Votre question

PC lent après detection de trojan par kav : lag énorme

Tags :
  • Win32
  • Sécurité
Dernière réponse : dans Sécurité et virus
5 Mai 2006 20:49:14

Bonjour à tous !
Je me tourne vers vous car je sais qu'il y a quelques experts ici en la matière.
J'ai eu le malheure d'utiliser IE pendant trois jours lorsque que cela n'a pas coupé, KAV m'indique des trojans et des petits virus :
Trojan-Downloader.Win32.IstBar.ja Trojan-Downloader.Win32.IstBar.ny not-a-virus:AdWare.Win32.Altnet.o not-a-virus:AdWare.Win32.Gator.3202 Trojan-Downloader.Win32.Zlob.na Trojan-Downloader.Win32.Agent.acd not-a-virus:AdWare.Win32.SaveNow.bo not-a-virus:AdWare.Win32.Gator.3202

Depuis : mon pc est le plus lent que j'ai jamais vu , on dirait mon 88mhz lorsque qu'il lit un MP3 ;) .

Symptome : démarage classique rapide, aussi rapide que d'habitude. Une fois l'écran de chargement de windows lancé, l'ordinateur est lent, en mode sans echec de même lent. Et en pas à pas je n'ai pas réussi à découvrir quel est le soft qui fait ça.

Hijack this report :
Citation :

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\csrss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\spoolsv.exe
E:\WINDOWS\Explorer.EXE
E:\Tour de Contrôle\Antivirus\KAV\avp.exe
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
E:\TOURDE~1\OPTIMI~1\CACHEM~1\CachemanXP.exe
E:\Program Files\Microsoft IntelliPoint\ipoint.exe
E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Internet\Tchatche\MSN + 3\MsgPlus.exe
E:\Tour de Contrôle\Antivirus\KAV\avp.exe
E:\WINDOWS\system32\nvsvc32.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Tour de Contrôle\Divers outils\SuperCopier2\SuperCopier2.exe
E:\WINDOWS\System32\svchost.exe
E:\Tour de Contrôle\Anti Spy\Spybot - Search & Destroy\TeaTimer.exe
E:\WINDOWS\system32\wdfmgr.exe
E:\Program Files\Messenger\msmsgs.exe
E:\WINDOWS\System32\alg.exe
E:\Tour de Contrôle\Sondes\SpeedFan\speedfan.exe
E:\Tour de Contrôle\Firewall\looknstop\looknstop.exe
E:\WINDOWS\System32\svchost.exe
E:\Tour de Contrôle\Anti Spy\Spybot - Search & Destroy\SpybotSD.exe
E:\Program Files\Mozilla Firefox\firefox.exe
G:\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - E:\Tour de rédaction\Adobe Acrobat Reader 7\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - E:\TOURDE~1\ANTISP~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - I:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - E:\Tour de rédaction\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - E:\Tour de rédaction\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [Look 'n' Stop] "E:\Tour de Contrôle\Firewall\looknstop\looknstop.exe" -auto
O4 - HKLM\..\Run: [PowerStrip] e:\tour de contrôle\affichage\powerstrip\pstrip.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX420 Series] E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [IntelliPoint] "E:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [SSC Service Utility] E:\Program Files\SSC Service Utility\ssc_serv.exe /s
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Internet\Tchatche\MSN + 3\MsgPlus.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [kav] "E:\Tour de Contrôle\Antivirus\KAV\avp.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SuperCopier2.exe] E:\Tour de Contrôle\Divers outils\SuperCopier2\SuperCopier2.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] E:\Tour de Contrôle\Anti Spy\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Gestionnaire Antidote.exe] E:\TOURDE~2\CORREC~1\Antidote\Antidote\Gestionnaire Antidote.exe
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [PeerGuardian] E:\Tour de Contrôle\Firewall\PeerGuardian2\pg2.exe
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Internet\Tchatche\MSN + 3\MsgPlus.exe" /WinStart
O8 - Extra context menu item: E&xport to Microsoft Excel - res://E:\TOURDE~2\MSOFFI~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Télécharger avec FlashGet - I:\Program Files\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - I:\Program Files\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Antivirus Internet - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - E:\Tour de Contrôle\Antivirus\KAV\scieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - E:\TOURDE~2\MSOFFI~1\OFFICE11\REFIEBAR.DLL
O9 - Extra button: FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - I:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra 'Tools' menuitem: &FlashGet - {D6E814A0-E0C5-11d4-8D29-0050BA6940E3} - I:\PROGRA~1\FlashGet\flashget.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: fdjeux -
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) -
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - https://download.macromedia.com/pub/shockwave/cabs/flas...
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "E:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: klogon - E:\WINDOWS\system32\klogon.dll
O23 - Service: Kaspersky Anti-Virus 6.0 (AVP) - Unknown owner - E:\Tour de Contrôle\Antivirus\KAV\avp.exe" -r (file missing)
O23 - Service: CachemanXP (CachemanXPService) - OuterTechnologies - E:\TOURDE~1\OPTIMI~1\CACHEM~1\CachemanXP.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - E:\WINDOWS\system32\nvsvc32.exe


voila !
est ce que l'on peut m'aider s'il vous plait ?
je suis en train de faire des copies sur cd de mes infos .. j'aimerai ne pas avoir à format se serait pénible ;) 

merci à tous
Akwel

Autres pages sur : lent detection trojan kav lag enorme

5 Mai 2006 20:55:57

lu

si tu ne connais pas ce programme, jarte le

O4 - HKCU\..\Run: [SuperCopier2.exe] E:\Tour de Contrôle\Divers outils\SuperCopier2\SuperCopier2.exe

suprime ca aussi

O16 - DPF: fdjeux -

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} -

Telcharge ewido,fais un can puis poste le rapport

Telcharge trojan remover et fais un scan

fais un scan en ligne panda, poste le rapport
@+
5 Mai 2006 21:00:56

Citation :

»»»»»»»»»»»»»»»»»»»»»»»» E:\


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS

E:\WINDOWS\country.exe PRESENT !
E:\WINDOWS\secure32.html PRESENT !
E:\WINDOWS\toolbar.exe PRESENT !

