Se connecter / S'enregistrer
Votre question

Problèmes avec des trojan résolu

Tags :
  • Trojan
  • Sécurité
Dernière réponse : dans Sécurité et virus
1 Août 2007 15:22:27

Bonjour à tous
Depuis quelque temps j'ai de sérieux problèmes avec des trojan à commencer par Trojan.vundo. je me débrouille pas mal en info mais là je coince, j'ai Norton internet sécurity qui marche trés bien mais qui me donnes des messages intempestifs d'infection de trojan dont certains sont éffacés et d'autres Impossible à supprimer; J'ai utilisé Vundo.fix et d'autres mais j'ai toujours des tentatives' j'ai désactivé la restauration du système aussi. Voici mon rapport Hijack et merci d'avance pour vos conseils:
Scan saved at 15:00:25, on 01/08/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16473)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Norton Internet Security\ISSVC.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
c:\APPS\HIDSERVICE\HIDSERVICE.exe
C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLService.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\APPS\Powercinema\Kernel\TV\CLSched.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\inKline Global\PC Booster\PCBooster.exe
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Shareaza\Shareaza.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe
C:\Program Files\Spyware Doctor\swdoctor.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\MySpace\IM\MySpaceIM.exe
D:\Documents and Settings\badou\Bureau\HiJackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://format.packardbell.com/cgi-bin/redirect/?country...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://msn.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Packard Bell
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Norton Internet Security - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O2 - BHO: NAV Helper - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: TrendProtect - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O2 - BHO: (no name) - {eca7d618-872e-434e-a2f9-7caa4f0e83a5} - C:\WINDOWS\system32\aut81k.dll (file missing)
O3 - Toolbar: Norton Internet Security - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: TrendProtect - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [PC Booster] C:\Program Files\inKline Global\PC Booster\PCBooster.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec NetDriver Monitor] C:\PROGRA~1\SymNetDrv\SNDMon.exe /Consumer
O4 - HKLM\..\Run: [H2O] C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [LXBYCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16
O4 - HKCU\..\Run: [Shareaza] "C:\Program Files\Shareaza\Shareaza.exe" -tray
O4 - HKCU\..\Run: [TClockEx] C:\Program Files\TClockEx\TCLOCKEX.EXE
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [IE Privacy Keeper] "C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Spyware Doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-20\..\RunOnce: [NeroHomeFirstStart] C:\Program Files\Fichiers communs\Ahead\Lib\NMFirstStart.exe (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=file://C:\APPS\IE\offline\fr.htm
O16 - DPF: {1EF9F042-C2EB-4293-8213-474CAEEF531D} (TmHcmsX Control) - http://www.trendsecure.com/framework/control/en-US/acti...
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} - http://config.zebulon.fr/plugins/hardwaredetection.cab
O18 - Protocol: trendprotect - {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll
O20 - AppInit_DLLs: c:\windows\system32\mljghij.dll
O20 - Winlogon Notify: aut81k - aut81k.dll (file missing)
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - c:\APPS\Powercinema\Kernel\TV\CLSched.exe
O23 - Service: CyberLink Media Library Service - Cyberlink - C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe
O23 - Service: Generic Service for HID Keyboard Input Collections (GenericHidService) - Unknown owner - c:\APPS\HIDSERVICE\HIDSERVICE.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Unknown owner - C:\Program Files\iPod\bin\iPodService.exe (file missing)
O23 - Service: ISSvc (ISSVC) - Symantec Corporation - C:\Program Files\Norton Internet Security\ISSVC.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_0.EXE
O23 - Service: lxby_device - Lexmark International, Inc. - C:\WINDOWS\system32\lxbycoms.exe
O23 - Service: Norton AntiVirus Auto-Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Roxio UPnP Renderer 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUPnPRenderer9.exe
O23 - Service: Roxio Upnp Server 9 - Sonic Solutions - C:\Program Files\Fichiers communs\Sonic Shared\RoxioUpnpService9.exe
O23 - Service: LiveShare P2P Server 9 (RoxLiveShare9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\FICHIE~1\SYMANT~1\Script Blocking\SBServ.exe
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe

--
End of file - 13022 bytes

Autres pages sur : problemes trojan resolu

1 Août 2007 16:37:47

au fait probleme réglé grace à TROJAN REMOVER et je conseille à tous ceux qui ont des blèmes de trojan non resolus avec vundo et norton de l'utiliser il règle apparemment le probleme même dans saversion shareware 30 jours d'essai
voici le rapport
***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
2007-08-01 16:31:17: Trojan Remover has been restarted
The AppInitDLLs Registry entry has been reset
c:\windows\system32\mljghij.dll has been renamed to c:\windows\system32\mljghij.dll.ren
2007-08-01 16:31:17: Trojan Remover closed
************************************************************


***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.1.2483. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 2007-08-01 16:24:39
Using Database v6836
Operating System: Windows XP Home Edition Service Pack 2 (Build 2600)
Using data directory: D:\Documents and Settings\badou\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: D:\Documents and Settings\badou\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Running with Administrator privileges


**************************************************
The following Anti-Malware program(s) are loaded:
Nortons Anti-Virus
Spyware Doctor

