Sujet Précédent Sujet Suivant

Cheval de troie

Fermé
ludivine. - 14 nov. 2007 à 17:35
 ludivine. - 14 nov. 2007 à 20:02
Bonjour, depsui quelque jours j'ai attrpaer le virus de troie .
j'ai comme anti-virus avast et j'en ai télécharger un autre virus keeper, mais quand je fais un scan il ne me dit pas que j'ai le cheval de troie.
je sais pas comment faire pour en finir avec ce virus, quadn j'ai l'alerte qui me dit qu ej'ai el cheval de troie je mais supprimer. mais il revient toujours.

merci de votre aide .

3 réponses

Réponse 1 / 3
carrossier13
14 nov. 2007 à 17:51
Bonjour,
telechgarge trojan remover instal le et fait un scan avec copie le rapport de scan dans ta prochaine reponse. en ce qui concerne ton deuxieme anti virus desinstal le il ne faut qu'un anti virus sinon ils peuvent ce taper dessus et faire des degats!!
0
Réponse 2 / 3
ludivine.
14 nov. 2007 à 19:25
re,
je pense que c'est sa le rapport de mission .
merci pr la rep

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.4.2499. For information, email support@simplysup1.com
[Unregistered version]
Scan started at: 14/11/2007 19:18:40
Using Database v6892
Operating System: Windows XP Home Edition Service Pack 2 (Build 2600)
Data directory: C:\Documents and Settings\ristorto\Application Data\Simply Super Software\Trojan Remover\
Logfile directory: C:\Documents and Settings\ristorto\Mes documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges


**************************************************
The following Anti-Malware program(s) are loaded:
Microsoft Windows One-Care
Nortons Anti-Virus

**************************************************

Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

**************************************************
19:18:40: Scanning ----------WIN.INI-----------
WIN.INI found in C:\WINDOWS

**************************************************
19:18:40: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\WINDOWS

**************************************************
19:18:40: ----- SCANNING FOR ROOTKIT SERVICES -----
No hidden Services were detected.

**************************************************
19:18:41: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\WINDOWS\system32\userinit.exe - this entry has been left in place
----------
This key's "System" value appears to be blank
----------
This key's "UIHost" value calls the following program:
logonui.exe - this entry has been left in place
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = Apoint
Value Data = C:\Program Files\Apoint\Apoint.exe - this command has been left in place
--------------------
Value Name = NvCplDaemon
Value Data = RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup - this command has been left in place
--------------------
Value Name = RTHDCPL
Value Data = RTHDCPL.EXE - this command has been left in place
--------------------
Value Name = Alcmtr
Value Data = ALCMTR.EXE - this command has been left in place
--------------------
Value Name = AzMixerSel
Value Data = C:\Program Files\Realtek\InstallShield\AzMixerSel.exe - this command has been left in place
--------------------
Value Name = Mouse Suite 98 Daemon
Value Data = ICO.EXE - this command has been left in place
--------------------
Value Name = IgfxTray
Value Data = C:\WINDOWS\system32\igfxtray.exe - this command has been left in place
--------------------
Value Name = HotKeysCmds
Value Data = C:\WINDOWS\system32\hkcmd.exe - this command has been left in place
--------------------
Value Name = Persistence
Value Data = C:\WINDOWS\system32\igfxpers.exe - this command has been left in place
--------------------
Value Name = SonyPowerCfg
Value Data = C:\Program Files\Sony\VAIO Power Management\SPMgr.exe - this command has been left in place
--------------------
Value Name = ISBMgr.exe
Value Data = C:\Program Files\Sony\ISB Utility\ISBMgr.exe - this command has been left in place
--------------------
Value Name = VAIO Update 2
Value Data = C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe" /Stationary - this command has been left in place
--------------------
Value Name = PDService.exe
Value Data = C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe - this command has been left in place
--------------------
Value Name = Acrobat Assistant 7.0
Value Data = C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe - this command has been left in place
--------------------
Value Name =
The Value Data for this entry appears to be blank
--------------------
Value Name = MessagerStarter Wanadoo
Value Data = C:\PROGRA~1\MESSAG~1\StartMessager.exe Messager Wanadoo - this command has been left in place
--------------------
Value Name = WOOWATCH
Value Data = C:\PROGRA~1\Wanadoo\Watch.exe - this command has been left in place
--------------------
Value Name = WOOTASKBARICON
Value Data = C:\PROGRA~1\Wanadoo\GestMaj.exe TaskBarIcon.exe - this command has been left in place
--------------------
Value Name = SsAAD.exe
Value Data = C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe - this command has been left in place
--------------------
Value Name = Globe7
Value Data = C:\Program Files\Globe7\Globe7.exe" /hide - this command has been left in place
--------------------
Value Name = Google Desktop Search
Value Data = C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup - this command has been left in place
--------------------
Value Name = ccApp
Value Data = C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe - this command has been left in place
--------------------
Value Name = osCheck
Value Data = C:\Program Files\Norton Internet Security\osCheck.exe - this command has been left in place
--------------------
Value Name = OneCareUI
Value Data = C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe - this command has been left in place
--------------------
Value Name = eCarteBleue-SG-P3-Premier
Value Data = C:\Program Files\e-Carte Bleue\SG\e-Carte Bleue Premier\ECB-SGP.exe" /dontopenmycards - this command has been left in place
--------------------
Value Name = lxdimon.exe
Value Data = C:\Program Files\Lexmark 3500-4500 Series\lxdimon.exe - this command has been left in place
--------------------
Value Name = lxdiamon
Value Data = C:\Program Files\Lexmark 3500-4500 Series\lxdiamon.exe - this command has been left in place
--------------------
Value Name = FaxCenterServer
Value Data = C:\Program Files\\Lexmark Fax Solutions\fm3032.exe" /s - this command has been left in place
--------------------
Value Name = QuickTime Task
Value Data = C:\Program Files\QuickTime\qttask.exe" -atboottime - this command has been left in place
--------------------
Value Name = iTunesHelper
Value Data = C:\Program Files\iTunes\iTunesHelper.exe - this command has been left in place
--------------------
Value Name = Adobe Reader Speed Launcher
Value Data = C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe - this command has been left in place
--------------------
Value Name = Graphic Update
Value Data = C:\DOCUME~1\ristorto\LOCALS~1\Temp\msnplus.exe - this command has been left in place
--------------------
Value Name = VirusKeeper
Value Data = C:\Program Files\AxBx\VirusKeeper 2008 Pro Evaluation\VirusKeeper.exe - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key appears to be empty
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = Yahoo! Pager
Value Data = C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet - this command has been left in place
--------------------
Value Name = WOOKIT
Value Data = C:\PROGRA~1\Wanadoo\Shell.exe appLaunchClientZone.shl|PARAM= cnx - this command has been left in place
--------------------
Value Name = msnmsgr
Value Data = C:\Program Files\MSN Messenger\msnmsgr.exe" /background - this command has been left in place
--------------------
Value Name = MSMSGS
Value Data = C:\Program Files\Messenger\msmsgs.exe" /background - this command has been left in place
--------------------
Value Name = swg
Value Data = C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe - this command has been left in place
--------------------
Value Name = ctfmon.exe
Value Data = C:\WINDOWS\system32\ctfmon.exe - this command has been left in place
--------------------
Value Name = AdobeUpdater
Value Data = C:\Program Files\Fichiers communs\Adobe\Updater5\AdobeUpdater.exe - this command has been left in place
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