»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\Web


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32


»»»»»»»»»»»»»»»»»»»»»»»» E:\WINDOWS\system32\LogFiles


»»»»»»»»»»»»»»»»»»»»»»»» E:\Documents and Settings\Phileas Fogg\Application Data


»»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer


»»»»»»»»»»»»»»»»»»»»»»»»


»»»»»»»»»»»»»»»»»»»»»»»» Bureau


»»»»»»»»»»»»»»»»»»»»»»»» E:\Program Files


»»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues


»»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="Ma page d'accueil"


»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, les clés qui suivent ne sont pas forcément infectées!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll


»»»»»»»»»»»»»»»»»»»»»»»» Fin

ça c'est le rapport de SmitfraudFix

ewido est en cours je poste ça de suite :) 

j'ai supprimé 016fdjeu et l'autre, mais supercopier est un soft que j'utilise pour stimuler les c/c sur le reseau ^^
5 Mai 2006 21:09:23

ça t'aide pas le rapport de smittfrau ?
la ewido il fait un full scan de mon système, il y en a pour 200go de donnée ....

j'ai passé un petit coup de cc cleaner au passage au ne sait jamais :) 
5 Mai 2006 21:16:01

lol 200go

dsl je ne mi conné po en raport smitfraudix, faut voir avec chercheur PCA
5 Mai 2006 21:27:41

oui avant de poster j'ai regardé un peu ce qu'on conseillait, je suis tombé sur un thread de chercheurpCa donc j'ai appliqué sa procédure :) 
5 Mai 2006 21:34:48