**************************************************

Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

**************************************************
16:24:39: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

**************************************************
16:24:39: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

**************************************************
16:24:39: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
16:24:40: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
D:\Documents and Settings\All Users\Application Data\TuneUp Software\TuneUp Utilities\WinStyler\tu_logonui.exe - this entry has been left in place
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = PC Booster
Value Data = C:\Program Files\inKline Global\PC Booster\PCBooster.exe - this command has been left in place
--------------------
Value Name = ccApp
Value Data = C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe - this command has been left in place
--------------------
Value Name = Symantec NetDriver Monitor
Value Data = C:\PROGRA~1\SymNetDrv\SNDMon.exe /Consumer - this command has been left in place
--------------------
Value Name = H2O
Value Data = C:\Program Files\SyncroSoft\Pos\H2O\cledx.exe - this command has been left in place
--------------------
Value Name = SoundMan
Value Data = SOUNDMAN.EXE - this command has been left in place
--------------------
Value Name = LXBYCATS
Value Data = rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBYtime.dll,_RunDLLEntry@16 - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = Shareaza
Value Data = C:\Program Files\Shareaza\Shareaza.exe" -tray - this command has been left in place
--------------------
Value Name = TClockEx
Value Data = C:\Program Files\TClockEx\TCLOCKEX.EXE - this command has been left in place
--------------------
Value Name = ctfmon.exe
Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
--------------------
Value Name = swg
Value Data = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - this command has been left in place
--------------------
Value Name = IE Privacy Keeper
Value Data = C:\Program Files\UnH Solutions\IE Privacy Keeper\IEPrivacyKeeper.exe" -startup - this command has been left in place
--------------------
Value Name = Spyware Doctor
Value Data = C:\Program Files\Spyware Doctor\swdoctor.exe" /Q - this command has been left in place
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run
This Registry Key appears to be empty

**************************************************
16:24:43: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

**************************************************
16:24:43: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
16:24:43: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver=C:\WINDOWS\system32\ssmypics.scr - this command has been left in place
--------------------

**************************************************
16:24:43: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
StubPath=C:\WINDOWS\system32\ieudinit.exe - this reference has been left in place
----------
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place [file not found to scan]
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place [file not found to scan]
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------

**************************************************
16:24:45: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this file is globally excluded (file cannot be found)
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this reference has been left in place
--------------------
Key=HTTPFilter
ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\system32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=UxTuneUp
ServiceDLL=%SystemRoot%\System32\uxtuneup.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\system32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSN
ServiceDLL=C:\WINDOWS\system32\MsPMSNSv.dll - this reference has been left in place
--------------------
Key=wscsvc
ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\WINDOWS\system32\wuauserv.dll - this reference has been left in place
--------------------
Key=WudfSvc
ServiceDLL=%SystemRoot%\System32\WUDFSvc.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
--------------------
Key=xmlprov
ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place