**************************************************
19:18:48: Scanning -----SHELLEXECUTEHOOKS-----
ValueName: {AEB6717E-7E19-11d0-97EE-00C04FD91972}
File: shell32.dll - this file is expected and has been left in place
----------

**************************************************
19:18:48: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
No Hidden File-loading Registry Entries found
----------

**************************************************
19:18:48: Scanning -----ACTIVE SCREENSAVER-----
ScreenSaver=C:\WINDOWS\system32\scrnsave.scr - this command has been left in place
--------------------

**************************************************
19:18:49: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=<{12d0ed0d-0ee0-4f90-8827-78cefb8f4988}
StubPath=C:\WINDOWS\system32\ieudinit.exe - this reference has been left in place
----------
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\WINDOWS\inf\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key=>{881dd1c5-3dcf-431b-b061-f3f88e8be88a}
StubPath=C:\WINDOWS\system32\shmgrate.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\WINDOWS\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={7790769C-0471-11d2-AF11-00C04FA35D02}
StubPath=C:\Program Files\Outlook Express\setup50.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\WINDOWS\system32\ie4uinit.exe - this reference has been left in place
----------

**************************************************
19:18:54: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=Alerter
ServiceDLL=%SystemRoot%\system32\alrsvc.dll - this reference has been left in place
--------------------
Key=AppMgmt
ServiceDLL=%SystemRoot%\System32\appmgmts.dll - this file is globally excluded (file cannot be found)
--------------------
Key=AudioSrv
ServiceDLL=%SystemRoot%\System32\audiosrv.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=C:\WINDOWS\system32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\System32\cryptsvc.dll - this reference has been left in place
--------------------
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=dmserver
ServiceDLL=%SystemRoot%\System32\dmserver.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=ERSvc
ServiceDLL=%SystemRoot%\System32\ersvc.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=C:\WINDOWS\system32\es.dll - this reference has been left in place
--------------------
Key=FastUserSwitchingCompatibility
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=helpsvc
ServiceDLL=%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll - this reference has been left in place
--------------------
Key=HidServ
ServiceDLL=%SystemRoot%\System32\hidserv.dll - this reference has been left in place
--------------------
Key=HTTPFilter
ServiceDLL=%SystemRoot%\System32\w3ssl.dll - this reference has been left in place
--------------------
Key=lanmanserver
ServiceDLL=%SystemRoot%\System32\srvsvc.dll - this reference has been left in place
--------------------
Key=lanmanworkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=LmHosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=Messenger
ServiceDLL=%SystemRoot%\System32\msgsvc.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=Nla
ServiceDLL=%SystemRoot%\System32\mswsock.dll - this reference has been left in place
--------------------
Key=NtmsSvc
ServiceDLL=%SystemRoot%\system32\ntmssvc.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%SystemRoot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%SystemRoot%\System32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\system32\sens.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=srservice
ServiceDLL=C:\WINDOWS\system32\srsvc.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\system32\wiaservc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\system32\trkwks.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=C:\WINDOWS\system32\w32time.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WmdmPmSN
ServiceDLL=C:\WINDOWS\system32\MsPMSNSv.dll - this reference has been left in place
--------------------
Key=wscsvc
ServiceDLL=%SYSTEMROOT%\system32\wscsvc.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=C:\WINDOWS\system32\wuauserv.dll - this reference has been left in place
--------------------
Key=WZCSVC
ServiceDLL=%SystemRoot%\System32\wzcsvc.dll - this reference has been left in place
--------------------
Key=xmlprov
ServiceDLL=%SystemRoot%\System32\xmlprov.dll - this reference has been left in place