Citation :
***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.4.9. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 05/05/2006 21:28:46
Using Database v6519
Operating System: Windows XP Professional Service Pack 2 (Build 2600)
--------------------------------------------------
21:28:46: ----------RUNNING PROCESSES-----------
E:\WINDOWS\System32\smss.exe
FileSize: 49 Kb
Company Name: Microsoft Corporation
File Description: Gestionnaire de session Windows NT
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Created: 28/08/2001 12:00:00
Last Modified: 19/08/2004 17:10:04
Internal Name: smss.exe
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: smss.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
E:\WINDOWS\system32\csrss.exe
FileSize: 6 Kb
Company Name: Microsoft Corporation
File Description: Client Server Runtime Process
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Created: 28/08/2001 12:00:00
Last Modified: 19/08/2004 17:09:52
Internal Name: CSRSS.Exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: CSRSS.Exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
E:\WINDOWS\system32\winlogon.exe
FileSize: 494 Kb
Company Name: Microsoft Corporation
File Description: Application d'ouverture de session Windows NT
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Created: 28/08/2001 12:00:00
Last Modified: 19/08/2004 17:10:06
Internal Name: winlogon
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: WINLOGON.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
E:\WINDOWS\system32\services.exe
FileSize: 106 Kb
Company Name: Microsoft Corporation
File Description: Applications Services et Contrôleur
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Created: 28/08/2001 12:00:00
Last Modified: 19/08/2004 17:10:04
Internal Name: services.exe
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: services.exe
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 5.1.2600.2180
--------------------
E:\WINDOWS\system32\lsass.exe
FileSize: 13 Kb
Company Name: Microsoft Corporation
File Description: LSA Shell (Export Version)
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Created: 28/08/2001 12:00:00
Last Modified: 19/08/2004 17:09:56
Internal Name: lsass.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: lsass.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
E:\WINDOWS\system32\svchost.exe
FileSize: 14 Kb
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Created: 28/08/2001 12:00:00
Last Modified: 19/08/2004 17:10:04
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
E:\WINDOWS\system32\svchost.exe
FileSize: 14 Kb
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Created: 28/08/2001 12:00:00
Last Modified: 19/08/2004 17:10:04
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
E:\WINDOWS\System32\svchost.exe
FileSize: 14 Kb
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Created: 28/08/2001 12:00:00
Last Modified: 19/08/2004 17:10:04
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
E:\WINDOWS\System32\svchost.exe
FileSize: 14 Kb
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Created: 28/08/2001 12:00:00
Last Modified: 19/08/2004 17:10:04
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
E:\WINDOWS\System32\svchost.exe
FileSize: 14 Kb
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Created: 28/08/2001 12:00:00
Last Modified: 19/08/2004 17:10:04
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
E:\WINDOWS\system32\spoolsv.exe
FileSize: 56 Kb
Company Name: Microsoft Corporation
File Description: Spooler SubSystem App
File Version: 5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)
Date Created: 28/08/2001 12:00:00
Last Modified: 11/06/2005 01:53:32
Internal Name: spoolsv.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: spoolsv.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2696
--------------------
E:\WINDOWS\Explorer.EXE
FileSize: 1012 Kb
Company Name: Microsoft Corporation
File Description: Explorateur Windows
File Version: 6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)
Date Created: 04/01/2006 02:53:20
Last Modified: 19/08/2004 17:09:54
Internal Name: explorer
Copyright: © Microsoft Corporation. Tous droits réservés.
Original Filename: EXPLORER.EXE
Product Name: Système d'exploitation Microsoft® Windows®
Product Version: 6.00.2900.2180
--------------------
E:\Tour de Contrôle\Antivirus\KAV\avp.exe
FileSize: 136 Kb
Company Name: Kaspersky Lab
File Description: Kaspersky Anti-Virus
File Version: 6.0.0.299
Date Created: 24/03/2006 19:09:22
Last Modified: 24/03/2006 19:09:22
Internal Name: AVP
Copyright: Copyright © Kaspersky Lab 1996-2006.
Trademark: Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
Original Filename: AVP.EXE
Product Name: Kaspersky Anti-Virus
Product Version: 6.0.0.299
--------------------
E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE
FileSize: 96 Kb
Company Name: SEIKO EPSON CORPORATION
File Description: EPSON Status Monitor 3
File Version: 3.00
Date Created: 04/01/2006 16:42:18
Last Modified: 09/04/2004 04:00:00
Internal Name: E_S5I0C1
Copyright: Copyright (C) SEIKO EPSON CORP. 2004
Original Filename: E_S5I0C1.EXE
Product Name: EPSON Status Monitor 3
Product Version: 3.00
--------------------
E:\TOURDE~1\OPTIMI~1\CACHEM~1\CachemanXP.exe
FileSize: 197 Kb
Company Name: OuterTechnologies
File Description: CachemanXP - controls File Cache and recovers RAM
File Version: 1.1.0.6
Date Created: 10/01/2006 00:52:29
Last Modified: 20/02/2004 02:46:12
Copyright: (c) 2004 by Outer Technologies
Product Version: 1
Comments: http://www.outertech.com
--------------------
E:\Program Files\Microsoft IntelliPoint\ipoint.exe
FileSize: 450 Kb
Company Name: Microsoft Corporation
File Description: IPoint.exe
File Version: 5.50.662.0
Date Created: 04/12/2005 17:39:20
Last Modified: 04/12/2005 17:39:20
Internal Name: IPoint.exe
Copyright: © Microsoft Corporation 1983-2005.
Original Filename: IPoint.exe
Product Name: Microsoft IntelliPoint
Product Version: 5.5
--------------------
E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
FileSize: 314 Kb
Company Name: Microsoft Corporation
File Description: Machine Debug Manager
File Version: 7.00.9466
Date Created: 20/06/2003 00:25:00
Last Modified: 20/06/2003 00:25:00
Internal Name: mdm.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: mdm.exe
Product Name: Microsoft® Visual Studio .NET
Product Version: 7.00.9466
--------------------
C:\Internet\Tchatche\MSN + 3\MsgPlus.exe
FileSize: 185 Kb
Company Name: Patchou
File Description: Messenger Plus!
File Version: 3, 63, 0, 148
Date Created: 25/05/2005 11:15:01
