2.sys - this reference has been left in place
----------
Key=srvnet
ImagePath=System32\DRIVERS\srvnet.sys - this reference has been left in place
----------
Key=stllssvr
ImagePath="C:\Program Files\Common Files\SureThing Shared\stllssvr.exe" - this reference has been left in place
----------
Key=swenum
ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=Symantec Core LC
ImagePath="C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe" - this reference has been left in place
----------
Key=SymAppCore
ImagePath="C:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe" - this reference has been left in place
----------
Key=Symc8xx
ImagePath=\SystemRoot\system32\drivers\symc8xx.sys - this reference has been left in place
----------
Key=SymEvent
ImagePath=\??\C:\Windows\system32\Drivers\SYMEVENT.SYS - this reference has been left in place
----------
Key=Sym_hi
ImagePath=\SystemRoot\system32\drivers\sym_hi.sys - this reference has been left in place
----------
Key=Sym_u3
ImagePath=\SystemRoot\system32\drivers\sym_u3.sys - this reference has been left in place
----------
Key=Tcpip
ImagePath=System32\drivers\tcpip.sys - this reference has been left in place
----------
Key=Tcpip6
ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=tcpipreg
ImagePath=System32\drivers\tcpipreg.sys - this reference has been left in place
----------
Key=TDPIPE
ImagePath=system32\drivers\tdpipe.sys - this reference has been left in place
----------
Key=TDTCP
ImagePath=system32\drivers\tdtcp.sys - this reference has been left in place
----------
Key=tdx
ImagePath=system32\DRIVERS\tdx.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=TrustedInstaller
ImagePath=%SystemRoot%\servicing\TrustedInstaller.exe - this reference has been left in place
----------
Key=tssecsrv
ImagePath=System32\DRIVERS\tssecsrv.sys - this reference has been left in place
----------
Key=tunmp
ImagePath=system32\DRIVERS\tunmp.sys - this reference has been left in place
----------
Key=tunnel
ImagePath=system32\DRIVERS\tunnel.sys - this reference has been left in place
----------
Key=uagp35
ImagePath=\SystemRoot\system32\drivers\uagp35.sys - this reference has been left in place
----------
Key=udfs
ImagePath=system32\DRIVERS\udfs.sys - this reference has been left in place
----------
Key=UI0Detect
ImagePath=%SystemRoot%\system32\UI0Detect.exe - this reference has been left in place
----------
Key=uliagpkx
ImagePath=\SystemRoot\system32\drivers\uliagpkx.sys - this reference has been left in place
----------
Key=uliahci
ImagePath=\SystemRoot\system32\drivers\uliahci.sys - this reference has been left in place
----------
Key=UlSata
ImagePath=\SystemRoot\system32\drivers\ulsata.sys - this reference has been left in place
----------
Key=ulsata2
ImagePath=\SystemRoot\system32\drivers\ulsata2.sys - this reference has been left in place
----------
Key=umbus
ImagePath=system32\DRIVERS\umbus.sys - this reference has been left in place
----------
Key=usbccgp
ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbcir
ImagePath=\SystemRoot\system32\drivers\usbcir.sys - this reference has been left in place
----------
Key=usbehci
ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbohci
ImagePath=\SystemRoot\system32\drivers\usbohci.sys - this reference has been left in place
----------
Key=usbprint
ImagePath=system32\DRIVERS\usbprint.sys - this reference has been left in place
----------
Key=usbscan
ImagePath=system32\DRIVERS\usbscan.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usbuhci
ImagePath=system32\DRIVERS\usbuhci.sys - this reference has been left in place
----------
Key=usnjsvc
ImagePath="C:\Program Files\MSN Messenger\usnsvc.exe" - this reference has been left in place
----------
Key=vds
ImagePath=%SystemRoot%\System32\vds.exe - this reference has been left in place
----------
Key=vga
ImagePath=system32\DRIVERS\vgapnp.sys - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=viaagp
ImagePath=\SystemRoot\system32\drivers\viaagp.sys - this reference has been left in place
----------
Key=ViaC7
ImagePath=\SystemRoot\system32\drivers\viac7.sys - this reference has been left in place
----------
Key=viaide
ImagePath=system32\drivers\viaide.sys - this reference has been left in place
----------
Key=volmgr
ImagePath=system32\drivers\volmgr.sys - this reference has been left in place
----------
Key=volmgrx
ImagePath=System32\drivers\volmgrx.sys - this reference has been left in place
----------
Key=volsnap
ImagePath=system32\drivers\volsnap.sys - this reference has been left in place
----------
Key=vsmraid
ImagePath=\SystemRoot\system32\drivers\vsmraid.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%systemroot%\system32\vssvc.exe - this reference has been left in place
----------
Key=WacomPen
ImagePath=\SystemRoot\system32\drivers\wacompen.sys - this reference has been left in place
----------
Key=Wanarp
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=Wanarpv6
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wanatw
ImagePath=system32\DRIVERS\wanatw4.sys - this reference has been left in place
----------
Key=Wd
ImagePath=\SystemRoot\system32\drivers\wd.sys - this reference has been left in place
----------
Key=Wdf01000
ImagePath=system32\drivers\Wdf01000.sys - this reference has been left in place
----------
Key=WmiAcpi
ImagePath=\SystemRoot\system32\drivers\wmiacpi.sys - this reference has been left in place
----------
Key=wmiApSrv
ImagePath=%systemroot%\system32\wbem\WmiApSrv.exe - this reference has been left in place
----------
Key=WMPNetworkSvc
ImagePath="%ProgramFiles%\Windows Media Player\wmpnetwk.exe" - this reference has been left in place
----------
Key=ws2ifsl
ImagePath=\SystemRoot\system32\drivers\ws2ifsl.sys - this reference has been left in place
----------
Key=WSearch
ImagePath=%systemroot%\system32\SearchIndexer.exe /Embedding - this reference has been left in place
----------
Key=WUDFRd
ImagePath=system32\DRIVERS\WUDFRd.sys - this reference has been left in place
----------