**************************************************
16:24:50: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=abp480n5
ImagePath=system32\DRIVERS\ABP480N5.SYS - this reference has been left in place
----------
Key=ACPI
ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=Ad-Watch Connect Filter
ImagePath=\??\C:\WINDOWS\system32\drivers\NSDriver.sys - this reference has been removed [file not found to scan]
----------
Key=Ad-Watch Real-Time Scanner
ImagePath=\??\C:\WINDOWS\system32\drivers\AWRTPD.sys - this reference has been removed [file not found to scan]
----------
Key=Ad-Watch Registry Filter
ImagePath=\??\C:\WINDOWS\system32\drivers\AWRTRD.sys - this reference has been removed [file not found to scan]
----------
Key=adpu160m
ImagePath=system32\DRIVERS\adpu160m.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=agp440
ImagePath=system32\DRIVERS\agp440.sys - this reference has been left in place
----------
Key=agpCPQ
ImagePath=system32\DRIVERS\agpCPQ.sys - this reference has been left in place
----------
Key=Aha154x
ImagePath=system32\DRIVERS\aha154x.sys - this reference has been left in place
----------
Key=aic78u2
ImagePath=system32\DRIVERS\aic78u2.sys - this reference has been left in place
----------
Key=aic78xx
ImagePath=system32\DRIVERS\aic78xx.sys - this reference has been left in place
----------
Key=ALCXWDM
ImagePath=system32\drivers\ALCXWDM.SYS - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=AliIde
ImagePath=system32\DRIVERS\aliide.sys - this reference has been left in place
----------
Key=alim1541
ImagePath=system32\DRIVERS\alim1541.sys - this reference has been left in place
----------
Key=amdagp
ImagePath=system32\DRIVERS\amdagp.sys - this reference has been left in place
----------
Key=AmdK8
ImagePath=system32\DRIVERS\AmdK8.sys - this reference has been left in place
----------
Key=amsint
ImagePath=system32\DRIVERS\amsint.sys - this reference has been left in place
----------
Key=Arp1394
ImagePath=system32\DRIVERS\arp1394.sys - this reference has been left in place
----------
Key=asc
ImagePath=system32\DRIVERS\asc.sys - this reference has been left in place
----------
Key=asc3350p
ImagePath=system32\DRIVERS\asc3350p.sys - this reference has been left in place
----------
Key=asc3550
ImagePath=system32\DRIVERS\asc3550.sys - this reference has been left in place
----------
Key=aspnet_state
ImagePath=%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - this reference has been left in place
----------
Key=AsyncMac
ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Ati HotKey Poller
ImagePath=%SystemRoot%\system32\Ati2evxx.exe - this reference has been left in place
----------
Key=ati2mtag
ImagePath=system32\DRIVERS\ati2mtag.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=Automatic LiveUpdate Scheduler
ImagePath="C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" - this reference has been left in place
----------
Key=cbidf
ImagePath=system32\DRIVERS\cbidf2k.sys - this reference has been left in place
----------
Key=ccEvtMgr
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe" - this reference has been left in place
----------
Key=ccProxy
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe" - this reference has been left in place
----------
Key=ccPwdSvc
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\ccPwdSvc.exe" - this reference has been left in place
----------
Key=ccSetMgr
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe" - this reference has been left in place
----------
Key=cd20xrnt
ImagePath=system32\DRIVERS\cd20xrnt.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=CiSvc
ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
----------
Key=CLCapSvc
ImagePath="c:\APPS\Powercinema\Kernel\TV\CLCapSvc.exe" - this reference has been left in place
----------
Key=CLEDX
ImagePath=system32\DRIVERS\cledx.sys - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=clr_optimization_v2.0.50727_32
ImagePath=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - this reference has been left in place
----------
Key=CLSched
ImagePath="c:\APPS\Powercinema\Kernel\TV\CLSched.exe" - this reference has been left in place
----------
Key=CmdIde
ImagePath=system32\DRIVERS\cmdide.sys - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=CO_Mon
ImagePath=\??\C:\WINDOWS\system32\Drivers\CO_Mon.sys - this reference has been left in place
----------
Key=Cpqarray
ImagePath=system32\DRIVERS\cpqarray.sys - this reference has been left in place
----------
Key=CyberLink Media Library Service
ImagePath="C:\Program Files\CyberLink\Shared Files\CLML_NTService\CLMLServer.exe" - this reference has been left in place
----------
Key=dac2w2k
ImagePath=system32\DRIVERS\dac2w2k.sys - this reference has been left in place
----------
Key=dac960nt
ImagePath=system32\DRIVERS\dac960nt.sys - this reference has been left in place
----------
Key=Disk
ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=DLABMFSM
ImagePath=System32\DLA\DLABMFSM.SYS - this reference has been left in place
----------
Key=DLABOIOM
ImagePath=System32\DLA\DLABOIOM.SYS - this reference has been left in place
----------
Key=DLACDBHM
ImagePath=System32\Drivers\DLACDBHM.SYS - this reference has been left in place
----------
Key=DLADResM
ImagePath=System32\DLA\DLADResM.SYS - this reference has been left in place
----------
Key=DLAIFS_M
ImagePath=System32\DLA\DLAIFS_M.SYS - this reference has been left in place
----------
Key=DLAOPIOM
ImagePath=System32\DLA\DLAOPIOM.SYS - this reference has been left in place
----------
Key=DLAPoolM
ImagePath=System32\DLA\DLAPoolM.SYS - this reference has been left in place
----------
Key=DLARTL_M
ImagePath=System32\Drivers\DLARTL_M.SYS - this reference has been left in place
----------
Key=DLAUDFAM
ImagePath=System32\DLA\DLAUDFAM.SYS - this reference has been left in place
----------
Key=DLAUDF_M
ImagePath=System32\DLA\DLAUDF_M.SYS - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=dpti2o
ImagePath=system32\DRIVERS\dpti2o.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=drvmcdb
ImagePath=system32\drivers\drvmcdb.sys - this reference has been left in place
----------
Key=DRVNDDM
ImagePath=System32\Drivers\DRVNDDM.SYS - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=Fdc
ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=Flpydisk
ImagePath=system32\DRIVERS\flpydisk.sys - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place
----------
Key=Ftdisk
ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=GenericHidService
ImagePath=c:\APPS\HIDSERVICE\HIDSERVICE.exe - this reference has been left in place
----------
Key=Gpc
ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=gusvc
ImagePath="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
----------
Key=HidUsb
ImagePath=system32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=hpn
ImagePath=system32\DRIVERS\hpn.sys - this reference has been left in place
----------
Key=HTTP
ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
----------
Key=i2omp
ImagePath=system32\DRIVERS\i2omp.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=IDriverT
ImagePath="C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe" - this reference has been left in place
----------
Key=Imapi
ImagePath=system32\DRIVERS\imapi.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\system32\imapi.exe - this reference has been left in place
----------
Key=InCDfs
ImagePath=system32\drivers\InCDFs.sys - this reference has been left in place
----------
Key=InCDPass
ImagePath=system32\drivers\InCDPass.sys - this reference has been left in place
----------
Key=incdrm
ImagePath=system32\drivers\InCDRm.sys - this reference has been left in place
----------
Key=InCDsrv
ImagePath=C:\Program Files\Nero\Nero 7\InCD\InCDsrv.exe - this reference has been left in place
----------
Key=ini910u
ImagePath=system32\DRIVERS\ini910u.sys - this reference has been left in place
----------
Key=IntelIde
ImagePath=system32\DRIVERS\intelide.sys - this reference has been left in place
----------
Key=Ip6Fw
ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=iPod Service
ImagePath="C:\Program Files\iPod\bin\iPodService.exe" - this reference has been removed [file not found to scan]
----------
Key=IPSec
ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=ISSVC
ImagePath="C:\Program Files\Norton Internet Security\ISSVC.exe" - this reference has been left in place
----------
Key=Kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kbdhid
ImagePath=system32\DRIVERS\kbdhid.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=LiveUpdate
ImagePath="C:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_0.EXE" - this reference has been left in place
----------
Key=lxby_device
ImagePath=C:\WINDOWS\system32\lxbycoms.exe -service - this reference has been left in place
----------
Key=mchInjDrv
ImagePath=\??\C:\WINDOWS\TEMP\mc28.tmp - this file is globally excluded (MadCodeHook)
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place
----------
Key=Mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=system32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=mraid35x