Last Modified: 19/04/2006 11:13:58
Internal Name: MsgPlus
Copyright: Copyright (C) 2001-2005 Patchou Inc
Original Filename: MsgPlus.exe
Product Name: Messenger Plus! 3
Product Version: 3, 63, 0, 148
--------------------
E:\Tour de Contrôle\Antivirus\KAV\avp.exe
FileSize: 136 Kb
Company Name: Kaspersky Lab
File Description: Kaspersky Anti-Virus
File Version: 6.0.0.299
Date Created: 24/03/2006 19:09:22
Last Modified: 24/03/2006 19:09:22
Internal Name: AVP
Copyright: Copyright © Kaspersky Lab 1996-2006.
Trademark: Kaspersky™ Anti-Virus ® is registered trademark of Kaspersky Lab.
Original Filename: AVP.EXE
Product Name: Kaspersky Anti-Virus
Product Version: 6.0.0.299
--------------------
E:\WINDOWS\system32\nvsvc32.exe
FileSize: 128 Kb
Company Name: NVIDIA Corporation
File Description: NVIDIA Driver Helper Service, Version 81.98
File Version: 6.14.10.8198
Date Created: 10/12/2005 04:06:00
Last Modified: 10/12/2005 04:06:00
Internal Name: NVSVC
Copyright: (C) NVIDIA Corporation. All rights reserved.
Original Filename: nvsvc32.exe
Product Name: NVIDIA Driver Helper Service, Version 81.98
Product Version: 6.14.10.8198
--------------------
E:\WINDOWS\system32\ctfmon.exe
FileSize: 15 Kb
Company Name: Microsoft Corporation
File Description: CTF Loader
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Created: 04/01/2006 02:53:16
Last Modified: 19/08/2004 17:09:52
Internal Name: CTFMON
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: CTFMON.EXE
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
E:\Tour de Contrôle\Divers outils\SuperCopier2\SuperCopier2.exe
FileSize: 1,01 Mb
Company Name: SFX TEAM
File Description: SuperCopier 2 (explorer file copy replacement)
File Version: 2.0.0.501
Date Created: 14/03/2005 01:37:48
Last Modified: 14/03/2005 01:37:50
Internal Name: SuperCopier2
Copyright: GNU GPL
Product Version: 2
--------------------
E:\WINDOWS\System32\svchost.exe
FileSize: 14 Kb
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Created: 28/08/2001 12:00:00
Last Modified: 19/08/2004 17:10:04
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
E:\Tour de Contrôle\Anti Spy\Spybot - Search & Destroy\TeaTimer.exe
FileSize: 1,35 Mb
Company Name: Safer Networking Limited
File Description: System settings protector
File Version: 1, 4, 0, 2
Date Created: 05/01/2006 01:13:05
Last Modified: 31/05/2005 02:04:00
Internal Name: TeaTimer
Copyright: © 2000-2005 Patrick M. Kolla / Safer Networking Limited. Alle Rechte vorbehalten.
Trademark: "Spybot" und "Spybot - Search & Destroy" sind registrierte Warenzeichen.
Original Filename: TeaTimer.exe
Product Name: Spybot - Search & Destroy
Product Version: 1, 4, 0, 3
Comments: Schützt Systemeinstellungen vor ungewollten Änderungen.
--------------------
E:\WINDOWS\system32\wdfmgr.exe
FileSize: 38 Kb
Company Name: Microsoft Corporation
File Description: Windows User Mode Driver Manager
File Version: 5.2.3790.1230 built by: dnsrv(bld4act)
Date Created: 10/08/2004 23:05:14
Last Modified: 28/01/2005 14:44:28
Internal Name: WdfMgr
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: WdfMgr.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.2.3790.1230
--------------------
E:\Program Files\Messenger\msmsgs.exe
FileSize: 1,62 Mb
Company Name: Microsoft Corporation
File Description: Windows Messenger
File Version: 4.7.3001
Date Created: 29/08/2002 12:45:12
Last Modified: 13/10/2004 18:24:38
Internal Name: msmsgs
Copyright: Copyright (c) Microsoft Corporation 2004
Trademark: Microsoft(R) is a registered trademark of Microsoft Corporation in the U.S. and/or other countries.
Original Filename: msmsgs.exe
Product Name: Messenger
Product Version: Version 4.7.3001
--------------------
E:\WINDOWS\System32\alg.exe
FileSize: 43 Kb
Company Name: Microsoft Corporation
File Description: Application Layer Gateway Service
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Created: 04/01/2006 02:53:18
Last Modified: 19/08/2004 17:09:52
Internal Name: ALG.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: ALG.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
E:\Tour de Contrôle\Sondes\SpeedFan\speedfan.exe
FileSize: 2,39 Mb
Company Name: Almico Software (www.almico.com)
File Version: 4.28.0.152
Date Created: 08/02/2006 23:38:36
Last Modified: 08/02/2006 23:38:38
Product Name: SpeedFan
Product Version: 4.28
--------------------
E:\Tour de Contrôle\Firewall\looknstop\looknstop.exe
FileSize: 368 Kb
Company Name: Soft4Ever
File Description: Look 'n' Stop Firewall Personnel
File Version: 2, 0, 0, 5
Date Created: 04/01/2006 11:06:32
Last Modified: 04/01/2006 11:06:34
Internal Name: LooknStop
Copyright: Copyright © 2004
Original Filename: LooknStop.EXE
Product Name: Look 'n' Stop Firewall Personnel
Product Version: 2, 0, 0, 5
Special Build: p2
Comments: LooknStop
--------------------
E:\WINDOWS\System32\svchost.exe
FileSize: 14 Kb
Company Name: Microsoft Corporation
File Description: Generic Host Process for Win32 Services
File Version: 5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)
Date Created: 28/08/2001 12:00:00
Last Modified: 19/08/2004 17:10:04
Internal Name: svchost.exe
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: svchost.exe
Product Name: Microsoft® Windows® Operating System
Product Version: 5.1.2600.2180
--------------------
E:\Program Files\Mozilla Firefox\firefox.exe
FileSize: 6,84 Mb
Company Name: Mozilla Corporation
File Description: Firefox
File Version: 1.8.0.3: 2006042618
Date Created: 10/01/2006 17:53:54
Last Modified: 03/05/2006 19:11:28
Internal Name: Firefox
Copyright: Mozilla Corporation
Trademark: Firefox is a Trademark of The Mozilla Foundation.
Original Filename: firefox.exe
Product Name: Firefox
Product Version: 1.5.0.3
--------------------
E:\Tour de Contrôle\Anti Spy\ewido anti-malware\ewidoctrl.exe
FileSize: 13 Kb
Company Name: ewido networks
File Description: ewido control
File Version: 3, 0, 0, 1
Date Created: 30/11/2005 11:47:52
Last Modified: 30/11/2005 11:47:52
Internal Name: ewido control
Copyright: Copyright © 2004
Original Filename: ewidoctrl.exe
Product Name: ewido control
Product Version: 3, 0, 0, 1
--------------------
E:\Tour de Contrôle\Anti Spy\ewido anti-malware\SecuritySuite.exe
FileSize: 516 Kb
Company Name: ewido networks
File Description: anti-malware
File Version: 3, 5, 0, 0
Date Created: 18/12/2005 19:42:58
Last Modified: 18/12/2005 19:42:58
Internal Name: GuiLoader
Copyright: © 2003 ewido networks
Original Filename: SecuritySuite.exe
Product Name: ewido anti-malware
Product Version: 3, 5, 0, 0
--------------------
E:\Tour de Contrôle\Anti Spy\Trojan Remover\lxh2D.exe