**************************************************
13:09:29: Scanning -----VXD ENTRIES-----
Checking VMM32 VxD files being loaded

**************************************************
13:09:29: Scanning ----- WINLOGON\NOTIFY DLLS -----
No WINLOGON\NOTIFY DLLs found to scan

**************************************************
13:09:29: Scanning ----- CONTEXTMENUHANDLERS -----
Key = avast
CLSID = {472083B0-C522-11CF-8763-00608CC02F24}
C:\Program Files\Alwil Software\Avast4\ashShell.dll - this ContextMenuHandler has been left in place
----------
Key = BriefcaseMenu
CLSID = {85BBD920-42A0-1069-A2E4-08002B30309D}
syncui.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\shell32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\shell32.dll - this ContextMenuHandler has been left in place
----------
Key = QuickZipContextMenu
CLSID = {1FF79B4E-B05E-4E23-9473-ADB8A731097F}
C:\PROGRA~1\OFFICE~1\OFC19B~1\OOQUIC~1.DLL - this ContextMenuHandler has been left in place
----------
Key = Sharing
CLSID = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
ntshrui.dll - this ContextMenuHandler has been left in place
----------
Key = sxContextMenu
CLSID = {3BB69D52-8B5B-48B3-93D8-A719BB290FCA}
C:\PROGRA~1\OFFICE~1\OF6AB8~1\OOSAFE~1.DLL - this ContextMenuHandler has been left in place
----------
Key = Symantec.Norton.Antivirus.IEContextMenu
CLSID = {FAD61B3D-699D-49B2-BE16-7F82CB4C59CA}
C:\PROGRA~1\NORTON~1\NORTON~1\NavShExt.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\shell32.dll - this ContextMenuHandler has been left in place
----------

**************************************************
13:09:30: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}
"C:\Program Files\OFFICE One 7.0\program\shlxthdl.dll" - this Folder\ColumnHandler has been left in place
----------
Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
----------

**************************************************
13:09:30: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {00A6FAF1-072E-44cf-8957-5838F569A31D}
C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL - this Browser Helper Object has been left in place
----------
Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place
----------
Key = {07B18EA1-A523-4961-B6BB-170DE4475CCA}
C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL - this Browser Helper Object has been left in place
----------
Key = {1E8A6170-7264-4D0F-BEAE-D42A53123C75}
C:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll - this Browser Helper Object has been left in place
----------
Key = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll - this Browser Helper Object has been left in place
----------
Key = {AA58ED58-01DD-4d91-8333-CF10577473F7}
c:\program files\google\googletoolbar2.dll - this Browser Helper Object has been left in place
----------

**************************************************
13:09:31: Scanning ----- SHELLSERVICEOBJECTS -----
Key = WebCheck
CLSID = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
C:\Windows\system32\webcheck.dll - this ShellServiceObject has been left in place
----------

**************************************************
13:09:31: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment = Component Categories cache daemon
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------

**************************************************
13:09:31: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
13:09:31: Scanning ----- APPINIT_DLLS -----
The AppInit_DLLs value is blank

**************************************************
13:09:31: Scanning ----- SECURITY PROVIDER DLLS -----
credssp.dll - this entry has been left in place
----------

**************************************************
13:09:31: Scanning ------ COMMON STARTUP GROUP ------
[C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup]
The Common Startup Group attempts to load the following file(s) at boot time:
Adobe Reader Synchronizer.lnk - this links to C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe and has been left in place
--------------------
desktop.ini - this file has been left in place
--------------------
Lancement rapide d'Adobe Reader.lnk - this links to C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe and has been left in place
--------------------
NETGEAR WG111T Smart Wizard.lnk - this links to C:\Program Files\NETGEAR\WG111T\wlan111t.exe and has been left in place
--------------------
OFFICE One Startup v7.lnk - this links to C:\Program Files\OFFICE One v7\OFFICE One Startup v7\oostartupv7.exe and has been left in place
--------------------

**************************************************
No User Startup Groups were located to check

**************************************************
13:09:31: Scanning ----- SCHEDULED TASKS -----
Taskname: Extension de garantie.job
File: C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe
Parameters: [blank]
Next Run Time: 18/11/2007 13:30:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: Lïlye
Comments: [blank]
C:\Program Files\Packard Bell\SetupmyPC\PBCarNot.exe - this entry has been left in place
----------
Taskname: User_Feed_Synchronization-{B4D55826-52F7-4C23-B20E-90D9000D89DD}.job
File: C:\Windows\system32\msfeedssync.exe
Parameters: sync
Next Run Time: 18/11/2007 15:36:00
Status: La tâche est prête à s'exécute
0
Réponse 3 / 4
lilye
 
Non pas du tout, rien n'a changé pour word, toujours bien entre 3 et 5 Minutes l'ouverture :(
0
Réponse 4 / 4
alain idf
 
Ce problème a-t-il été résolu ?

Une piste c'est le service layer de PC suite de nokia. Pour vérifier il suffit de decocher dans PC suite (file) le champ lançant le process au démarrage. Les infos en anglais:

http://discussions.europe.nokia.com/discussions/board/message?board.id=pcsuite&message.id=24660
0