ImagePath=system32\DRIVERS\mraid35x.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=navapsvc
ImagePath="C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe" - this reference has been left in place
----------
Key=NAVENG
ImagePath=\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VirusDefs\20070725.023\NAVENG.Sys - this reference has been left in place
----------
Key=NAVEX15
ImagePath=\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VirusDefs\20070725.023\NavEx15.Sys - this reference has been left in place
----------
Key=NBService
ImagePath=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe - this reference has been left in place
----------
Key=NdisTapi
ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=system32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NIC1394
ImagePath=system32\DRIVERS\nic1394.sys - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=system32\DRIVERS\nwlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=system32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
----------
Key=ohci1394
ImagePath=system32\DRIVERS\ohci1394.sys - this reference has been left in place
----------
Key=Parport
ImagePath=system32\DRIVERS\parport.sys - this reference has been left in place
----------
Key=PCI
ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=PCIIde
ImagePath=system32\DRIVERS\pciide.sys - this reference has been left in place
----------
Key=perc2
ImagePath=system32\DRIVERS\perc2.sys - this reference has been left in place
----------
Key=perc2hib
ImagePath=system32\DRIVERS\perc2hib.sys - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=Processor
ImagePath=system32\DRIVERS\processr.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
----------
Key=ql1080
ImagePath=system32\DRIVERS\ql1080.sys - this reference has been left in place
----------
Key=Ql10wnt
ImagePath=system32\DRIVERS\ql10wnt.sys - this reference has been left in place
----------
Key=ql12160
ImagePath=system32\DRIVERS\ql12160.sys - this reference has been left in place
----------
Key=ql1240
ImagePath=system32\DRIVERS\ql1240.sys - this reference has been left in place
----------
Key=ql1280
ImagePath=system32\DRIVERS\ql1280.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=system32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=system32\DRIVERS\raspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=rdpdr
ImagePath=system32\DRIVERS\rdpdr.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=system32\DRIVERS\redbook.sys - this reference has been left in place
----------
Key=Roxio UPnP Renderer 9
ImagePath="C:\Program Files\Fichiers communs\Sonic Shared\RoxioUPnPRenderer9.exe" - this reference has been left in place
----------
Key=Roxio Upnp Server 9
ImagePath="C:\Program Files\Fichiers communs\Sonic Shared\RoxioUpnpService9.exe" - this reference has been left in place
----------
Key=RoxLiveShare9
ImagePath="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxLiveShare9.exe" - this reference has been left in place
----------
Key=RoxMediaDB9
ImagePath="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe" - this reference has been left in place
----------
Key=RoxWatch9
ImagePath="C:\Program Files\Fichiers communs\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe" - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\system32\rsvp.exe - this reference has been left in place
----------
Key=RTL8023xp
ImagePath=system32\DRIVERS\Rtnicxp.sys - this reference has been left in place
----------
Key=RxFilter
ImagePath=system32\DRIVERS\RxFilter.sys - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SAVRT
ImagePath=\??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS - this reference has been left in place
----------
Key=SAVRTPEL
ImagePath=\??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS - this reference has been left in place
----------
Key=SAVScan
ImagePath="C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe" - this reference has been left in place
----------
Key=SBService
ImagePath=C:\PROGRA~1\FICHIE~1\SYMANT~1\Script Blocking\SBServ.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=SDhelper
ImagePath=C:\Program Files\Spyware Doctor\sdhelp.exe - this reference has been left in place
----------
Key=Secdrv
ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=Serenum
ImagePath=system32\DRIVERS\serenum.sys - this reference has been left in place
----------
Key=Serial
ImagePath=system32\DRIVERS\serial.sys - this reference has been left in place
----------
Key=sisagp
ImagePath=system32\DRIVERS\sisagp.sys - this reference has been left in place
----------
Key=SNDSrvc
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe" - this reference has been left in place
----------
Key=SNMP
ImagePath=%SystemRoot%\System32\snmp.exe - this reference has been left in place
----------
Key=SNMPTRAP
ImagePath=%SystemRoot%\System32\snmptrap.exe - this reference has been left in place
----------
Key=Sparrow
ImagePath=system32\DRIVERS\sparrow.sys - this reference has been left in place
----------
Key=SPBBCDrv
ImagePath=\??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys - this reference has been left in place
----------
Key=SPBBCSvc
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe" - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=sr
ImagePath=\SystemRoot\system32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=Srv
ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=stllssvr
ImagePath="C:\Program Files\Fichiers communs\SureThing Shared\stllssvr.exe" - this reference has been left in place
----------
Key=swenum
ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{4F20079B-9003-46EB-AFC3-0037ECFBBC7A} - this reference has been left in place
----------
Key=Symantec Core LC
ImagePath=C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe - this reference has been left in place
----------
Key=symc810
ImagePath=system32\DRIVERS\symc810.sys - this reference has been left in place
----------
Key=symc8xx
ImagePath=system32\DRIVERS\symc8xx.sys - this reference has been left in place
----------
Key=SYMDNS
ImagePath=\SystemRoot\System32\Drivers\SYMDNS.SYS - this reference has been left in place
----------
Key=SymEvent
ImagePath=\??\C:\Program Files\Symantec\SYMEVENT.SYS - this reference has been left in place
----------
Key=SYMFW
ImagePath=\SystemRoot\System32\Drivers\SYMFW.SYS - this reference has been left in place
----------
Key=SYMIDS
ImagePath=\SystemRoot\System32\Drivers\SYMIDS.SYS - this reference has been left in place
----------
Key=SYMIDSCO
ImagePath=\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20070724.001\symidsco.sys - this reference has been left in place
----------
Key=symlcbrd
ImagePath=\??\C:\WINDOWS\system32\drivers\symlcbrd.sys - this reference has been left in place
----------
Key=SYMNDIS
ImagePath=\SystemRoot\System32\Drivers\SYMNDIS.SYS - this reference has been left in place
----------
Key=SYMREDRV
ImagePath=\SystemRoot\System32\Drivers\SYMREDRV.SYS - this reference has been left in place
----------
Key=SYMTDI
ImagePath=\SystemRoot\System32\Drivers\SYMTDI.SYS - this reference has been left in place
----------
Key=sym_hi
ImagePath=system32\DRIVERS\sym_hi.sys - this reference has been left in place
----------
Key=sym_u3
ImagePath=system32\DRIVERS\sym_u3.sys - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=Tcpip
ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=TosIde
ImagePath=system32\DRIVERS\toside.sys - this reference has been left in place
----------
Key=ultra
ImagePath=system32\DRIVERS\ultra.sys - this reference has been left in place
----------
Key=Update
ImagePath=system32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbccgp
ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbehci
ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbohci
ImagePath=system32\DRIVERS\usbohci.sys - this reference has been left in place
----------
Key=usbprint
ImagePath=system32\DRIVERS\usbprint.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usnjsvc
ImagePath="C:\Program Files\Windows Live\Messenger\usnsvc.exe" - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=viaagp
ImagePath=system32\DRIVERS\viaagp.sys - this reference has been left in place
----------
Key=ViaIde
ImagePath=system32\DRIVERS\viaide.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=Wanarp
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wanatw
ImagePath=system32\DRIVERS\wanatw4.sys - this reference has been removed [file not found to scan]
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=WLSetupSvc
ImagePath="C:\Program Files\Windows Live\installer\WLSetupSvc.exe" - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place
----------
Key=WMPNetworkSvc
ImagePath="C:\Program Files\Windows Media Player\WMPNetwk.exe" - this reference has been left in place
----------
Key=WS2IFSL
ImagePath=\SystemRoot\System32\drivers\ws2ifsl.sys - this reference has been left in place
----------
Key=WudfPf
ImagePath=system32\DRIVERS\WudfPf.sys - this reference has been left in place
----------
Key=WudfRd
ImagePath=system32\DRIVERS\wudfrd.sys - this reference has been left in place
----------