FileSize: 1,57 Mb
[This is a Trojan Remover component]
--------------------
E:\Tour de Contrôle\Anti Spy\Trojan Remover\lxh2D.exe
FileSize: 1,57 Mb
[This is a Trojan Remover component]
--------------------
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications
------------------------------
21:29:00: Scanning ----------WIN.INI-----------
WIN.INI found in E:\WINDOWS
------------------------------
21:29:00: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in E:\WINDOWS
------------------------------
21:29:00: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.
------------------------------
21:29:02: Scanning -----WINDOWS REGISTRY-----
Checking HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Vxd
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
--------------------
This key's "Userinit" value calls the following program(s):
E:\WINDOWS\system32\userinit.exe - this entry has been left in place
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = Look 'n' Stop
Value Data = E:\Tour de Contrôle\Firewall\looknstop\looknstop.exe" -auto - this command has been left in place
--------------------
Value Name = PowerStrip
Value Data = e:\tour de contrôle\affichage\powerstrip\pstrip.exe - this command has been left in place
--------------------
Value Name = EPSON Stylus Photo RX420 Series
Value Data = E:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATI9CE.EXE /P31 "EPSON Stylus Photo RX420 Series" /O6 "USB001" /M "Stylus Photo RX420
- this command has been left in place
--------------------
Value Name = NvCplDaemon
Value Data = RUNDLL32.EXE E:\WINDOWS\system32\NvCpl.dll,NvStartup - this command has been left in place
--------------------
Value Name = nwiz
Value Data = nwiz.exe /install - this command has been left in place
--------------------
Value Name = IntelliPoint
Value Data = E:\Program Files\Microsoft IntelliPoint\ipoint.exe - this command has been left in place
--------------------
Value Name = SSC Service Utility
Value Data = E:\Program Files\SSC Service Utility\ssc_serv.exe /s - this command has been left in place
--------------------
Value Name = MessengerPlus3
Value Data = C:\Internet\Tchatche\MSN + 3\MsgPlus.exe - this command has been left in place
--------------------
Value Name = QuickTime Task
Value Data = E:\Program Files\QuickTime\qttask.exe" -atboottime - this command has been left in place
--------------------
Value Name = kav
Value Data = E:\Tour de Contrôle\Antivirus\KAV\avp.exe - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = E:\Tour de Contrôle\Anti Spy\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = CTFMON.EXE
Value Data = E:\WINDOWS\system32\ctfmon.exe - this command has been left in place
--------------------
Value Name = SuperCopier2.exe
Value Data = E:\Tour de Contrôle\Divers outils\SuperCopier2\SuperCopier2.exe - this command has been left in place
--------------------
Value Name = SpybotSD TeaTimer
Value Data = E:\Tour de Contrôle\Anti Spy\Spybot - Search & Destroy\TeaTimer.exe - this command has been left in place
--------------------
Value Name = Gestionnaire Antidote.exe
Value Data = E:\TOURDE~2\CORREC~1\Antidote\Antidote\Gestionnaire Antidote.exe - this command has been left in place
--------------------
Value Name = MSMSGS
Value Data = E:\Program Files\Messenger\msmsgs.exe" /background - this command has been left in place
--------------------
Value Name = PeerGuardian
Value Data = E:\Tour de Contrôle\Firewall\PeerGuardian2\pg2.exe - this command has been left in place
--------------------
Value Name = MessengerPlus3
Value Data = C:\Internet\Tchatche\MSN + 3\MsgPlus.exe" /WinStart - this command has been left in place
--------------------
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunServicesOnce
This Registry Key appears to be empty
--------------------
Checking for an active ScreenSaver:
ScreenSaver=E:\WINDOWS\System32\logon.scr - this command has been left in place
--------------------
------------------------------
21:29:07: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=E:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=E:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=E:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=E:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=E:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=E:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=E:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------
------------------------------
21:29:09: Scanning ----- NT/XP SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the NT/XP CurrentControlSet\Services Keys:
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this reference has been left in place [file not found to scan]
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
Key=BITS
ServiceDLL=E:\WINDOWS\System32\qmgr.dll - this reference has been left in place
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
Key=EventSystem
ServiceDLL=E:\WINDOWS\System32\es.dll - this reference has been left in place
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this reference has been left in place
Key=HTTPFilter
ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
Key=srservice
ServiceDLL=E:\WINDOWS\System32\srsvc.dll - this reference has been left in place
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
Key=TrkWks
ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
Key=W32Time
ServiceDLL=E:\WINDOWS\System32\w32time.dll - this reference has been left in place
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
Key=WmdmPmSN
ServiceDLL=E:\WINDOWS\system32\MsPMSNSv.dll - this reference has been left in place
Key=wscsvc
ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
Key=wuauserv
ServiceDLL=E:\WINDOWS\system32\wuauserv.dll - this reference has been left in place
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
Key=xmlprov
ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place
------------------------------
21:29:18: Scanning ----- NT/XP SERVICES REGISTRY KEYS -----
Checking files called from the NT/XP CurrentControlSet\Services Keys:
Key=ACPI
ImagePath=System32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=aspnet_state
ImagePath=%SystemRoot%\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe - this reference has been left in place
----------
Key=AsyncMac
ImagePath=System32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=System32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=System32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=System32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=AVP