**************************************************
19:19:02: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=ACPI
ImagePath=system32\DRIVERS\ACPI.sys - this reference has been left in place
----------
Key=ACPIEC
ImagePath=system32\DRIVERS\ACPIEC.sys - this reference has been left in place
----------
Key=Adobe LM Service
ImagePath="C:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe" - this reference has been left in place
----------
Key=AdobeActiveFileMonitor4.0
ImagePath=C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe - this reference has been left in place
----------
Key=aec
ImagePath=system32\drivers\aec.sys - this reference has been left in place
----------
Key=AegisP
ImagePath=system32\DRIVERS\AegisP.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\System32\drivers\afd.sys - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=ApfiltrService
ImagePath=system32\DRIVERS\Apfiltr.sys - this reference has been left in place
----------
Key=Apple Mobile Device
ImagePath="C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe" - this reference has been left in place
----------
Key=Arp1394
ImagePath=system32\DRIVERS\arp1394.sys - this reference has been left in place
----------
Key=aspnet_state
ImagePath=%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe - this reference has been left in place
----------
Key=AsyncMac
ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=system32\DRIVERS\atapi.sys - this reference has been left in place
----------
Key=Atmarpc
ImagePath=system32\DRIVERS\atmarpc.sys - this reference has been left in place
----------
Key=audstub
ImagePath=system32\DRIVERS\audstub.sys - this reference has been left in place
----------
Key=Automatic LiveUpdate Scheduler
ImagePath="C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe" - this reference has been left in place
----------
Key=CCDECODE
ImagePath=system32\DRIVERS\CCDECODE.sys - this reference has been left in place
----------
Key=ccEvtMgr
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon - this reference has been left in place
----------
Key=ccSetMgr
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe" /h ccCommon - this reference has been left in place
----------
Key=Cdrom
ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=CiSvc
ImagePath=%SystemRoot%\system32\cisvc.exe - this reference has been left in place
----------
Key=ClipSrv
ImagePath=%SystemRoot%\system32\clipsrv.exe - this reference has been left in place
----------
Key=clr_optimization_v2.0.50727_32
ImagePath=C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - this reference has been left in place
----------
Key=CmBatt
ImagePath=system32\DRIVERS\CmBatt.sys - this reference has been left in place
----------
Key=comHost
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\VAScanner\comHost.exe" - this reference has been left in place
----------
Key=Compbatt
ImagePath=system32\DRIVERS\compbatt.sys - this reference has been left in place
----------
Key=COMSysApp
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=Disk
ImagePath=system32\DRIVERS\disk.sys - this reference has been left in place
----------
Key=dmadmin
ImagePath=%SystemRoot%\System32\dmadmin.exe /com - this reference has been left in place
----------
Key=dmboot
ImagePath=System32\drivers\dmboot.sys - this reference has been left in place
----------
Key=DMICall
ImagePath=system32\DRIVERS\DMICall.sys - this reference has been left in place
----------
Key=dmio
ImagePath=System32\drivers\dmio.sys - this reference has been left in place
----------
Key=dmload
ImagePath=System32\drivers\dmload.sys - this reference has been left in place
----------
Key=DMusic
ImagePath=system32\drivers\DMusic.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=E100B
ImagePath=system32\DRIVERS\e100b325.sys - this reference has been left in place
----------
Key=Eventlog
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=EvtEng
ImagePath=C:\Program Files\Intel\Wireless\Bin\EvtEng.exe - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\DRIVERS\fltMgr.sys - this reference has been left in place
----------
Key=Ftdisk
ImagePath=system32\DRIVERS\ftdisk.sys - this reference has been left in place
----------
Key=FTRTSVC
ImagePath=C:\WINDOWS\System32\FTRTSVC.exe - this reference has been left in place
----------
Key=GEARAspiWDM
ImagePath=SYSTEM32\DRIVERS\GEARAspiWDM.sys - this reference has been left in place
----------
Key=GoogleDesktopManager
ImagePath="C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" - this reference has been left in place
----------
Key=Gpc
ImagePath=system32\DRIVERS\msgpc.sys - this reference has been left in place
----------
Key=gusvc
ImagePath="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
----------
Key=HDAudBus
ImagePath=system32\DRIVERS\HDAudBus.sys - this reference has been left in place
----------
Key=HidUsb
ImagePath=system32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=HSFHWAZL
ImagePath=system32\DRIVERS\HSFHWAZL.sys - this reference has been left in place
----------
Key=HSF_DPV
ImagePath=system32\DRIVERS\HSF_DPV.sys - this reference has been left in place
----------
Key=HTTP
ImagePath=System32\Drivers\HTTP.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=ialm
ImagePath=system32\DRIVERS\ialmnt5.sys - this reference has been left in place
----------
Key=IDriverT
ImagePath="C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe" - this reference has been left in place
----------
Key=Image Converter video recording monitor for VAIO Entertainment
ImagePath=C:\Program Files\Sony\Image Converter 2\IcVzMon.exe - this reference has been left in place
----------
Key=Imapi
ImagePath=system32\DRIVERS\imapi.sys - this reference has been left in place
----------
Key=ImapiService
ImagePath=C:\WINDOWS\system32\imapi.exe - this reference has been left in place
----------
Key=IntcAzAudAddService
ImagePath=system32\drivers\RtkHDAud.sys - this reference has been left in place
----------
Key=IntelIde
ImagePath=system32\DRIVERS\intelide.sys - this reference has been left in place
----------
Key=intelppm
ImagePath=system32\DRIVERS\intelppm.sys - this reference has been left in place
----------
Key=Ip6Fw
ImagePath=system32\DRIVERS\Ip6Fw.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=system32\DRIVERS\ipinip.sys - this reference has been left in place
----------
Key=IpNat
ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=iPod Service
ImagePath="C:\Program Files\iPod\bin\iPodService.exe" - this reference has been left in place
----------
Key=IPSec
ImagePath=system32\DRIVERS\ipsec.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=system32\DRIVERS\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=system32\DRIVERS\isapnp.sys - this reference has been left in place