**************************************************
16:26:04: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
Checking VMM32 VxD files being loaded

**************************************************
16:26:04: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=AtiExtEvent
DLLName=Ati2evxx.dll - this reference has been left in place
----------
Key=aut81k
DLLName=aut81k.dll - this call has been removed [file not found to scan]
----------
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=WgaLogon
DLLName=WgaLogon.dll - this reference has been left in place
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------

**************************************************
16:26:14: Scanning ----- CONTEXTMENUHANDLERS -----
Key = Fichiers hors connexion
CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
%SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = RXDCExtSvr
CLSID = {0FB82570-BB2D-23D3-8D3B-AC2F34F1FA3C}
C:\Program Files\Roxio\Virtual Drive 9\DC_ShellExt.dll - this ContextMenuHandler has been left in place
----------
Key = Symantec.Norton.Antivirus.IEContextMenu
CLSID = {5345A4D5-41EB-4A2F-9616-CE1D4F6C35B2}
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\Trojan Remover\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = TuneUp Shredder Shell Extension
CLSID = {4858E7D9-8E12-45a3-B6A3-1CD128C9D403}
C:\Program Files\TuneUp Utilities 2007\SDShelEx-win32.dll - this ContextMenuHandler has been left in place
----------
Key = WinRAR
CLSID = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
C:\Program Files\WinRAR\rarext.dll - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
C:\Program Files\Nero\Nero 7\Nero BackItUp\NBShell.dll - this ContextMenuHandler has been left in place
----------