ImagePath="E:\Tour de Contrôle\Antivirus\KAV\avp.exe" -r - this reference has been left in place
----------
Key=CachemanXPService
ImagePath=E:\TOURDE~1\OPTIMI~1\CACHEM~1\CachemanXP.exe - this reference has been left in place
----------
Key=CCDECODE
ImagePath=System32\DRIVERS\CCDECODE.sys - this reference has been left in place
----------
Key=Cdrom
ImagePath=System32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=cisvc
ImagePath=E:\WINDOWS\System32\cisvc.exe - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=COMSysApp
ImagePath=E:\WINDOWS\System32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=ctac32k
ImagePath=System32\drivers\ctac32k.sys - this reference has been left in place
----------
Key=ctaud2k
ImagePath=system32\drivers\ctaud2k.sys - this reference has been left in place
----------
Key=ctljystk
ImagePath=System32\DRIVERS\ctljystk.sys - this reference has been left in place
----------
Key=ctprxy2k
ImagePath=System32\drivers\ctprxy2k.sys - this reference has been left in place
----------
Key=ctsfm2k
ImagePath=System32\drivers\ctsfm2k.sys - this reference has been left in place
----------
Key=Disk
ImagePath=System32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
E:\WINDOWS\System32\Drivers\dtscsi.sys appears to be in-use/locked - scanning skipped.
Key=dtscsi
ImagePath=\SystemRoot\System32\Drivers\dtscsi.sys - this reference has been left in place
----------
Key=EL90XBC
ImagePath=System32\DRIVERS\el90xbc5.sys - this reference has been left in place
----------
Key=emu10k
ImagePath=system32\drivers\emu10k1m.sys - this reference has been left in place
----------
Key=emu10k1
ImagePath=system32\drivers\ctlfacem.sys - this reference has been left in place
----------
Key=emupia
ImagePath=System32\drivers\emupia2k.sys - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=ewido security suite control
ImagePath=E:\Tour de Contrôle\Anti Spy\ewido anti-malware\ewidoctrl.exe - this reference has been left in place
----------
Key=Fdc
ImagePath=System32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=Flpydisk
ImagePath=System32\DRIVERS\flpydisk.sys - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\drivers\fltmgr.sys - this reference has been left in place
----------
Key=Ftdisk
ImagePath=System32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=gameenum
ImagePath=System32\DRIVERS\gameenum.sys - this reference has been left in place
----------
Key=giveio
ImagePath=system32\giveio.sys - this reference has been left in place
----------
Key=Gpc
ImagePath=System32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=ha10kx2k
ImagePath=system32\drivers\ha10kx2k.sys - this reference has been left in place
----------
Key=HidUsb
ImagePath=System32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=HTTP
ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=System32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=IDriverT
ImagePath="E:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" - this reference has been left in place
----------
Key=Imapi
ImagePath=System32\DRIVERS\imapi.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=E:\WINDOWS\System32\imapi.exe - this reference has been left in place
----------
Key=ip6fw
ImagePath=system32\drivers\ip6fw.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=System32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=System32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=System32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=IPSec
ImagePath=System32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=System32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=System32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=Kbdclass
ImagePath=System32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kl1
ImagePath=system32\drivers\kl1.sys - this reference has been left in place
----------
Key=klif
ImagePath=\??\E:\WINDOWS\system32\drivers\klif.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=mchInjDrv
ImagePath=\??\E:\DOCUME~1\PHILEA~1\LOCALS~1\Temp\mc21.tmp - this reference has been left in place [file not found to scan]
----------
Key=MDC8021X
ImagePath=System32\DRIVERS\mdc8021x.sys - this reference has been left in place
----------
Key=MDM
ImagePath="E:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE" - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=E:\WINDOWS\System32\mnmsrvc.exe - this reference has been left in place
----------
Key=Mouclass
ImagePath=System32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=System32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=System32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=System32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=E:\WINDOWS\System32\msdtc.exe - this reference has been left in place
----------
Key=MSIServer
ImagePath=E:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=System32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=MSTEE
ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
----------
Key=NABTSFEC
ImagePath=System32\DRIVERS\NABTSFEC.sys - this reference has been left in place
----------
Key=NBXG7031
ImagePath=System32\DRIVERS\WlanUIG.sys - this reference has been left in place
----------
Key=NdisIP
ImagePath=System32\DRIVERS\NdisIP.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=System32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=System32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=Ndisusb
ImagePath=system32\DRIVERS\genelan.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=System32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=System32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=System32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
----------
Key=nv
ImagePath=system32\DRIVERS\nv4_mini.sys - this reference has been left in place
----------
Key=NVSvc
ImagePath=%SystemRoot%\system32\nvsvc32.exe - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=System32\DRIVERS\nwlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=System32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
----------
Key=NwlnkIpx
ImagePath=system32\DRIVERS\nwlnkipx.sys - this reference has been left in place
----------
Key=NwlnkNb
ImagePath=system32\DRIVERS\nwlnknb.sys - this reference has been left in place
----------
Key=NwlnkSpx
ImagePath=system32\DRIVERS\nwlnkspx.sys - this reference has been left in place
----------
Key=ose
ImagePath="E:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE" - this reference has been left in place
----------
Key=ossrv
ImagePath=system32\drivers\ctoss2k.sys - this reference has been left in place
----------