----------
Key=ISPwdSvc
ImagePath="C:\Program Files\Norton Internet Security\isPwdSvc.exe" - this reference has been left in place
----------
Key=Kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kbdhid
ImagePath=system32\DRIVERS\kbdhid.sys - this reference has been left in place
----------
Key=kmixer
ImagePath=system32\drivers\kmixer.sys - this reference has been left in place
----------
Key=LEX_AS_NIC_SERVICE_YNOS
ImagePath=system32\DRIVERS\ExpasAG.sys - this reference has been left in place
----------
Key=LiveUpdate
ImagePath="C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE" - this reference has been left in place
----------
Key=lxdiCATSCustConnectService
ImagePath=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdiserv.exe - this reference has been left in place
----------
Key=lxdi_device
ImagePath=C:\WINDOWS\system32\lxdicoms.exe -service - this reference has been left in place
----------
Key=mdmxsdk
ImagePath=system32\DRIVERS\mdmxsdk.sys - this reference has been left in place
----------
Key=MioNet
ImagePath="C:\Program Files\MioNet\MioNetManager.exe" -s "C:\Program Files\MioNet\wrapper.conf" - this reference has been left in place
----------
Key=mnmsrvc
ImagePath=C:\WINDOWS\system32\mnmsrvc.exe - this reference has been left in place
----------
Key=Mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=system32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=MpFilter
ImagePath=system32\DRIVERS\MpFilter.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=system32\DRIVERS\mrxdav.sys - this reference has been left in place
----------
Key=MRxSmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=MSCSPTISRV
ImagePath="C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe" - this reference has been left in place
----------
Key=MSDTC
ImagePath=C:\WINDOWS\system32\msdtc.exe - this reference has been left in place
----------
Key=MSFWDrv
ImagePath=system32\DRIVERS\msfwdrv.sys - this reference has been left in place
----------
Key=MSFWHLPR
ImagePath=system32\DRIVERS\msfwhlpr.sys - this reference has been left in place
----------
Key=msfwsvc
ImagePath="C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe" - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\WINDOWS\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=MSSQL$VAIO_VEDB
ImagePath=C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe -sVAIO_VEDB - this reference has been left in place
----------
Key=MSSQLServerADHelper
ImagePath=C:\Program Files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe - this reference has been left in place
----------
Key=MSTEE
ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
----------
Key=NABTSFEC
ImagePath=system32\DRIVERS\NABTSFEC.sys - this reference has been left in place
----------
Key=NdisIP
ImagePath=system32\DRIVERS\NdisIP.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=NetBT
ImagePath=system32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=NetDDE
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=NetDDEdsdm
ImagePath=%SystemRoot%\system32\netdde.exe - this reference has been left in place
----------
Key=Netlogon
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=NIC1394
ImagePath=system32\DRIVERS\nic1394.sys - this reference has been left in place
----------
Key=NtLmSsp
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=nv
ImagePath=system32\DRIVERS\nv4_mini.sys - this reference has been left in place
----------
Key=NVSvc
ImagePath=%SystemRoot%\system32\nvsvc32.exe - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=system32\DRIVERS\nwlnkflt.sys - this reference has been left in place
----------
Key=NwlnkFwd
ImagePath=system32\DRIVERS\nwlnkfwd.sys - this reference has been left in place
----------
Key=ohci1394
ImagePath=system32\DRIVERS\ohci1394.sys - this reference has been left in place
----------
Key=OneCareMP
ImagePath="C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe" - this reference has been left in place
----------
Key=PACSPTISVR
ImagePath="C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe" - this reference has been left in place
----------
Key=PCANDIS5
ImagePath=\??\C:\WINDOWS\system32\PCANDIS5.SYS - this reference has been left in place
----------
Key=PCI
ImagePath=system32\DRIVERS\pci.sys - this reference has been left in place
----------
Key=PCIIde
ImagePath=system32\DRIVERS\pciide.sys - this reference has been left in place
----------
Key=Pcmcia
ImagePath=system32\DRIVERS\pcmcia.sys - this reference has been left in place
----------
Key=PlugPlay
ImagePath=%SystemRoot%\system32\services.exe - this reference has been left in place
----------
Key=PolicyAgent
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=PrivateDisk
ImagePath=System32\Drivers\PrivateDiskM.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=system32\DRIVERS\psched.sys - this reference has been left in place
----------
Key=Ptilink
ImagePath=system32\DRIVERS\ptilink.sys - this reference has been left in place
----------
Key=PxHelp20
ImagePath=System32\Drivers\PxHelp20.sys - this reference has been left in place
----------
Key=QCDonner
ImagePath=system32\DRIVERS\OVCD.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=system32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=Raspti
ImagePath=system32\DRIVERS\raspti.sys - this reference has been left in place
----------
Key=Rdbss
ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=RDSessMgr
ImagePath=C:\WINDOWS\system32\sessmgr.exe - this reference has been left in place
----------
Key=redbook
ImagePath=system32\DRIVERS\redbook.sys - this reference has been left in place
----------
Key=RegSrvc
ImagePath=C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
----------
Key=RSVP
ImagePath=%SystemRoot%\system32\rsvp.exe - this reference has been left in place
----------
Key=S24EventMonitor
ImagePath=C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe - this reference has been left in place
----------
Key=s24trans
ImagePath=system32\DRIVERS\s24trans.sys - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=SCardSvr
ImagePath=%SystemRoot%\System32\SCardSvr.exe - this reference has been left in place
----------
Key=Secdrv
ImagePath=system32\DRIVERS\secdrv.sys - this reference has been left in place
----------
Key=SG760_XP
ImagePath=system32\DRIVERS\WlanUZXP.sys - this reference has been left in place
----------
Key=SLIP
ImagePath=system32\DRIVERS\SLIP.sys - this reference has been left in place
----------
Key=SNC
ImagePath=System32\Drivers\SonyNC.sys - this reference has been left in place
----------
Key=SONYPVU1
ImagePath=system32\DRIVERS\SONYPVU1.SYS - this reference has been left in place
----------
Key=SPC610NC
ImagePath=system32\DRIVERS\SPC610NC.SYS - this reference has been left in place