**************************************************
16:26:15: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {7D4D6379-F301-4311-BEBA-E26EB0561882}
C:\Program Files\Fichiers communs\Ahead\Lib\NeroDigitalExt.dll - this Folder\ColumnHandler has been left in place
----------
Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
----------

**************************************************
16:26:16: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place
----------
Key = {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB}
C:\PROGRA~1\Spyware Doctor\tools\iesdsg.dll - this Browser Helper Object has been left in place
----------
Key = {9030D464-4C02-4ABF-8ECC-5164760863C6}
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - this Browser Helper Object has been left in place
----------
Key = {9ECB9560-04F9-4bbc-943D-298DDF1699E1}
C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll - this Browser Helper Object has been left in place
----------
Key = {AA58ED58-01DD-4d91-8333-CF10577473F7}
c:\program files\google\googletoolbar2.dll - this Browser Helper Object has been left in place
----------
Key = {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.5672\swg.dll - this Browser Helper Object has been left in place
----------
Key = {B56A7D7D-6927-48C8-A975-17DF180C71AC}
C:\PROGRA~1\Spyware Doctor\tools\iesdpb.dll - this Browser Helper Object has been left in place
----------
Key = {BDF3E430-B101-42AD-A544-FADC6B084872}
C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll - this Browser Helper Object has been left in place
----------
Key = {E3578B37-6346-4EC1-A82B-38273A100DCF}
C:\Program Files\Trend Micro\TrendProtect\MSIE\wrs.dll - this Browser Helper Object has been left in place
----------
C:\WINDOWS\system32\aut81k.dll - this Browser Helper Object was being loaded by the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{eca7d618-872e-434e-a2f9-7caa4f0e83a5} - this key has been removed [file not found to scan]
C:\WINDOWS\system32\aut81k.dll - this Browser Helper Object was referenced by the following key:
HKEY_CLASSES_ROOT\CLSID\{eca7d618-872e-434e-a2f9-7caa4f0e83a5} - this key has been removed
----------

**************************************************
16:26:19: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
CLSID = {7849596a-48ea-486e-8937-a2a3009f31a9}
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
CLSID = {fbeb8a05-beee-4442-804e-409d6c4515e9}
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
CLSID = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
C:\WINDOWS\system32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
CLSID = {35CEC8A3-2BE6-11D2-8773-92E220524153}
C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place
----------
Key = WPDShServiceObj
CLSID = {AAA288BA-9A4C-45B0-95D7-94D524869DB5}
C:\WINDOWS\system32\WPDShServiceObj.dll - this ShellServiceObject has been left in place
----------

**************************************************
16:26:19: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment = Pré-chargeur Browseui
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------
Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment = Démon de cache des catégories de composant
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------

**************************************************
16:26:19: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
16:26:19: Scanning ----- APPINIT_DLLS -----
[AppInitDLLs entry = [c:\windows\system32\mljghij.dll]
The following AppInit_DLLs are loaded at boot-time:
c:\windows\system32\mljghij.dll - appears to contain TROJAN.DOWNLOADER.CONHOOK
c:\windows\system32\mljghij.dll - this reference will be removed
c:\windows\system32\mljghij.dll - file ownership assigned to: xalasopenafrica\badou
c:\windows\system32\mljghij.dll has been marked for renaming when the PC is restarted
----------

**************************************************
16:26:22: Scanning ----- SECURITY PROVIDER DLLS -----
msapsspc.dll - this entry has been left in place
----------
schannel.dll - this entry has been left in place
----------
digest.dll - this entry has been left in place
----------
msnsspc.dll - this entry has been left in place
----------

**************************************************
16:26:24: Scanning ------ COMMON STARTUP GROUP ------
[D:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
desktop.ini - this file has been left in place
--------------------

**************************************************
No User Startup Groups were located to check

**************************************************
16:26:24: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Parameters: -Task
Next Run Time: 2007-08-05 07:47:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
C:\Program Files\Apple Software Update\SoftwareUpdate.exe - this entry has been left in place
----------
Taskname: Maintenance en 1 clic.job
File: C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
Parameters: /schedulestart
Next Run Time: 2007-08-03 17:15:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: badou
Comments: Lance la maintenance en 1 clic à des heures précises
C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe - this entry has been left in place
----------
Taskname: Nettoyage de disque.job
File: C:\WINDOWS\system32\cleanmgr.exe
Parameters: [blank]
Next Run Time: 2007-08-02 08:03:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: badou
Comments: [blank]
C:\WINDOWS\system32\cleanmgr.exe - this entry has been left in place
----------
Taskname: Norton AntiVirus - Scan my computer - badou.job
File: C:\PROGRA~1\Norton Internet Security\Norton AntiVirus\Navw32.exe
Parameters: /task:"D:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus\Tasks\mycomp.sca"
Next Run Time: 2007-08-03 07:00:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: badou
Comments: This is a schedule scan task from Norton AntiVirus.
C:\PROGRA~1\Norton Internet Security\Norton AntiVirus\Navw32.exe - this entry has been left in place
----------