Key=Parport
ImagePath=System32\DRIVERS\parport.sys - this reference has been left in place
----------
Key=PCAMPR5
ImagePath=\??\E:\WINDOWS\System32\PCAMPR5.SYS - this reference has been left in place [file not found to scan]
----------
Key=PCANDIS5
ImagePath=\??\E:\WINDOWS\system32\PCANDIS5.SYS - this reference has been left in place
----------
Key=PCI
ImagePath=System32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=pgfilter
ImagePath=\??\E:\Tour de Contrôle\Firewall\PeerGuardian2\pgfilter.sys - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=Point32
ImagePath=system32\DRIVERS\point32.sys - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\System32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=System32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=Processor
ImagePath=System32\DRIVERS\processr.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=System32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=PStrip
ImagePath=\??\E:\WINDOWS\system32\DRIVERS\PSTRIP.SYS - this reference has been left in place
----------
Key=Ptilink
ImagePath=System32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
----------
Key=QCDonner
ImagePath=System32\DRIVERS\OVCD.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=System32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=System32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=System32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=System32\DRIVERS\raspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=System32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=rdpdr
ImagePath=System32\DRIVERS\rdpdr.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=E:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=System32\DRIVERS\redbook.sys - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\System32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\System32\rsvp.exe - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=ScsiPort
ImagePath=%SystemRoot%\system32\drivers\scsiport.sys - this reference has been left in place
----------
Key=Secdrv
ImagePath=System32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=serenum
ImagePath=System32\DRIVERS\serenum.sys - this reference has been left in place
----------
Key=Serial
ImagePath=System32\DRIVERS\serial.sys - this reference has been left in place
----------
Key=SFilter
ImagePath=system32\DRIVERS\lnsfw.sys - this reference has been left in place
----------
Key=sfman
ImagePath=system32\drivers\sfmanm.sys - this reference has been left in place
----------
Key=SLIP
ImagePath=System32\DRIVERS\SLIP.sys - this reference has been left in place
----------
Key=SONYPVU1
ImagePath=system32\DRIVERS\SONYPVU1.SYS - this reference has been left in place
----------
Key=speedfan
ImagePath=system32\speedfan.sys - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
E:\WINDOWS\System32\Drivers\sptd.sys appears to be in-use/locked - scanning skipped.
Key=sptd
ImagePath=System32\Drivers\sptd.sys - this reference has been left in place
----------
Key=sr
ImagePath=System32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=Srv
ImagePath=System32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=ssm_bus
ImagePath=system32\DRIVERS\ssm_bus.sys - this reference has been left in place
----------
Key=ssm_mdfl
ImagePath=system32\DRIVERS\ssm_mdfl.sys - this reference has been left in place
----------
Key=ssm_mdm
ImagePath=system32\DRIVERS\ssm_mdm.sys - this reference has been left in place
----------
Key=streamip
ImagePath=System32\DRIVERS\StreamIP.sys - this reference has been left in place
----------
Key=SVKP
ImagePath=\??\E:\WINDOWS\system32\SVKP.sys - this reference has been left in place
----------
Key=swenum
ImagePath=System32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=E:\WINDOWS\System32\dllhost.exe /Processid:{8A8991FD-9E40-4DF4-9F8C-61195A72B1F0} - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=Tcpip
ImagePath=System32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=System32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=UMWdf
ImagePath=E:\WINDOWS\system32\wdfmgr.exe - this reference has been left in place
----------
Key=Update
ImagePath=System32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbccgp
ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=USBHSB
ImagePath=System32\Drivers\glkusb.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=System32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbohci
ImagePath=System32\DRIVERS\usbohci.sys - this reference has been left in place
----------
Key=usbprint
ImagePath=system32\DRIVERS\usbprint.sys - this reference has been left in place
----------
Key=usbscan
ImagePath=system32\DRIVERS\usbscan.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usbuhci
ImagePath=System32\DRIVERS\usbuhci.sys - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=viaagp
ImagePath=System32\DRIVERS\viaagp.sys - this reference has been left in place
----------
Key=viaagp1
ImagePath=System32\DRIVERS\viaagp1.sys - this reference has been left in place
----------
Key=viafilter
ImagePath=\SystemRoot\System32\Drivers\viausb1.sys - this reference has been left in place
----------
Key=ViaIde
ImagePath=system32\DRIVERS\viaide.sys - this reference has been left in place
----------
Key=VIAPFD
ImagePath=\SystemRoot\System32\Drivers\viapfd.sys - this reference has been left in place
----------
Key=vIdeBus
ImagePath=System32\DRIVERS\vIdeBus.sys - this reference has been left in place
----------
Key=vIdePort
ImagePath=System32\DRIVERS\vIdePort.sys - this reference has been left in place
----------
Key=videX32
ImagePath=system32\DRIVERS\videX32.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=Wanarp
ImagePath=System32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=WMConnectCDS
ImagePath=E:\Program Files\Windows Media Connect 2\wmccds.exe - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=E:\WINDOWS\System32\wbem\wmiapsrv.exe - this reference has been left in place
----------
Key=WSTCODEC
ImagePath=System32\DRIVERS\WSTCODEC.SYS - this reference has been left in place
----------
------------------------------
21:33:06: Scanning -----VXD ENTRIES-----
Checking the following VxD entries:
VxD Key = JAVASUP
Vxd = JAVASUP.VXD - this command has been left in place
---------
Checking VMM32 VxD files being loaded
------------------------------
21:33:07: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=klogon
DLLName=E:\WINDOWS\system32\klogon.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------
------------------------------
21:33:10: Scanning ----- CONTEXTMENUHANDLERS -----
Key = Adobe.Acrobat.ContextMenu
CLSID = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
E:\Tour de rédaction\Adobe Acrobat 6.0\Acrobat Elements\ContextMenu.dll - this ContextMenuHandler has been left in place
----------
Key = ewido
CLSID = {57BD36D7-CE32-4600-9B1C-1A0C47EFC02E}
E:\Tour de Contrôle\Anti Spy\ewido anti-malware\context.dll - this ContextMenuHandler has been left in place
----------
Key = Kaspersky Anti-Virus
CLSID = {dd230880-495a-11d1-b064-008048ec2fc5}
E:\Tour de Contrôle\Antivirus\KAV\shellex.dll - this ContextMenuHandler has been left in place
----------
Key = MatroskaContextMenu
CLSID = {789111D8-68A3-46a3-9663-145A3FF4C9C9}
H:\Tour du Multimédia\Codecs\MatroskaProp\MatroskaProp.dll - this ContextMenuHandler has been left in place
----------
Key = Offline Files
CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
%SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
E:\TOURDE~1\ANTISP~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = WinRAR
CLSID = {B41DB860-8EE4-11D2-9906-E49FADC173CA}
E:\Tour de Contrôle\Compression\Winrar\rarext.dll - this ContextMenuHandler has been left in place
----------
Key = WinZip
CLSID = {E0D79304-84BE-11CE-9641-444553540000}
E:\TOURDE~1\COMPRE~1\WINZIP\WZSHLSTB.DLL - this ContextMenuHandler has been left in place
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = {EB4D3CFE-E2AA-4C6E-B2FE-2A749F95D208}
E:\Tour de Contrôle\GraVAGE\Nero 7\Nero BackItUp\NBShell.dll - this ContextMenuHandler has been left in place
----------
------------------------------
21:33:13: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {781395AF-A127-469f-A06F-59B482AF4F3F}
H:\Tour du Multimédia\Codecs\MatroskaProp\MatroskaProp.dll - this Folder\ColumnHandler has been left in place
----------
Key = {7D4D6379-F301-4311-BEBA-E26EB0561882}
E:\Program Files\Fichiers communs\Ahead\lib\NeroDigitalExt.dll - this Folder\ColumnHandler has been left in place
----------
Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
E:\Tour de rédaction\Adobe Acrobat Reader 7\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
----------
------------------------------
21:33:15: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
E:\Tour de rédaction\Adobe Acrobat Reader 7\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place
----------
Key = {53707962-6F74-2D53-2644-206D7942484F}
E:\TOURDE~1\ANTISP~1\SPYBOT~1\SDHelper.dll - this Browser Helper Object has been left in place
----------
Key = {761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
E:\Program Files\Java\jre1.5.0_06\bin\ssv.dll - this Browser Helper Object has been left in place
----------
Key = {A5366673-E8CA-11D3-9CD9-0090271D075B}
I:\PROGRA~1\FlashGet\jccatch.dll - this Browser Helper Object has been left in place
----------
Key = {AE7CD045-E861-484f-8273-0445EE161910}
E:\Tour de rédaction\Adobe Acrobat 6.0\Acrobat\AcroIEFavClient.dll - this Browser Helper Object has been left in place
----------
Key = {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}
E:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll - this Browser Helper Object has been left in place
----------
------------------------------
21:33:16: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
%SystemRoot%\System32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
E:\WINDOWS\System32\stobject.dll - this ShellServiceObject has been left in place
----------
------------------------------
21:33:17: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment = Pré-chargeur Browseui
File: %SystemRoot%\System32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------
Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment = Démon de cache des catégories de composant
File: %SystemRoot%\System32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------
------------------------------
21:33:18: Scanning ----- APPINIT_DLLS -----
[AppInitDLLs entry = sockspy.dll]
The following AppInit_DLLs are loaded at boot-time:
sockspy.dll - this file has been left in place
------------------------------
21:33:24: Scanning ------ COMMON STARTUP GROUP ------
The Common Startup Group attempts to load the following file(s) at boot time:
desktop.ini - this file is expected and has been left in place
------------------------------
No User Startup Groups were located to check
------------------------------
21:33:24: ----- EXTRA REGISTRY CHECKS -----
94 subkeys checked - all ok.
--------------------
------------------------------
21:33:24: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
E:\WINDOWS\Downloaded Program Files\desktop.ini - this file is expected and has been left in place
E:\WINDOWS\Downloaded Program Files\dwusplay.dll - this file has been left in place
E:\WINDOWS\Downloaded Program Files\dwusplay.exe - this file has been left in place
E:\WINDOWS\Downloaded Program Files\isusweb.dll - this file has been left in place
E:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd - this file has been left in place
E:\WINDOWS\Downloaded Program Files\swflash.inf - this file has been left in place
------------------------------
21:33:25: Checking AUTOEXEC.NT file
AUTOEXEC.NT found in E:\WINDOWS\system32
No malicious entries were found in the AUTOEXEC.NT file
------------------------------
------ INTERNET EXPLORER HOME/START/SEARCH SETTINGS ------
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Start Page":
http://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Local Page":
%SystemRoot%\system32\blank.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Page_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main\"Default_Search_URL":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"CustomizeSearch":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm
HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search\"SearchAssistant":
http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Start Page":
about:blank
HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\"Search Page":
http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iese...
------------------------------
=== NO CHANGES HAVE BEEN MADE TO YOUR SYSTEM FILES ===
Scan completed at: 05/05/2006 21:33:26
************************************************************

de trojan remover.
Et panda online virus scanner veut pas de moi.
pourtant j'ai installé son activX components mais rien n'y fait !
5 Mai 2006 22:12:10

up
Tom's guide dans le monde
  • Allemagne
  • Italie
  • Irlande
  • Royaume Uni
  • Etats Unis
Suivre Tom's Guide
Inscrivez-vous à la Newsletter
  • ajouter à twitter
  • ajouter à facebook
  • ajouter un flux RSS