----------
Key=splitter
ImagePath=system32\drivers\splitter.sys - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\system32\spoolsv.exe - this reference has been left in place
----------
Key=SPTISRV
ImagePath="C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe" - this reference has been left in place
----------
Key=SQLAgent$VAIO_VEDB
ImagePath=C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE -i VAIO_VEDB - this reference has been left in place
----------
Key=sr
ImagePath=system32\DRIVERS\sr.sys - this reference has been left in place
----------
Key=Srv
ImagePath=system32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=SSScsiSV
ImagePath=C:\Program Files\Fichiers communs\Sony Shared\AVLib\SSScsiSV.exe - this reference has been left in place
----------
Key=STI Simulator
ImagePath=C:\WINDOWS\System32\PAStiSvc.exe - this reference has been left in place
----------
Key=streamip
ImagePath=system32\DRIVERS\StreamIP.sys - this reference has been left in place
----------
Key=swenum
ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=swmidi
ImagePath=system32\drivers\swmidi.sys - this reference has been left in place
----------
Key=SwPrv
ImagePath=C:\WINDOWS\system32\dllhost.exe /Processid:{77966D93-A9DE-448C-88BF-734AD3531A44} - this reference has been left in place
----------
Key=SymAppCore
ImagePath="C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe" - this reference has been left in place
----------
Key=SYMDNS
ImagePath=\SystemRoot\System32\Drivers\SYMDNS.SYS - this reference has been left in place
----------
Key=SymEvent
ImagePath=\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS - this reference has been left in place
----------
Key=SYMFW
ImagePath=\SystemRoot\System32\Drivers\SYMFW.SYS - this reference has been left in place
----------
Key=SYMIDS
ImagePath=\SystemRoot\System32\Drivers\SYMIDS.SYS - this reference has been left in place
----------
Key=SYMNDIS
ImagePath=\SystemRoot\System32\Drivers\SYMNDIS.SYS - this reference has been left in place
----------
Key=SYMREDRV
ImagePath=\SystemRoot\System32\Drivers\SYMREDRV.SYS - this reference has been left in place
----------
Key=SYMTDI
ImagePath=\SystemRoot\System32\Drivers\SYMTDI.SYS - this reference has been left in place
----------
Key=sysaudio
ImagePath=system32\drivers\sysaudio.sys - this reference has been left in place
----------
Key=SysmonLog
ImagePath=%SystemRoot%\system32\smlogsvc.exe - this reference has been left in place
----------
Key=Tcpip
ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=tifmsony
ImagePath=system32\drivers\tifmsony.sys - this reference has been left in place
----------
Key=UMWdf
ImagePath=C:\WINDOWS\system32\wdfmgr.exe - this reference has been left in place
----------
Key=Update
ImagePath=system32\DRIVERS\update.sys - this reference has been left in place
----------
Key=UPS
ImagePath=%SystemRoot%\System32\ups.exe - this reference has been left in place
----------
Key=usbccgp
ImagePath=system32\DRIVERS\usbccgp.sys - this reference has been left in place
----------
Key=usbehci
ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbprint
ImagePath=system32\DRIVERS\usbprint.sys - this reference has been left in place
----------
Key=usbscan
ImagePath=system32\DRIVERS\usbscan.sys - this reference has been left in place
----------
Key=usbsermpt
ImagePath=system32\DRIVERS\usbsermpt.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usbuhci
ImagePath=system32\DRIVERS\usbuhci.sys - this reference has been left in place
----------
Key=usnjsvc
ImagePath="C:\Program Files\MSN Messenger\usnsvc.exe" - this reference has been left in place
----------
Key=VAIO Entertainment TV Device Arbitration Service
ImagePath="C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCs\VzHardwareResourceManager\VzHardwareResourceManager.exe" - this reference has been left in place
----------
Key=VAIO Event Service
ImagePath=C:\Program Files\Sony\VAIO Event Service\VESMgr.exe - this reference has been left in place
----------
Key=VAIOMediaPlatform-IntegratedServer-AppServer
ImagePath=C:\Program Files\Sony\VAIO Media Integrated Server\VMISrv.exe - this reference has been left in place
----------
Key=VAIOMediaPlatform-IntegratedServer-HTTP
ImagePath="C:\Program Files\Sony\VAIO Media Integrated Server\Platform\SV_Httpd.exe" /Service=VAIOMediaPlatform-IntegratedServer-HTTP /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="Applications\IntegratedServer\HTTP" - this reference has been left in place
----------
Key=VAIOMediaPlatform-IntegratedServer-UPnP
ImagePath=C:\Program Files\Sony\VAIO Media Integrated Server\Platform\UPnPFramework.exe - this reference has been left in place
----------
Key=VAIOMediaPlatform-Mobile-Gateway
ImagePath="C:\Program Files\Sony\VAIO Media Integrated Server\Platform\VmGateway.exe" /Service=VAIOMediaPlatform-Mobile-Gateway /RegRoot="SOFTWARE\Sony Corporation\VAIO Media Platform\2.0" /RegExt="\Addons\Packages\Mobile\Gateway" /DisplayName="VAIO Media Gateway Server" - this reference has been left in place
----------
Key=VCI
ImagePath=C:\Program Files\Sony\VAIO Cooperated Initialisation\VCI_SVC.exe - this reference has been left in place
----------
Key=Vcsw
ImagePath=C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe -RunBySCM - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%SystemRoot%\System32\vssvc.exe - this reference has been left in place
----------
Key=VzCdbSvc
ImagePath="C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe" - this reference has been left in place
----------
Key=VzFw
ImagePath=C:\Program Files\Fichiers communs\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe - this reference has been left in place
----------
Key=w29n51
ImagePath=system32\DRIVERS\w29n51.sys - this reference has been left in place
----------
Key=Wanarp
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=wdmaud
ImagePath=system32\drivers\wdmaud.sys - this reference has been left in place
----------
Key=winachsf
ImagePath=system32\DRIVERS\HSF_CNXT.sys - this reference has been left in place
----------
Key=winss
ImagePath=C:\Program Files\Microsoft Windows OneCare Live\winss.exe - this reference has been left in place
----------
Key=WmiApSrv
ImagePath=C:\WINDOWS\system32\wbem\wmiapsrv.exe - this reference has been left in place
----------
Key=WS2IFSL
ImagePath=\SystemRoot\System32\drivers\ws2ifsl.sys - this reference has been left in place
----------
Key=WSTCODEC
ImagePath=system32\DRIVERS\WSTCODEC.SYS - this reference has been left in place
----------
Key=ZDPNDIS5
ImagePath=\??\C:\WINDOWS\system32\ZDPNDIS5.SYS - this reference has been removed [file not found to scan]
----------
Key=ZDPSp50
ImagePath=System32\Drivers\ZDPSp50.sys - this reference has been left in place
----------

**************************************************
19:20:19: Scanning -----VXD ENTRIES-----
Checking VMM32 VxD files being loaded

**************************************************
19:20:19: Scanning ----- WINLOGON\NOTIFY DLLS -----
Checking DLLs called from the Winlogon\Notify key:
Key=crypt32chain
DLLName=crypt32.dll - this reference has been left in place
----------
Key=cryptnet
DLLName=cryptnet.dll - this reference has been left in place
----------
Key=cscdll
DLLName=cscdll.dll - this reference has been left in place
----------
Key=igfxcui
DLLName=igfxdev.dll - this reference has been left in place
----------
Key=ScCertProp
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=Schedule
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=sclgntfy
DLLName=sclgntfy.dll - this reference has been left in place
----------
Key=SensLogn
DLLName=WlNotify.dll - this reference has been left in place
----------
Key=termsrv
DLLName=wlnotify.dll - this reference has been left in place
----------
Key=VESWinlogon
DLLName=VESWinlogon.dll - this reference has been left in place
----------
Key=WgaLogon
DLLName=WgaLogon.dll - this reference has been left in place
----------
Key=wlballoon
DLLName=wlnotify.dll - this reference has been left in place
----------

**************************************************
19:20:20: Scanning ----- CONTEXTMENUHANDLERS -----
Key = Adobe.Acrobat.ContextMenu
CLSID = {D25B2CAB-8A9A-4517-A9B2-CB5F68A5A802}
C:\Program Files\Adobe\Acrobat 7.0\Acrobat Elements\ContextMenu.dll - this ContextMenuHandler has been left in place
----------
Key = Fichiers hors connexion
CLSID = {750fdf0e-2a26-11d1-a3ea-080036587f03}
%SystemRoot%\System32\cscui.dll - this ContextMenuHandler has been left in place
----------
Key = ImageConverter2
CLSID = {C6643EC0-49AC-4c15-A455-04104DB900A9}
C:\PROGRA~1\Sony\IMAGEC~1\CtxMenu.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------
Key = SGPDMenu
CLSID = {F6A51CCC-6AA6-46ad-B726-97466F0A38BF}
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdshell.dll - this ContextMenuHandler has been left in place
----------
Key = ShellExtension
CLSID = [empty]
----------
Key = Trojan Remover
CLSID = {52B87208-9CCF-42C9-B88E-069281105805}
C:\PROGRA~1\TROJAN~1\Trshlex.dll - this ContextMenuHandler has been left in place
----------
Key = WinRAR
CLSID = [empty]
----------
Key = {a2a9545d-a0c2-42b4-9708-a0b2badd77c8}
%SystemRoot%\system32\SHELL32.dll - this ContextMenuHandler has been left in place
----------

**************************************************
19:20:21: Scanning ----- FOLDER\COLUMNHANDLERS -----
Key = {0D2E74C4-3C34-11d2-A27E-00C04FC30871}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F01-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {24F14F02-7B1C-11d1-838f-0000F80461CF}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {66742402-F9B9-11D1-A202-0000F81FEDEE}
%SystemRoot%\system32\SHELL32.dll - this Folder\ColumnHandler has been left in place
----------
Key = {F9DB5320-233E-11D1-9F84-707F02C10627}
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\PDFShell.dll - this Folder\ColumnHandler has been left in place
----------

**************************************************
19:20:22: Scanning ----- BROWSER HELPER OBJECTS -----
Key = {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}
C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll - this Browser Helper Object has been left in place
----------
Key = {1017A80C-6F09-4548-A84D-EDD6AC9525F0}
C:\Program Files\Lexmark Toolbar\toolband.dll - this Browser Helper Object has been left in place
----------
Key = {2E03C0FD-4C48-43A7-9A54-00240C70FF16}
C:\WINDOWS\system32\BhoECart.dll - this Browser Helper Object has been left in place
----------
Key = {9030D464-4C02-4ABF-8ECC-5164760863C6}
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll - this Browser Helper Object has been left in place
----------
Key = {AA58ED58-01DD-4d91-8333-CF10577473F7}
c:\program files\google\googletoolbar3.dll - this Browser Helper Object has been left in place
----------
Key = {AF69DE43-7D58-4638-B6FA-CE66B5AD205D}
C:\Program Files\Google\GoogleToolbarNotifier\2.1.615.5858\swg.dll - this Browser Helper Object has been left in place
----------
Key = {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0}
C:\Program Files\Windows Live Toolbar\msntb.dll - this Browser Helper Object has been left in place
----------

**************************************************
19:20:23: Scanning ----- SHELLSERVICEOBJECTS -----
Key = PostBootReminder
CLSID = {7849596a-48ea-486e-8937-a2a3009f31a9}
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = CDBurn
CLSID = {fbeb8a05-beee-4442-804e-409d6c4515e9}
%SystemRoot%\system32\SHELL32.dll - this ShellServiceObject has been left in place
----------
Key = WebCheck
CLSID = {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
%SystemRoot%\system32\webcheck.dll - this ShellServiceObject has been left in place
----------
Key = SysTray
CLSID = {35CEC8A3-2BE6-11D2-8773-92E220524153}
C:\WINDOWS\system32\stobject.dll - this ShellServiceObject has been left in place
----------

**************************************************
19:20:23: Scanning ----- SHAREDTASKSCHEDULER ENTRIES -----
Value = {438755C2-A8BA-11D1-B96B-00A0C90312E1}
Comment = Pré-chargeur Browseui
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------
Value = {8C7461EF-2B13-11d2-BE35-3078302C2030}
Comment = Démon de cache des catégories de composant
File: %SystemRoot%\system32\browseui.dll - this SharedTaskScheduler entry has been left in place
----------

**************************************************
19:20:23: Scanning ----- IMAGEFILE DEBUGGERS -----
No "Debugger" entries found.

**************************************************
19:20:23: Scanning ----- APPINIT_DLLS -----
[AppInitDLLs entry = [C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL]
The following AppInit_DLLs are loaded at boot-time:
C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL - this file has been left in place
----------

**************************************************
19:20:23: Scanning ----- SECURITY PROVIDER DLLS -----
msapsspc.dll - this entry has been left in place
----------
schannel.dll - this entry has been left in place
----------
digest.dll - this entry has been left in place
----------
msnsspc.dll - this entry has been left in place
----------

**************************************************
19:20:24: Scanning ------ COMMON STARTUP GROUP ------
[C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage]
The Common Startup Group attempts to load the following file(s) at boot time:
BTTray.lnk - this links to C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe and has been left in place
--------------------
desktop.ini - this file has been left in place
--------------------
Lancement rapide d'Adobe Reader.lnk - this links to C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe and has been left in place [file not found to scan]
--------------------
NkbMonitor.exe.lnk - this links to C:\Program Files\Nikon\PictureProject\NkbMonitor.exe and has been left in place
--------------------
Outil de mise à jour Google.lnk - this links to C:\Program Files\Google\Google Updater\GoogleUpdater.exe and has been left in place
--------------------
Utilitaire réseau pour SAGEM Wi-Fi 11g USB adapter.lnk - this links to C:\Program Files\SAGEM WiFi manager\WLANUTL.exe and has been left in place
--------------------
VPro500.lnk - this links to C:\WINDOWS\VPro500.exe and has been left in place
--------------------

**************************************************
No User Startup Groups were located to check

**************************************************
19:20:27: Scanning ----- SCHEDULED TASKS -----
Taskname: AppleSoftwareUpdate.job
File: C:\Program Files\Apple Software Update\SoftwareUpdate.exe
Parameters: -task
Next Run Time: 15/11/2007 18:39:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
C:\Program Files\Apple Software Update\SoftwareUpdate.exe - this entry has been left in place
----------
Taskname: MP Scheduled Quick Scan.job
File: C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
Parameters: Scan -RestrictPrivileges -ScanType 1
Next Run Time: Never
Status: La tâche ne sera pas exécutée à l'heure prévue car elle a été désactivée
Creator: SYSTEM
Comments: Scheduled Scan
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe - this entry has been left in place
----------
Taskname: MP Scheduled Scan.job
File: C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
Parameters: Scan -RestrictPrivileges
Next Run Time: 15/11/2007 01:32:00
Status: La tâche n'a pas encore été exécutée
Creator: SYSTEM
Comments: Scheduled Scan
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe - this entry has been left in place
----------
Taskname: MP Scheduled Signature Update.job
File: C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
Parameters: SignatureUpdate
Next Run Time: Never
Status: La tâche ne sera pas exécutée à l'heure prévue car elle a été désactivée
Creator: SYSTEM
Comments: Scheduled Signature Update
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe - this entry has been left in place
----------
Taskname: Vérifier les mises à jour de Windows Live Toolbar.job
File: C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE
Parameters: [blank]
Next Run Time: 14/11/2007 20:05:00
Status: La tâche est prête à s'exécuter à l'heure prévue
Creator: SYSTEM
Comments: [blank]
C:\Program Files\Windows Live Toolbar\MSNTBUP.EXE - this entry has been left in place
----------

**************************************************
19:20:28: ----- ADDITIONAL CHECKS -----
PE386 rootkit checks completed
----------
Winlogon registry rootkit checks completed
----------
Heuristic checks for hidden files/drivers completed
----------
Layered Service Provider entries checks completed
---------
Windows Explorer Policies checks completed
----------

**************************************************
19:20:28: Scanning ------ DOWNLOADED PROGRAM FILES ------
The following files are located in the DOWNLOADED PROGRAM FILES directory:
C:\WINDOWS\Downloaded Program Files\desktop.ini - this file has been left in place
C:\WINDOWS\Downloaded Program Files\dwusplay.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\dwusplay.exe - this file has been left in place
C:\WINDOWS\Downloaded Program Files\erma.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\isusweb.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\kavwebscan.inf - this file has been left in place
C:\WINDOWS\Downloaded Program Files\purfr-fr.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\PURfr-xx.dll - this file has been left in place
C:\WINDOWS\Downloaded Program Files\setup.inf - this file has been left in place

**************************************************
19:20:30: Scanning ----- RUNNING PROCESSES -----
[Only loaded modules not scanned already
during this scan will be scanned here]

C:\WINDOWS\System32\smss.exe
[1 loaded module]
--------------------
C:\WINDOWS\system32\csrss.exe
[16 loaded modules in total]
--------------------
C:\WINDOWS\system32\winlogon.exe
[67 loaded modules in total]
--------------------
C:\WINDOWS\system32\services.exe
[37 loaded modules in total]
--------------------
C:\WINDOWS\system32\lsass.exe
[59 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[49 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[39 loaded modules in total]
--------------------
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
[38 loaded modules in total]
--------------------
C:\WINDOWS\System32\svchost.exe
[151 loaded modules in total]
--------------------
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
[56 loaded modules in total]
--------------------
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
[30 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[32 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[43 loaded modules in total]
--------------------
C:\WINDOWS\Explorer.EXE
[81 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
[82 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Symantec Shared\AppCore\AppSvc32.exe
[29 loaded modules in total]
--------------------
C:\WINDOWS\system32\spoolsv.exe
[67 loaded modules in total]
--------------------
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
[26 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
[22 loaded modules in total]
--------------------
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
[41 loaded modules in total]
--------------------
C:\WINDOWS\System32\FTRTSVC.exe
[14 loaded modules in total]
--------------------
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[26 loaded modules in total]
--------------------
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\lxdiserv.exe
[18 loaded modules in total]
--------------------
C:\WINDOWS\system32\lxdicoms.exe
[33 loaded modules in total]
--------------------
C:\Program Files\MioNet\MioNetManager.exe
[18 loaded modules in total]
--------------------
C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe
[30 loaded modules in total]
--------------------
C:\Program Files\Apoint\Apoint.exe
[35 loaded modules in total]
--------------------
C:\WINDOWS\RTHDCPL.EXE
[41 loaded modules in total]
--------------------
C:\WINDOWS\system32\ICO.EXE
[16 loaded modules in total]
--------------------
C:\Program Files\Sony\VAIO Power Management\SPMgr.exe
[47 loaded modules in total]
--------------------
C:\Program Files\Sony\ISB Utility\ISBMgr.exe
[43 loaded modules in total]
--------------------
C:\Program Files\Sony\VAIO Update 2\VAIOUpdt.exe
[32 loaded modules in total]
--------------------
C:\WINDOWS\system32\nvsvc32.exe
[32 loaded modules in total]
--------------------
C:\Program Files\Utimaco\SafeGuard PrivateDisk\pdservice.exe
[27 loaded modules in total]
--------------------
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
[25 loaded modules in total]
--------------------
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
[22 loaded modules in total]
--------------------
C:\PROGRA~1\MESSAG~1\StartMessager.exe
[29 loaded modules in total]
--------------------
C:\WINDOWS\System32\PAStiSvc.exe
[5 loaded modules in total]
--------------------
C:\WINDOWS\system32\svchost.exe
[40 loaded modules in total]
--------------------
C:\PROGRA~1\Sony\SONICS~1\SsAAD.exe
[25 loaded modules in total]
--------------------
C:\Program Files\Apoint\Apntex.exe
[16 loaded modules in total]
--------------------
C:\Program Files\Globe7\Globe7.exe
[86 loaded modules in total]
--------------------
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
[71 loaded modules in total]
--------------------
C:\WINDOWS\system32\wdfmgr.exe
[16 loaded modules in total]
--------------------
C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
[54 loaded modules in total]
--------------------
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
[65 loaded modules in total]
--------------------
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
0
Réponse 3 / 3
ludivine.
14 nov. 2007 à 20:02
donc j'ai eu sa (voir en haut ) aprés avoir telecharger trojan remover, j'ai effectué le scan et aprés le scan j'ai appuié sur view log.
0

Discussions similaires

L'antivirus ESET NOD32 bloque UPTOBOX ( HTML/ScrInject.B ).
Logan -
Snoopyx -

10 réponses
Présence ou non de cheval de troie ?
hunter55 -
Malekal_morte- -

14 réponses
windows defender cheval de troie
dplonguet -
Faarid.31 -

3 réponses
Cheval de Troie et ordi bloqué!!!
Bouillouck -
Speed-Air -

3 réponses
expressions francaises
bifaka -
lanonyme -

4 réponses