**************************************************
16:26:25: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------

**************************************************
16:26:25: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\avsniff.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\avsniff.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\avsniffdlgs.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\AXXPEE.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\CabSA.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\catalog.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file has been left in place
C:\WINDOWS\Downloaded Program Files\dwusplay.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\dwusplay.exe - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ecbootil.vxd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ecmldr32.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\ecmsvr32.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\erma.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\gp.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\hardwaredetection.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\HcmsL10NStr.ini - this file has been left in place
C:\WINDOWS\Downloaded Program Files\isusweb.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\LegitCheckControl.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\navapi.vxd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\navapi32.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\naveng32.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\navex32a.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\rufsi.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\scrauth.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\symaveng.cat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\symaveng.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tcdefs.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tcscan7.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tcscan8.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tcscan9.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tinf.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tinfidx.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tinfl.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\TmHcms.ini - this file has been left in place
C:\WINDOWS\Downloaded Program Files\TmHCMSMgr.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\TmHcmsX.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\TmHcmsX.ini - this file has been left in place
C:\WINDOWS\Downloaded Program Files\TmHcmsX.ocx - this file has been left in place
C:\WINDOWS\Downloaded Program Files\TmSvcUrl.ini - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tscan1.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\tscan1hd.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\v.grd - this file has been left in place
C:\WINDOWS\Downloaded Program Files\v.sig - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan1.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan2.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan3.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan4.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan5.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan6.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan7.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan8.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscan9.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\virscant.dat - this file has been left in place
C:\WINDOWS\Downloaded Program Files\zdone.dat - this file has been left in place

**************************************************
16:26:34: Scanning ----- RUNNING PROCESSES -----
[Only loaded modules not scanned already
during this scan will be scanned here]

C:\WINDOWS\System32\smss.exe
Loaded modules:
C:\WINDOWS\system32\ntdll.dll
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
Loaded modules:
C:\WINDOWS\system32\CSRSRV.dll
C:\WINDOWS\system32\basesrv.dll
C:\WINDOWS\system32\winsrv.dll
C:\WINDOWS\system32\GDI32.dll
C:\WINDOWS\system32\KERNEL32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\LPK.DLL
C:\WINDOWS\system32\USP10.dll
C:\WINDOWS\system32\msvcrt.dll
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\RPCRT4.dll
C:\WINDOWS\system32\sxs.dll
C:\WINDOWS\system32\Apphelp.dll
C:\WINDOWS\system32\VERSION.dll
C:\Program Files\Spyware Doctor\Tools\eg.dat
C:\WINDOWS\system32\oleaut32.dll
C:\WINDOWS\system32\ole32.dll
C:\Program Files\Spyware Doctor\Tools\klg.dat
C:\Program Files\Spyware Doctor\Tools\swpg.dat
[20 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
Loaded modules:
C:\WINDOWS\system32\AUTHZ.dll
C:\WINDOWS\system32\MSASN1.dll
C:\WINDOWS\system32\NDdeApi.dll
C:\WINDOWS\system32\PROFMAP.dll
C:\WINDOWS\system32\NETAPI32.dll
C:\WINDOWS\system32\USERENV.dll
C:\WINDOWS\system32\PSAPI.DLL
C:\WINDOWS\system32\REGAPI.dll
C:\WINDOWS\system32\Secur32.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\WINSTA.dll
C:\WINDOWS\system32\WINTRUST.dll
C:\WINDOWS\system32\IMAGEHLP.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\IMM32.DLL
C:\WINDOWS\system32\WININET.dll
C:\WINDOWS\system32\SHLWAPI.dll
C:\WINDOWS\system32\Normaliz.dll
C:\WINDOWS\system32\iertutil.dll
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
C:\WINDOWS\system32\comctl32.dll
C:\WINDOWS\system32\NTMARTA.DLL
C:\WINDOWS\system32\WLDAP32.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\MSGINA.dll
C:\WINDOWS\system32\ODBC32.dll
C:\WINDOWS\system32\comdlg32.dll
C:\WINDOWS\system32\odbcint.dll
C:\WINDOWS\system32\sfc.dll
C:\WINDOWS\system32\sfc_os.dll
C:\WINDOWS\system32\msctfime.ime
C:\WINDOWS\system32\WINSCARD.DLL
C:\WINDOWS\system32\WTSAPI32.dll
C:\WINDOWS\system32\rsaenh.dll
C:\WINDOWS\system32\uxtheme.dll
C:\WINDOWS\system32\WINMM.dll
C:\WINDOWS\system32\WINSPOOL.DRV
C:\WINDOWS\system32\MPR.dll
C:\WINDOWS\system32\CLBCATQ.DLL
C:\WINDOWS\system32\COMRes.dll
C:\WINDOWS\system32\msv1_0.dll
C:\WINDOWS\system32\iphlpapi.dll
C:\WINDOWS\system32\xpsp2res.dll
C:\WINDOWS\system32\wdmaud.drv
C:\WINDOWS\system32\msacm32.drv
C:\WINDOWS\system32\MSACM32.dll
C:\WINDOWS\system32\midimap.dll
[74 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
Loaded modules:
C:\WINDOWS\system32\SCESRV.dll
C:\WINDOWS\system32\umpnpmgr.dll
C:\WINDOWS\system32\NCObjAPI.DLL
C:\WINDOWS\system32\MSVCP60.dll
C:\WINDOWS\system32\ShimEng.dll
C:\WINDOWS\AppPatch\AcAdProc.dll
C:\WINDOWS\system32\eventlog.dll
[41 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
Loaded modules:
C:\WINDOWS\system32\LSASRV.dll
C:\WINDOWS\system32\NTDSAPI.dll
C:\WINDOWS\system32\DNSAPI.dll
C:\WINDOWS\system32\SAMSRV.dll
C:\WINDOWS\system32\cryptdll.dll
C:\WINDOWS\AppPatch\AcGenral.DLL
C:\WINDOWS\system32\msprivs.dll
C:\WINDOWS\system32\kerberos.dll
C:\WINDOWS\system32\netlogon.dll
C:\WINDOWS\system32\schannel.dll
C:\WINDOWS\system32\wdigest.dll
C:\WINDOWS\system32\scecli.dll
C:\WINDOWS\system32\ipsecsvc.dll
C:\WINDOWS\system32\oakley.DLL
C:\WINDOWS\system32\WINIPSEC.DLL
C:\WINDOWS\system32\pstorsvc.dll
C:\WINDOWS\system32\hnetcfg.dll
C:\WINDOWS\System32\wshtcpip.dll
C:\WINDOWS\system32\psbase.dll
C:\WINDOWS\system32\dssenh.dll
[66 loaded modules in total]
--------------------
C:\WINDOWS\system32\Ati2evxx.exe
Loaded modules:
C:\WINDOWS\system32\Ati2edxx.dll
[20 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
Loaded modules:
c:\windows\system32\ICAAPI.dll
c:\windows\system32\mstlsapi.dll
c:\windows\system32\ACTIVEDS.dll
c:\windows\system32\adsldpc.dll
c:\windows\system32\ATL.DLL
[60 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
Loaded modules:
C:\WINDOWS\System32\winrnr.dll
C:\WINDOWS\system32\rasadhlp.dll
C:\WINDOWS\system32\msi.dll
[47 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe
Loaded modules:
c:\windows\system32\dbghelp.dll
c:\windows\system32\rtutils.dll
c:\windows\system32\WMI.dll
c:\windows\system32\ESENT.dll
C:\WINDOWS\System32\rastls.dll
C:\WINDOWS\system32\CRYPTUI.dll
C:\WINDOWS\System32\MPRAPI.dll
C:\WINDOWS\System32\RASAPI32.dll
C:\WINDOWS\System32\rasman.dll
C:\WINDOWS\System32\TAPI32.dll
C:\WINDOWS\System32\raschap.dll
C:\WINDOWS\System32\MSIDLE.DLL
c:\windows\system32\certcli.dll
c:\windows\system32\HID.DLL
c:\windows\system32\netshell.dll
c:\windows\system32\credui.dll
c:\windows\system32\WZCSAPI.DLL
c:\windows\system32\POWRPROF.dll
C:\WINDOWS\system32\VSSAPI.DLL
C:\WINDOWS\system32\wuaueng.dll
C:\WINDOWS\System32\WINHTTP.dll
C:\WINDOWS\System32\Cabinet.dll
C:\WINDOWS\System32\mspatcha.dll
C:\WINDOWS\system32\wbem\wbemcomn.dll
C:\WINDOWS\System32\Wbem\wbemcore.dll
C:\WINDOWS\System32\Wbem\esscli.dll
C:\WINDOWS\System32\Wbem\FastProx.dll
C:\WINDOWS\system32\comsvcs.dll
C:\WINDOWS\system32\colbact.DLL
C:\WINDOWS\system32\MTXCLU.DLL
C:\WINDOWS\system32\WSOCK32.dll
C:\WINDOWS\System32\CLUSAPI.DLL
C:\WINDOWS\System32\RESUTILS.DLL
C:\WINDOWS\system32\wbem\wmiutils.dll
C:\WINDOWS\system32\wbem\repdrvfs.dll
c:\windows\system32\netcfgx.dll
C:\WINDOWS\system32\wbem\wmiprvsd.dll
C:\WINDOWS\System32\rastapi.dll
C:\WINDOWS\system32\wbem\wbemess.dll
C:\WINDOWS\System32\unimdm.tsp
C:\WINDOWS\System32\uniplat.dll
C:\WINDOWS\System32\kmddsp.tsp
C:\WINDOWS\System32\ndptsp.tsp
C:\WINDOWS\System32\ipconf.tsp
C:\WINDOWS\System32\h323.tsp
C:\WINDOWS\system32\wbem\ncprov.dll
C:\WINDOWS\System32\hidphone.tsp
C:\WINDOWS\System32\rasppp.dll
C:\WINDOWS\System32\ntlsapi.dll
C:\WINDOWS\system32\msxml3.dll
C:\WINDOWS\system32\advpack.dll
C:\WINDOWS\System32\RASDLG.dll
[154 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
Loaded modules:
[38 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
Loaded modules:
C:\
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS