Sujet Précédent Sujet Suivant

Virus Cheval de troie

Normann78 Messages postés 8 Statut Membre -  
Normann78 Messages postés 8 Statut Membre -
Bonjour,

Un virus a pénétré dans mon PC portable
d'après les messages d'erreur lorsque j'essaye d'ouvrir des applications que j'ai téléchargé pour l'erradiquer
il s'agit d'un troyen type win32
Le scan est contourné apparement
voilà un rapport reçu
Si quelqu'un est en mesure de m'apporter une aide
je l'en remercie d'avance :
***** TROJAN REMOVER HAS RESTARTED THE SYSTEM *****
20/05/2008 14:02:34: Trojan Remover has been restarted
HKLM\SYSTEM\CurrentControlSet\Services\srosa - key has been removed
C:\Windows\system32\drivers\srosa.sys has been renamed to C:\Windows\system32\drivers\srosa.sys.ren
C:\Windows\system32\drivers\hldrrr.exe has been renamed to C:\Windows\system32\drivers\hldrrr.exe.ren
C:\Users\Normann\AppData\Roaming\m\flec006.exe has been renamed to C:\Users\Normann\AppData\Roaming\m\flec006.exe.ren
Unable to rename C:\Windows\system32\DRIVERS\vsdatant.sys to C:\Windows\system32\DRIVERS\vsdatant.sys.ren
You may want to run a new scan with Trojan Remover in SAFE mode.
20/05/2008 14:03:22: Trojan Remover closed
************************************************************

***** NORMAL SCAN FOR ACTIVE MALWARE *****
Trojan Remover Ver 6.6.2.2490. For information, email simplysupsupport@aol.com
[Unregistered version]
Scan started at: 20/05/2008 13:51:24
Using Database v6879
Operating System: Windows Vista (Build 6000)
Edition: Windows Vista (TM) Home Basic
Data directory: C:\Users\Normann\AppData\Roaming\Simply Super Software\Trojan Remover\
Logfile directory: C:\Users\Normann\Documents\Simply Super Software\Trojan Remover Logfiles\
Program directory: C:\Program Files\Trojan Remover\
Running with Administrator privileges

**************************************************
Checking Registry exefile command for modifications
Checking Registry comfile command for modifications
Checking Registry piffile command for modifications
Checking Registry batfile command for modifications
Checking Registry regfile command for modifications
Checking Registry cmdfile command for modifications
Checking Registry scrfile command for modifications

**************************************************
13:51:24: Scanning ----------WIN.INI-----------
WIN.INI found in C:\Windows

**************************************************
13:51:24: Scanning --------SYSTEM.INI---------
SYSTEM.INI found in C:\Windows

**************************************************
13:51:24: ----- SCANNING FOR ROOTKIT SERVICES -----
Hidden Service Keyname: srosa
C:\Windows\system32\drivers\srosa.sys - file ownership assigned to: PC-de-Normann\Normann
File (not hidden): \??\C:\Windows\system32\drivers\srosa.sys has been marked for renaming during PC restart
----------

**************************************************
13:52:49: Scanning -----WINDOWS REGISTRY-----
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\WinLogon
This key's "Shell" value calls the following program(s):
Explorer.exe - this entry has been left in place
----------
This key's "Userinit" value calls the following program(s):
C:\Windows\system32\userinit.exe - this entry has been left in place
----------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
--------------------
Checking HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows
Value Name = load
The Data Value for this entry appears to be blank
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name = Windows Defender
Value Data = %ProgramFiles%\Windows Defender\MSASCui.exe -hide - this command has been left in place
--------------------
Value Name = SoundMAXPnP
Value Data = C:\Program Files\Analog Devices\Core\smax4pnp.exe - this command has been left in place
--------------------
Value Name = PDF Complete
Value Data = C:\Program Files\PDF Complete\pdfsty.exe - this command has been left in place
--------------------
Value Name = PTHOSTTR
Value Data = C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start - this command has been left in place
--------------------
Value Name = SynTPEnh
Value Data = C:\Program Files\Synaptics\SynTP\SynTPEnh.exe - this command has been left in place
--------------------
Value Name = hpWirelessAssistant
Value Data = %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe - this command has been left in place
--------------------
Value Name = WAWifiMessage
Value Data = %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe - this command has been left in place
--------------------
Value Name = QlbCtrl
Value Data = %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start - this command has been left in place
--------------------
Value Name = HP Software Update
Value Data = c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe - this command has been left in place
--------------------
Value Name = HP Health Check Scheduler
Value Data = C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe - this command has been left in place
--------------------
Value Name = CognizanceTS
Value Data = rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule - this command has been left in place
--------------------
Value Name = NeroFilterCheck
Value Data = C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe - this command has been left in place
--------------------
Value Name = TkBellExe
Value Data = C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot - this command has been left in place
--------------------
Value Name = avast!
Value Data = C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe - this command has been left in place
--------------------
Value Name =
The Value Data for this entry appears to be blank
--------------------
Value Name = QuickTime Task
Value Data = C:\Program Files\QuickTime\qttask.exe" -atboottime - this command has been left in place
--------------------
Value Name = ZoneAlarm Client
Value Data = C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe - this command has been left in place
--------------------
Value Name = TrojanScanner
Value Data = C:\Program Files\Trojan Remover\Trjscan.exe - this program is Trojan Remover's own scan file
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key attempts to run the following program(s):
Value Name = ST Recovery Launcher
Value Data = %WINDIR%\SMINST\launcher.exe - this command has been left in place
--------------------
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices
This Registry Key appears to be empty
--------------------
Checking HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnceEx
This Registry Key attempts to run the following program(s):
Value Name =
The Value Data for this entry appears to be blank
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\Run
This Registry Key attempts to run the following program(s):
Value Name =
The Value Data for this entry appears to be blank
--------------------
Value Name = StartCCC
Value Data = c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe - this command has been left in place
--------------------
Value Name = BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}
Value Data = C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe - this command has been left in place
--------------------
Value Name = MyWebSearch Email Plugin
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe - running process located and terminated
Value Data = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe - appears to contain ADWARE.MYWEBSEARCH
Value Data = C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe - this command has been removed
C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe has been renamed to: C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwsoemon.exe.ren
--------------------
Value Name = SpybotSD TeaTimer
Value Data = C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe - this command has been left in place
--------------------
--------------------
Checking HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce
This Registry Key appears to be empty

**************************************************
13:53:00: Scanning -----SHELLEXECUTEHOOKS-----
ShellExecuteHooks key is empty

**************************************************
13:53:00: Scanning -----HIDDEN REGISTRY ENTRIES-----
Taskdir check completed
----------
Hidden Registry Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ValueName: drvsyskit
Value: C:\Windows\system32\drivers\hldrrr.exe
drvsyskit - this registry value could not be removed
[ACCESS ERROR]: unable to access the following registry key:
HKCU\\ Software\Microsoft\Windows\CurrentVersion\Run\ "drvsyskit"
C:\Windows\system32\drivers\hldrrr.exe - process is either not running or could not be terminated
C:\Windows\system32\drivers\hldrrr.exe - file ownership assigned to: PC-de-Normann\Normann
C:\Windows\system32\drivers\hldrrr.exe - process is either not running or could not be terminated
C:\Windows\system32\drivers\hldrrr.exe - file has been marked for renaming during PC restart
----------
Hidden Registry Key: HKCU\Software\Microsoft\Windows\CurrentVersion\Run
ValueName: mule_st_key
Value: C:\Users\Normann\AppData\Roaming\m\flec006.exe
C:\Users\Normann\AppData\Roaming\m\flec006.exe appears to contain: WORM.MOOLER
mule_st_key - this registry value could not be removed
[ACCESS ERROR]: unable to access the following registry key:
HKCU\\ Software\Microsoft\Windows\CurrentVersion\Run\ "mule_st_key"
C:\Users\Normann\AppData\Roaming\m\flec006.exe - process is either not running or could not be terminated
C:\Users\Normann\AppData\Roaming\m\flec006.exe - file ownership assigned to: PC-de-Normann\Normann
C:\Users\Normann\AppData\Roaming\m\flec006.exe - process is either not running or could not be terminated
C:\Users\Normann\AppData\Roaming\m\flec006.exe - file has been marked for renaming during PC restart
----------

**************************************************
13:53:52: Scanning -----ACTIVE SCREENSAVER-----
No active ScreenSaver found to scan.

**************************************************
13:53:52: Scanning ----- REGISTRY ACTIVE SETUP KEYS -----
Checking the StubPath calls in the Active Setup\Installed Components registry keys:
Key=>{22d6f312-b0f6-11d0-94ab-0080c74c7e95}
StubPath=C:\Windows\system32\unregmp2.exe - this reference has been left in place
----------
Key=>{26923b43-4d38-484f-9b9e-de460746276c}
StubPath=C:\Windows\system32\ie4uinit.exe - this reference has been left in place
----------
Key=ccc-core-static
StubPath=msi - this reference has been left in place
----------
Key={10880D85-AAD9-4558-ABDC-2AB1552D831F}
StubPath=C:\Program Files\Common Files\LightScribe\LSRunOnce.exe - this reference has been left in place
----------
Key={2C7339CF-2B09-4501-B3F3-F3508C9228ED}
StubPath=C:\Windows\system32\regsvr32.exe - this reference has been left in place
----------
Key={44BBA840-CC51-11CF-AAFA-00AA00B6015C}
StubPath=C:\Program Files\Windows Mail\WinMail.exe - this reference has been left in place
----------
Key={6BF52A52-394A-11d3-B153-00C04F79FAA6}
StubPath=C:\Windows\system32\unregmp2.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4340}
StubPath=regsvr32.exe - this reference has been left in place
----------
Key={89820200-ECBD-11cf-8B85-00AA005B4383}
StubPath=C:\Windows\system32\ie4uinit.exe - this reference has been left in place
----------

**************************************************
13:53:54: Scanning ----- SERVICEDLL REGISTRY KEYS -----
Checking DLL files called from the CurrentControlSet\Services Keys:
--------------------
Key=AeLookupSvc
ServiceDLL=%SystemRoot%\System32\aelupsvc.dll - this reference has been left in place
--------------------
Key=Appinfo
ServiceDLL=%SystemRoot%\System32\appinfo.dll - this reference has been left in place
--------------------
Key=ASBroker
ServiceDLL=C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll - this reference has been left in place
--------------------
Key=ASChannel
ServiceDLL=C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll - this reference has been left in place
--------------------
Key=AudioEndpointBuilder
ServiceDLL=%SystemRoot%\System32\Audiosrv.dll - this reference has been left in place
--------------------
Key=Audiosrv
ServiceDLL=%SystemRoot%\System32\Audiosrv.dll - this reference has been left in place
--------------------
Key=BFE
ServiceDLL=%SystemRoot%\System32\bfe.dll - this reference has been left in place
--------------------
Key=BITS
ServiceDLL=%SystemRoot%\System32\qmgr.dll - this reference has been left in place
--------------------
Key=Browser
ServiceDLL=%SystemRoot%\System32\browser.dll - this reference has been left in place
--------------------
Key=BthServ
ServiceDLL=%SystemRoot%\System32\bthserv.dll - this reference has been left in place
--------------------
Key=CertPropSvc
ServiceDLL=%SystemRoot%\System32\certprop.dll - this reference has been left in place
--------------------
Key=CryptSvc
ServiceDLL=%SystemRoot%\system32\cryptsvc.dll - this reference has been left in place
--------------------
Key=DcomLaunch
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=Dhcp
ServiceDLL=%SystemRoot%\System32\dhcpcsvc.dll - this reference has been left in place
--------------------
Key=Dnscache
ServiceDLL=%SystemRoot%\System32\dnsrslvr.dll - this reference has been left in place
--------------------
Key=dot3svc
ServiceDLL=%SystemRoot%\System32\dot3svc.dll - this reference has been left in place
--------------------
Key=DPS
ServiceDLL=%SystemRoot%\system32\dps.dll - this reference has been left in place
--------------------
Key=EapHost
ServiceDLL=%SystemRoot%\System32\eapsvc.dll - this reference has been left in place
--------------------
Key=EMDMgmt
ServiceDLL=%systemroot%\system32\emdmgmt.dll - this reference has been left in place
--------------------
Key=EventSystem
ServiceDLL=%systemroot%\system32\es.dll - this reference has been left in place
--------------------
Key=fdPHost
ServiceDLL=%SystemRoot%\system32\fdPHost.dll - this reference has been left in place
--------------------
Key=FDResPub
ServiceDLL=%SystemRoot%\system32\fdrespub.dll - this reference has been left in place
--------------------
Key=gpsvc
ServiceDLL=%SystemRoot%\System32\gpsvc.dll - this reference has been left in place
--------------------
Key=hidserv
ServiceDLL=%SystemRoot%\system32\hidserv.dll - this reference has been left in place
--------------------
Key=hkmsvc
ServiceDLL=%SystemRoot%\system32\kmsvc.dll - this reference has been left in place
--------------------
Key=IKEEXT
ServiceDLL=%SystemRoot%\System32\ikeext.dll - this reference has been left in place
--------------------
Key=IPBusEnum
ServiceDLL=%SystemRoot%\system32\ipbusenum.dll - this reference has been left in place
--------------------
Key=iphlpsvc
ServiceDLL=%SystemRoot%\System32\iphlpsvc.dll - this reference has been left in place
--------------------
Key=KtmRm
ServiceDLL=%systemroot%\system32\msdtckrm.dll - this reference has been left in place
--------------------
Key=LanmanServer
ServiceDLL=%SystemRoot%\system32\srvsvc.dll - this reference has been left in place
--------------------
Key=LanmanWorkstation
ServiceDLL=%SystemRoot%\System32\wkssvc.dll - this reference has been left in place
--------------------
Key=lltdsvc
ServiceDLL=%SystemRoot%\System32\lltdsvc.dll - this reference has been left in place
--------------------
Key=lmhosts
ServiceDLL=%SystemRoot%\System32\lmhsvc.dll - this reference has been left in place
--------------------
Key=MMCSS
ServiceDLL=%SystemRoot%\system32\mmcss.dll - this reference has been left in place
--------------------
Key=MpsSvc
ServiceDLL=%SystemRoot%\system32\mpssvc.dll - this reference has been left in place
--------------------
Key=MSiSCSI
ServiceDLL=%systemroot%\system32\iscsiexe.dll - this reference has been left in place
--------------------
Key=napagent
ServiceDLL=%SystemRoot%\system32\qagentRT.dll - this reference has been left in place
--------------------
Key=Netman
ServiceDLL=%SystemRoot%\System32\netman.dll - this reference has been left in place
--------------------
Key=netprofm
ServiceDLL=%SystemRoot%\System32\netprofm.dll - this reference has been left in place
--------------------
Key=NlaSvc
ServiceDLL=%SystemRoot%\System32\nlasvc.dll - this reference has been left in place
--------------------
Key=nsi
ServiceDLL=%systemroot%\system32\nsisvc.dll - this reference has been left in place
--------------------
Key=p2pimsvc
ServiceDLL=%SystemRoot%\system32\p2psvc.dll - this reference has been left in place
--------------------
Key=p2psvc
ServiceDLL=%SystemRoot%\system32\p2psvc.dll - this reference has been left in place
--------------------
Key=PcaSvc
ServiceDLL=%SystemRoot%\System32\pcasvc.dll - this reference has been left in place
--------------------
Key=pla
ServiceDLL=%systemroot%\system32\pla.dll - this reference has been left in place
--------------------
Key=PlugPlay
ServiceDLL=%SystemRoot%\system32\umpnpmgr.dll - this reference has been left in place
--------------------
Key=PNRPAutoReg
ServiceDLL=%SystemRoot%\system32\p2psvc.dll - this reference has been left in place
--------------------
Key=PNRPsvc
ServiceDLL=%SystemRoot%\system32\p2psvc.dll - this reference has been left in place
--------------------
Key=PolicyAgent
ServiceDLL=%SystemRoot%\System32\ipsecsvc.dll - this reference has been left in place
--------------------
Key=ProfSvc
ServiceDLL=%systemroot%\system32\profsvc.dll - this reference has been left in place
--------------------
Key=QWAVE
ServiceDLL=%windir%\system32\qwave.dll - this reference has been left in place
--------------------
Key=RasAuto
ServiceDLL=%SystemRoot%\System32\rasauto.dll - this reference has been left in place
--------------------
Key=RasMan
ServiceDLL=%SystemRoot%\System32\rasmans.dll - this reference has been left in place
--------------------
Key=RemoteAccess
ServiceDLL=%SystemRoot%\System32\mprdim.dll - this reference has been left in place
--------------------
Key=RemoteRegistry
ServiceDLL=%SystemRoot%\system32\regsvc.dll - this reference has been left in place
--------------------
Key=RpcSs
ServiceDLL=%SystemRoot%\system32\rpcss.dll - this reference has been left in place
--------------------
Key=SCardSvr
ServiceDLL=%SystemRoot%\System32\SCardSvr.dll - this reference has been left in place
--------------------
Key=Schedule
ServiceDLL=%systemroot%\system32\schedsvc.dll - this reference has been left in place
--------------------
Key=SCPolicySvc
ServiceDLL=%SystemRoot%\System32\certprop.dll - this reference has been left in place
--------------------
Key=SDRSVC
ServiceDLL=%Systemroot%\System32\SDRSVC.dll - this reference has been left in place
--------------------
Key=seclogon
ServiceDLL=%windir%\system32\seclogon.dll - this reference has been left in place
--------------------
Key=SENS
ServiceDLL=%SystemRoot%\System32\sens.dll - this reference has been left in place
--------------------
Key=SessionEnv
ServiceDLL=%SystemRoot%\system32\sessenv.dll - this reference has been left in place
--------------------
Key=SharedAccess
ServiceDLL=%SystemRoot%\System32\ipnathlp.dll - this reference has been left in place
--------------------
Key=ShellHWDetection
ServiceDLL=%SystemRoot%\System32\shsvcs.dll - this reference has been left in place
--------------------
Key=SLUINotify
ServiceDLL=%SystemRoot%\system32\SLUINotify.dll - this reference has been left in place
--------------------
Key=SSDPSRV
ServiceDLL=%SystemRoot%\System32\ssdpsrv.dll - this reference has been left in place
--------------------
Key=stisvc
ServiceDLL=%SystemRoot%\System32\wiaservc.dll - this reference has been left in place
--------------------
Key=swprv
ServiceDLL=%Systemroot%\System32\swprv.dll - this reference has been left in place
--------------------
Key=SysMain
ServiceDLL=%systemroot%\system32\sysmain.dll - this reference has been left in place
--------------------
Key=TabletInputService
ServiceDLL=%SystemRoot%\System32\TabSvc.dll - this reference has been left in place
--------------------
Key=TapiSrv
ServiceDLL=%SystemRoot%\System32\tapisrv.dll - this reference has been left in place
--------------------
Key=TBS
ServiceDLL=%SystemRoot%\System32\tbssvc.dll - this reference has been left in place
--------------------
Key=TermService
ServiceDLL=%SystemRoot%\System32\termsrv.dll - this reference has been left in place
--------------------
Key=Themes
ServiceDLL=%SystemRoot%\system32\shsvcs.dll - this reference has been left in place
--------------------
Key=THREADORDER
ServiceDLL=%SystemRoot%\system32\mmcss.dll - this reference has been left in place
--------------------
Key=TrkWks
ServiceDLL=%SystemRoot%\System32\trkwks.dll - this reference has been left in place
--------------------
Key=upnphost
ServiceDLL=%SystemRoot%\System32\upnphost.dll - this reference has been left in place
--------------------
Key=UxSms
ServiceDLL=%SystemRoot%\System32\uxsms.dll - this reference has been left in place
--------------------
Key=W32Time
ServiceDLL=%systemroot%\system32\w32time.dll - this reference has been left in place
--------------------
Key=wcncsvc
ServiceDLL=%SystemRoot%\System32\wcncsvc.dll - this reference has been left in place
--------------------
Key=WcsPlugInService
ServiceDLL=%SystemRoot%\System32\WcsPlugInService.dll - this reference has been left in place
--------------------
Key=WdiServiceHost
ServiceDLL=%SystemRoot%\system32\wdi.dll - this reference has been left in place
--------------------
Key=WdiSystemHost
ServiceDLL=%SystemRoot%\system32\wdi.dll - this reference has been left in place
--------------------
Key=WebClient
ServiceDLL=%SystemRoot%\System32\webclnt.dll - this reference has been left in place
--------------------
Key=Wecsvc
ServiceDLL=%SystemRoot%\system32\wecsvc.dll - this reference has been left in place
--------------------
Key=wercplsupport
ServiceDLL=%SystemRoot%\System32\wercplsupport.dll - this reference has been left in place
--------------------
Key=WerSvc
ServiceDLL=%SystemRoot%\System32\WerSvc.dll - this reference has been left in place
--------------------
Key=WinDefend
ServiceDLL=%ProgramFiles%\Windows Defender\mpsvc.dll - this reference has been left in place
--------------------
Key=WinHttpAutoProxySvc
ServiceDLL=winhttp.dll - this reference has been left in place
--------------------
Key=Winmgmt
ServiceDLL=%SystemRoot%\system32\wbem\WMIsvc.dll - this reference has been left in place
--------------------
Key=WinRM
ServiceDLL=%SystemRoot%\system32\WsmSvc.dll - this reference has been left in place
--------------------
Key=Wlansvc
ServiceDLL=%SystemRoot%\System32\wlansvc.dll - this reference has been left in place
--------------------
Key=WPCSvc
ServiceDLL=%SystemRoot%\System32\wpcsvc.dll - this reference has been left in place
--------------------
Key=WPDBusEnum
ServiceDLL=%SystemRoot%\system32\wpdbusenum.dll - this reference has been left in place
--------------------
Key=wscsvc
ServiceDLL=%SystemRoot%\System32\wscsvc.dll - this reference has been left in place
--------------------
Key=wuauserv
ServiceDLL=%systemroot%\system32\wuaueng.dll - this reference has been left in place
--------------------
Key=wudfsvc
ServiceDLL=%SystemRoot%\System32\WUDFSvc.dll - this reference has been left in place

**************************************************
13:54:04: Scanning ----- SERVICES REGISTRY KEYS -----
Checking files called from the CurrentControlSet\Services Keys:
Key=ACPI
ImagePath=system32\drivers\acpi.sys - this reference has been left in place
----------
Key=ADIHdAudAddService
ImagePath=system32\drivers\ADIHdAud.sys - this reference has been left in place
----------
Key=adp94xx
ImagePath=\SystemRoot\system32\drivers\adp94xx.sys - this reference has been left in place
----------
Key=adpahci
ImagePath=\SystemRoot\system32\drivers\adpahci.sys - this reference has been left in place
----------
Key=adpu160m
ImagePath=\SystemRoot\system32\drivers\adpu160m.sys - this reference has been left in place
----------
Key=adpu320
ImagePath=\SystemRoot\system32\drivers\adpu320.sys - this reference has been left in place
----------
Key=AFD
ImagePath=\SystemRoot\system32\drivers\afd.sys - this reference has been left in place
----------
Key=AgereModemAudio
ImagePath=C:\Windows\system32\agrsmsvc.exe - this reference has been left in place
----------
Key=AgereSoftModem
ImagePath=system32\DRIVERS\AGRSM.sys - this reference has been left in place
----------
Key=agp440
ImagePath=\SystemRoot\system32\drivers\agp440.sys - this reference has been left in place
----------
Key=aic78xx
ImagePath=\SystemRoot\system32\drivers\djsvs.sys - this reference has been left in place
----------
Key=ALG
ImagePath=%SystemRoot%\System32\alg.exe - this reference has been left in place
----------
Key=aliide
ImagePath=\SystemRoot\system32\drivers\aliide.sys - this reference has been left in place
----------
Key=amdagp
ImagePath=\SystemRoot\system32\drivers\amdagp.sys - this reference has been left in place
----------
Key=amdide
ImagePath=\SystemRoot\system32\drivers\amdide.sys - this reference has been left in place
----------
Key=AmdK7
ImagePath=\SystemRoot\system32\drivers\amdk7.sys - this reference has been left in place
----------
Key=AmdK8
ImagePath=system32\DRIVERS\amdk8.sys - this reference has been left in place
----------
Key=arc
ImagePath=\SystemRoot\system32\drivers\arc.sys - this reference has been left in place
----------
Key=arcsas
ImagePath=\SystemRoot\system32\drivers\arcsas.sys - this reference has been left in place
----------
Key=aswFsBlk
ImagePath=system32\DRIVERS\aswFsBlk.sys - this reference has been left in place
----------
Key=aswMonFlt
ImagePath=system32\DRIVERS\aswMonFlt.sys - this reference has been left in place
----------
Key=aswUpdSv
ImagePath="C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe" - this reference has been left in place
----------
Key=AsyncMac
ImagePath=system32\DRIVERS\asyncmac.sys - this reference has been left in place
----------
Key=atapi
ImagePath=system32\drivers\atapi.sys - this reference has been left in place
----------
Key=Ati External Event Utility
ImagePath=%SystemRoot%\system32\Ati2evxx.exe - this reference has been left in place
----------
Key=AtiPcie
ImagePath=system32\DRIVERS\AtiPcie.sys - this reference has been left in place
----------
Key=ATSWPDRV
ImagePath=system32\DRIVERS\ATSwpDrv.sys - this reference has been left in place
----------
Key=avast! Antivirus
ImagePath="C:\Program Files\Alwil Software\Avast4\ashServ.exe" - this reference has been left in place
----------
Key=avast! Mail Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service - this reference has been left in place
----------
Key=avast! Web Scanner
ImagePath="C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service - this reference has been left in place
----------
Key=b57nd60x
ImagePath=system32\DRIVERS\b57nd60x.sys - this reference has been left in place
----------
Key=BCM43XV
ImagePath=system32\DRIVERS\bcmwl6.sys - this reference has been left in place
----------
Key=BCM43XX
ImagePath=system32\DRIVERS\bcmwl6.sys - this reference has been left in place
----------
Key=blbdrive
ImagePath=\SystemRoot\system32\drivers\blbdrive.sys - file is missing - alert is globally excluded
----------
Key=bowser
ImagePath=system32\DRIVERS\bowser.sys - this reference has been left in place
----------
Key=BrFiltLo
ImagePath=\SystemRoot\system32\drivers\brfiltlo.sys - this reference has been left in place
----------
Key=BrFiltUp
ImagePath=\SystemRoot\system32\drivers\brfiltup.sys - this reference has been left in place
----------
Key=Brserid
ImagePath=\SystemRoot\system32\drivers\brserid.sys - this reference has been left in place
----------
Key=BrSerWdm
ImagePath=\SystemRoot\system32\drivers\brserwdm.sys - this reference has been left in place
----------
Key=BrUsbMdm
ImagePath=\SystemRoot\system32\drivers\brusbmdm.sys - this reference has been left in place
----------
Key=BrUsbSer
ImagePath=\SystemRoot\system32\drivers\brusbser.sys - this reference has been left in place
----------
Key=BthEnum
ImagePath=system32\DRIVERS\BthEnum.sys - this reference has been left in place
----------
Key=BTHMODEM
ImagePath=\SystemRoot\system32\drivers\bthmodem.sys - this reference has been left in place
----------
Key=BthPan
ImagePath=system32\DRIVERS\bthpan.sys - this reference has been left in place
----------
Key=BTHPORT
ImagePath=System32\Drivers\BTHport.sys - this reference has been left in place
----------
Key=BTHUSB
ImagePath=System32\Drivers\BTHUSB.sys - this reference has been left in place
----------
Key=cdfs
ImagePath=system32\DRIVERS\cdfs.sys - this reference has been left in place
----------
Key=cdrom
ImagePath=system32\DRIVERS\cdrom.sys - this reference has been left in place
----------
Key=circlass
ImagePath=\SystemRoot\system32\drivers\circlass.sys - this reference has been left in place
----------
Key=CLFS
ImagePath=System32\CLFS.sys - this reference has been left in place
----------
Key=clr_optimization_v2.0.50727_32
ImagePath=%systemroot%\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe - this reference has been left in place
----------
Key=CmBatt
ImagePath=system32\DRIVERS\CmBatt.sys - this reference has been left in place
----------
Key=cmdide
ImagePath=\SystemRoot\system32\drivers\cmdide.sys - this reference has been left in place
----------
Key=Com4Qlb
ImagePath="C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe" - this reference has been left in place
----------
Key=Compbatt
ImagePath=system32\DRIVERS\compbatt.sys - this reference has been left in place
----------
Key=COMSysApp
ImagePath=%SystemRoot%\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235} - this reference has been left in place
----------
Key=crcdisk
ImagePath=system32\drivers\crcdisk.sys - this reference has been left in place
----------
Key=Crusoe
ImagePath=\SystemRoot\system32\drivers\crusoe.sys - this reference has been left in place
----------
Key=DfsC
ImagePath=System32\Drivers\dfsc.sys - this reference has been left in place
----------
Key=DFSR
ImagePath=%SystemRoot%\system32\DFSR.exe - this reference has been left in place
----------
Key=disk
ImagePath=system32\drivers\disk.sys - this reference has been left in place
----------
Key=drmkaud
ImagePath=system32\drivers\drmkaud.sys - this reference has been left in place
----------
Key=DXGKrnl
ImagePath=\SystemRoot\System32\drivers\dxgkrnl.sys - this reference has been left in place
----------
Key=E1G60
ImagePath=system32\DRIVERS\E1G60I32.sys - this reference has been left in place
----------
Key=eabfiltr
ImagePath=system32\DRIVERS\eabfiltr.sys - this reference has been left in place
----------
Key=Ecache
ImagePath=System32\drivers\ecache.sys - this reference has been left in place
----------
Key=elxstor
ImagePath=\SystemRoot\system32\drivers\elxstor.sys - this reference has been left in place
----------
Key=fdc
ImagePath=system32\DRIVERS\fdc.sys - this reference has been left in place
----------
Key=FileInfo
ImagePath=system32\drivers\fileinfo.sys - this reference has been left in place
----------
Key=Filetrace
ImagePath=system32\drivers\filetrace.sys - this reference has been left in place
----------
Key=flpydisk
ImagePath=system32\DRIVERS\flpydisk.sys - this reference has been left in place
----------
Key=FltMgr
ImagePath=system32\drivers\fltmgr.sys - this reference has been left in place
----------
Key=FontCache3.0.0.0
ImagePath=%systemroot%\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe - this reference has been left in place
----------
Key=gagp30kx
ImagePath=\SystemRoot\system32\drivers\gagp30kx.sys - this reference has been left in place
----------
Key=gusvc
ImagePath="C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe" - this reference has been left in place
----------
Key=HBtnKey
ImagePath=system32\DRIVERS\cpqbttn.sys - this reference has been left in place
----------
Key=HdAudAddService
ImagePath=system32\drivers\HdAudio.sys - this reference has been left in place
----------
Key=HDAudBus
ImagePath=system32\DRIVERS\HDAudBus.sys - this reference has been left in place
----------
Key=HidBth
ImagePath=\SystemRoot\system32\drivers\hidbth.sys - this reference has been left in place
----------
Key=HidIr
ImagePath=\SystemRoot\system32\drivers\hidir.sys - this reference has been left in place
----------
Key=HidUsb
ImagePath=system32\DRIVERS\hidusb.sys - this reference has been left in place
----------
Key=HP Health Check Service
ImagePath="C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe" - this reference has been left in place
----------
Key=HpCISSs
ImagePath=\SystemRoot\system32\drivers\hpcisss.sys - this reference has been left in place
----------
Key=hpqwmiex
ImagePath=C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe - this reference has been left in place
----------
Key=HSFHWAZL
ImagePath=system32\DRIVERS\VSTAZL3.SYS - this reference has been left in place
----------
Key=HSF_DPV
ImagePath=system32\DRIVERS\VSTDPV3.SYS - this reference has been left in place
----------
Key=HTTP
ImagePath=system32\drivers\HTTP.sys - this reference has been left in place
----------
Key=i2omp
ImagePath=\SystemRoot\system32\drivers\i2omp.sys - this reference has been left in place
----------
Key=i8042prt
ImagePath=system32\DRIVERS\i8042prt.sys - this reference has been left in place
----------
Key=iaStorV
ImagePath=\SystemRoot\system32\drivers\iastorv.sys - this reference has been left in place
----------
Key=IDriverT
ImagePath="C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe" - this reference has been left in place
----------
Key=idsvc
ImagePath="%systemroot%\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe" - this reference has been left in place
----------
Key=iirsp
ImagePath=\SystemRoot\system32\drivers\iirsp.sys - this reference has been left in place
----------
Key=intelide
ImagePath=\SystemRoot\system32\drivers\intelide.sys - this reference has been left in place
----------
Key=intelppm
ImagePath=system32\DRIVERS\intelppm.sys - this reference has been left in place
----------
Key=IpFilterDriver
ImagePath=system32\DRIVERS\ipfltdrv.sys - this reference has been left in place
----------
Key=IpInIp
ImagePath=system32\DRIVERS\ipinip.sys - file is missing - alert is globally excluded
----------
Key=IPMIDRV
ImagePath=\SystemRoot\system32\drivers\ipmidrv.sys - this reference has been left in place
----------
Key=IPNAT
ImagePath=system32\DRIVERS\ipnat.sys - this reference has been left in place
----------
Key=IRENUM
ImagePath=system32\drivers\irenum.sys - this reference has been left in place
----------
Key=isapnp
ImagePath=\SystemRoot\system32\drivers\isapnp.sys - this reference has been left in place
----------
Key=iScsiPrt
ImagePath=system32\DRIVERS\msiscsi.sys - this reference has been left in place
----------
Key=iteatapi
ImagePath=\SystemRoot\system32\drivers\iteatapi.sys - this reference has been left in place
----------
Key=iteraid
ImagePath=\SystemRoot\system32\drivers\iteraid.sys - this reference has been left in place
----------
Key=kbdclass
ImagePath=system32\DRIVERS\kbdclass.sys - this reference has been left in place
----------
Key=kbdhid
ImagePath=system32\DRIVERS\kbdhid.sys - this reference has been left in place
----------
Key=KeyIso
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=KSecDD
ImagePath=System32\Drivers\ksecdd.sys - this reference has been left in place
----------
Key=LightScribeService
ImagePath="C:\Program Files\Common Files\LightScribe\LSSrvc.exe" - this reference has been left in place
----------
Key=lltdio
ImagePath=system32\DRIVERS\lltdio.sys - this reference has been left in place
----------
Key=LSI_FC
ImagePath=\SystemRoot\system32\drivers\lsi_fc.sys - this reference has been left in place
----------
Key=LSI_SAS
ImagePath=\SystemRoot\system32\drivers\lsi_sas.sys - this reference has been left in place
----------
Key=LSI_SCSI
ImagePath=\SystemRoot\system32\drivers\lsi_scsi.sys - this reference has been left in place
----------
Key=luafv
ImagePath=\SystemRoot\system32\drivers\luafv.sys - this reference has been left in place
----------
Key=megasas
ImagePath=\SystemRoot\system32\drivers\megasas.sys - this reference has been left in place
----------
Key=Modem
ImagePath=system32\drivers\modem.sys - this reference has been left in place
----------
Key=monitor
ImagePath=system32\DRIVERS\monitor.sys - this reference has been left in place
----------
Key=mouclass
ImagePath=system32\DRIVERS\mouclass.sys - this reference has been left in place
----------
Key=mouhid
ImagePath=system32\DRIVERS\mouhid.sys - this reference has been left in place
----------
Key=MountMgr
ImagePath=System32\drivers\mountmgr.sys - this reference has been left in place
----------
Key=mpio
ImagePath=\SystemRoot\system32\drivers\mpio.sys - this reference has been left in place
----------
Key=mpsdrv
ImagePath=System32\drivers\mpsdrv.sys - this reference has been left in place
----------
Key=Mraid35x
ImagePath=\SystemRoot\system32\drivers\mraid35x.sys - this reference has been left in place
----------
Key=MRxDAV
ImagePath=\SystemRoot\system32\drivers\mrxdav.sys - this reference has been left in place
----------
Key=mrxsmb
ImagePath=system32\DRIVERS\mrxsmb.sys - this reference has been left in place
----------
Key=mrxsmb10
ImagePath=system32\DRIVERS\mrxsmb10.sys - this reference has been left in place
----------
Key=mrxsmb20
ImagePath=system32\DRIVERS\mrxsmb20.sys - this reference has been left in place
----------
Key=msahci
ImagePath=\SystemRoot\system32\drivers\msahci.sys - this reference has been left in place
----------
Key=msdsm
ImagePath=\SystemRoot\system32\drivers\msdsm.sys - this reference has been left in place
----------
Key=MSDTC
ImagePath=%SystemRoot%\System32\msdtc.exe - this reference has been left in place
----------
Key=msisadrv
ImagePath=system32\drivers\msisadrv.sys - this reference has been left in place
----------
Key=MSIServer
ImagePath=C:\Windows\system32\msiexec.exe /V - this reference has been left in place
----------
Key=MSKSSRV
ImagePath=system32\drivers\MSKSSRV.sys - this reference has been left in place
----------
Key=MSPCLOCK
ImagePath=system32\drivers\MSPCLOCK.sys - this reference has been left in place
----------
Key=MSPQM
ImagePath=system32\drivers\MSPQM.sys - this reference has been left in place
----------
Key=mssmbios
ImagePath=system32\DRIVERS\mssmbios.sys - this reference has been left in place
----------
Key=MSTEE
ImagePath=system32\drivers\MSTEE.sys - this reference has been left in place
----------
Key=Mup
ImagePath=System32\Drivers\mup.sys - this reference has been left in place
----------
Key=MyWebSearchService
ImagePath=C:\PROGRA~1\MYWEBS~1\bar\1.bin\mwssvc.exe - this reference has been left in place
----------
Key=NativeWifiP
ImagePath=system32\DRIVERS\nwifi.sys - this reference has been left in place
----------
Key=NBService
ImagePath=C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe - this reference has been left in place
----------
Key=NDIS
ImagePath=system32\drivers\ndis.sys - this reference has been left in place
----------
Key=NdisTapi
ImagePath=system32\DRIVERS\ndistapi.sys - this reference has been left in place
----------
Key=Ndisuio
ImagePath=system32\DRIVERS\ndisuio.sys - this reference has been left in place
----------
Key=NdisWan
ImagePath=system32\DRIVERS\ndiswan.sys - this reference has been left in place
----------
Key=NetBIOS
ImagePath=system32\DRIVERS\netbios.sys - this reference has been left in place
----------
Key=netbt
ImagePath=System32\DRIVERS\netbt.sys - this reference has been left in place
----------
Key=Netlogon
ImagePath=%systemroot%\system32\lsass.exe - this reference has been left in place
----------
Key=nfrd960
ImagePath=\SystemRoot\system32\drivers\nfrd960.sys - this reference has been left in place
----------
Key=NMIndexingService
ImagePath="C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe" - this reference has been left in place
----------
Key=nsiproxy
ImagePath=system32\drivers\nsiproxy.sys - this reference has been left in place
----------
Key=ntrigdigi
ImagePath=\SystemRoot\system32\drivers\ntrigdigi.sys - this reference has been left in place
----------
Key=nvraid
ImagePath=\SystemRoot\system32\drivers\nvraid.sys - this reference has been left in place
----------
Key=nvstor
ImagePath=\SystemRoot\system32\drivers\nvstor.sys - this reference has been left in place
----------
Key=nv_agp
ImagePath=\SystemRoot\system32\drivers\nv_agp.sys - this reference has been left in place
----------
Key=NwlnkFlt
ImagePath=system32\DRIVERS\nwlnkflt.sys - file is missing - alert is globally excluded
----------
Key=NwlnkFwd
ImagePath=system32\DRIVERS\nwlnkfwd.sys - file is missing - alert is globally excluded
----------
Key=odserv
ImagePath="C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE" - this reference has been left in place
----------
Key=ohci1394
ImagePath=system32\DRIVERS\ohci1394.sys - this reference has been left in place
----------
Key=ose
ImagePath="C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE" - this reference has been left in place
----------
Key=Parport
ImagePath=system32\DRIVERS\parport.sys - this reference has been left in place
----------
Key=partmgr
ImagePath=System32\drivers\partmgr.sys - this reference has been left in place
----------
Key=Parvdm
ImagePath=system32\DRIVERS\parvdm.sys - this reference has been left in place
----------
Key=pci
ImagePath=system32\drivers\pci.sys - this reference has been left in place
----------
Key=pciide
ImagePath=system32\drivers\pciide.sys - this reference has been left in place
----------
Key=pcmcia
ImagePath=system32\DRIVERS\pcmcia.sys - this reference has been left in place
----------
Key=pdfcDispatcher
ImagePath=C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService - this reference has been left in place
----------
Key=PEAUTH
ImagePath=system32\drivers\peauth.sys - this reference has been left in place
----------
Key=PptpMiniport
ImagePath=system32\DRIVERS\raspptp.sys - this reference has been left in place
----------
Key=Processor
ImagePath=\SystemRoot\system32\drivers\processr.sys - this reference has been left in place
----------
Key=ProtectedStorage
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=PSched
ImagePath=system32\DRIVERS\pacer.sys - this reference has been left in place
----------
Key=ql2300
ImagePath=\SystemRoot\system32\drivers\ql2300.sys - this reference has been left in place
----------
Key=ql40xx
ImagePath=\SystemRoot\system32\drivers\ql40xx.sys - this reference has been left in place
----------
Key=QWAVEdrv
ImagePath=\SystemRoot\system32\drivers\qwavedrv.sys - this reference has been left in place
----------
Key=R300
ImagePath=system32\DRIVERS\atikmdag.sys - this reference has been left in place
----------
Key=RasAcd
ImagePath=System32\DRIVERS\rasacd.sys - this reference has been left in place
----------
Key=Rasl2tp
ImagePath=system32\DRIVERS\rasl2tp.sys - this reference has been left in place
----------
Key=RasPppoe
ImagePath=system32\DRIVERS\raspppoe.sys - this reference has been left in place
----------
Key=rdbss
ImagePath=system32\DRIVERS\rdbss.sys - this reference has been left in place
----------
Key=RDPCDD
ImagePath=System32\DRIVERS\RDPCDD.sys - this reference has been left in place
----------
Key=rdpdr
ImagePath=\SystemRoot\system32\drivers\rdpdr.sys - this reference has been left in place
----------
Key=RDPENCDD
ImagePath=system32\drivers\rdpencdd.sys - this reference has been left in place
----------
Key=RFCOMM
ImagePath=system32\DRIVERS\rfcomm.sys - this reference has been left in place
----------
Key=RpcLocator
ImagePath=%SystemRoot%\system32\locator.exe - this reference has been left in place
----------
Key=rspndr
ImagePath=system32\DRIVERS\rspndr.sys - this reference has been left in place
----------
Key=SamSs
ImagePath=%SystemRoot%\system32\lsass.exe - this reference has been left in place
----------
Key=sbp2port
ImagePath=\SystemRoot\system32\drivers\sbp2port.sys - this reference has been left in place
----------
Key=SBSDWSCService
ImagePath=C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe - this reference has been left in place
----------
Key=ScsiAccess
ImagePath=C:\Windows\system32\ScsiAccess.EXE - this reference has been left in place
----------
Key=sdbus
ImagePath=system32\DRIVERS\sdbus.sys - this reference has been left in place
----------
Key=Serenum
ImagePath=\SystemRoot\system32\drivers\serenum.sys - this reference has been left in place
----------
Key=Serial
ImagePath=\SystemRoot\system32\drivers\serial.sys - this reference has been left in place
----------
Key=sermouse
ImagePath=\SystemRoot\system32\drivers\sermouse.sys - this reference has been left in place
----------
Key=sffdisk
ImagePath=\SystemRoot\system32\drivers\sffdisk.sys - this reference has been left in place
----------
Key=sffp_mmc
ImagePath=\SystemRoot\system32\drivers\sffp_mmc.sys - this reference has been left in place
----------
Key=sffp_sd
ImagePath=\SystemRoot\system32\drivers\sffp_sd.sys - this reference has been left in place
----------
Key=sfloppy
ImagePath=\SystemRoot\system32\drivers\sfloppy.sys - this reference has been left in place
----------
Key=sisagp
ImagePath=\SystemRoot\system32\drivers\sisagp.sys - this reference has been left in place
----------
Key=SiSRaid2
ImagePath=\SystemRoot\system32\drivers\sisraid2.sys - this reference has been left in place
----------
Key=SiSRaid4
ImagePath=\SystemRoot\system32\drivers\sisraid4.sys - this reference has been left in place
----------
Key=slsvc
ImagePath=%SystemRoot%\system32\SLsvc.exe - this reference has been left in place
----------
Key=Smb
ImagePath=system32\DRIVERS\smb.sys - this reference has been left in place
----------
Key=SNMPTRAP
ImagePath=%SystemRoot%\System32\snmptrap.exe - this reference has been left in place
----------
Key=Spooler
ImagePath=%SystemRoot%\System32\spoolsv.exe - this reference has been left in place
----------
Key=SQLWriter
ImagePath="c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe" - this reference has been left in place
----------
Key=srv
ImagePath=System32\DRIVERS\srv.sys - this reference has been left in place
----------
Key=srv2
ImagePath=System32\DRIVERS\srv2.sys - this reference has been left in place
----------
Key=srvnet
ImagePath=System32\DRIVERS\srvnet.sys - this reference has been left in place
----------
Key=stllssvr
ImagePath="c:\Program Files\Common Files\SureThing Shared\stllssvr.exe" - this reference has been removed [file not found to scan]
----------
Key=swenum
ImagePath=system32\DRIVERS\swenum.sys - this reference has been left in place
----------
Key=Symc8xx
ImagePath=\SystemRoot\system32\drivers\symc8xx.sys - this reference has been left in place
----------
Key=Sym_hi
ImagePath=\SystemRoot\system32\drivers\sym_hi.sys - this reference has been left in place
----------
Key=Sym_u3
ImagePath=\SystemRoot\system32\drivers\sym_u3.sys - this reference has been left in place
----------
Key=SynTP
ImagePath=system32\DRIVERS\SynTP.sys - this reference has been left in place
----------
Key=Tcpip
ImagePath=System32\drivers\tcpip.sys - this reference has been left in place
----------
Key=Tcpip6
ImagePath=system32\DRIVERS\tcpip.sys - this reference has been left in place
----------
Key=tcpipreg
ImagePath=System32\drivers\tcpipreg.sys - this reference has been left in place
----------
Key=TDPIPE
ImagePath=system32\drivers\tdpipe.sys - this reference has been left in place
----------
Key=TDTCP
ImagePath=system32\drivers\tdtcp.sys - this reference has been left in place
----------
Key=tdx
ImagePath=system32\DRIVERS\tdx.sys - this reference has been left in place
----------
Key=TermDD
ImagePath=system32\DRIVERS\termdd.sys - this reference has been left in place
----------
Key=TPM
ImagePath=system32\drivers\tpm.sys - this reference has been left in place
----------
Key=TrustedInstaller
ImagePath=%SystemRoot%\servicing\TrustedInstaller.exe - this reference has been left in place
----------
Key=tssecsrv
ImagePath=System32\DRIVERS\tssecsrv.sys - this reference has been left in place
----------
Key=tunmp
ImagePath=system32\DRIVERS\tunmp.sys - this reference has been left in place
----------
Key=tunnel
ImagePath=system32\DRIVERS\tunnel.sys - this reference has been left in place
----------
Key=uagp35
ImagePath=\SystemRoot\system32\drivers\uagp35.sys - this reference has been left in place
----------
Key=udfs
ImagePath=system32\DRIVERS\udfs.sys - this reference has been left in place
----------
Key=UI0Detect
ImagePath=%SystemRoot%\system32\UI0Detect.exe - this reference has been left in place
----------
Key=uliagpkx
ImagePath=\SystemRoot\system32\drivers\uliagpkx.sys - this reference has been left in place
----------
Key=uliahci
ImagePath=\SystemRoot\system32\drivers\uliahci.sys - this reference has been left in place
----------
Key=UlSata
ImagePath=\SystemRoot\system32\drivers\ulsata.sys - this reference has been left in place
----------
Key=ulsata2
ImagePath=\SystemRoot\system32\drivers\ulsata2.sys - this reference has been left in place
----------
Key=umbus
ImagePath=system32\DRIVERS\umbus.sys - this reference has been left in place
----------
Key=usbccgp
ImagePath=\SystemRoot\system32\drivers\usbccgp.sys - this reference has been left in place
----------
Key=usbcir
ImagePath=\SystemRoot\system32\drivers\usbcir.sys - this reference has been left in place
----------
Key=usbehci
ImagePath=system32\DRIVERS\usbehci.sys - this reference has been left in place
----------
Key=usbhub
ImagePath=system32\DRIVERS\usbhub.sys - this reference has been left in place
----------
Key=usbohci
ImagePath=system32\DRIVERS\usbohci.sys - this reference has been left in place
----------
Key=usbprint
ImagePath=\SystemRoot\system32\drivers\usbprint.sys - this reference has been left in place
----------
Key=USBSTOR
ImagePath=system32\DRIVERS\USBSTOR.SYS - this reference has been left in place
----------
Key=usbuhci
ImagePath=system32\DRIVERS\usbuhci.sys - this reference has been left in place
----------
Key=usnjsvc
ImagePath="C:\Program Files\Windows Live\Messenger\usnsvc.exe" - this reference has been left in place
----------
Key=vds
ImagePath=%SystemRoot%\System32\vds.exe - this reference has been left in place
----------
Key=vga
ImagePath=system32\DRIVERS\vgapnp.sys - this reference has been left in place
----------
Key=VgaSave
ImagePath=\SystemRoot\System32\drivers\vga.sys - this reference has been left in place
----------
Key=viaagp
ImagePath=\SystemRoot\system32\drivers\viaagp.sys - this reference has been left in place
----------
Key=ViaC7
ImagePath=\SystemRoot\system32\drivers\viac7.sys - this reference has been left in place
----------
Key=viaide
ImagePath=\SystemRoot\system32\drivers\viaide.sys - this reference has been left in place
----------
Key=volmgr
ImagePath=system32\drivers\volmgr.sys - this reference has been left in place
----------
Key=volmgrx
ImagePath=System32\drivers\volmgrx.sys - this reference has been left in place
----------
Key=volsnap
ImagePath=system32\drivers\volsnap.sys - this reference has been left in place
----------
C:\Windows\system32\DRIVERS\vsdatant.sys appears to be in-use/locked - scanning skipped.
Key=Vsdatant
ImagePath=system32\DRIVERS\vsdatant.sys - Trojan Remover was unable to remove this reference
[ACCESS ERROR]: unable to access the following registry key:
HKLM \SYSTEM\CurrentControlSet\Services\Vsdatant "ImagePath"
C:\Windows\system32\DRIVERS\vsdatant.sys - unable to take ownership/change permissions (file may not exist)
C:\Windows\system32\DRIVERS\vsdatant.sys - MoveFileEx call failed
C:\Windows\system32\DRIVERS\vsdatant.sys has been marked for renaming when the PC is restarted
----------
Key=vsmraid
ImagePath=\SystemRoot\system32\drivers\vsmraid.sys - this reference has been left in place
----------
Key=VSS
ImagePath=%systemroot%\system32\vssvc.exe - this reference has been left in place
----------
Key=WacomPen
ImagePath=\SystemRoot\system32\drivers\wacompen.sys - this reference has been left in place
----------
Key=Wanarp
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=Wanarpv6
ImagePath=system32\DRIVERS\wanarp.sys - this reference has been left in place
----------
Key=Wd
ImagePath=\SystemRoot\system32\drivers\wd.sys - this reference has been left in place
----------
Key=Wdf01000
ImagePath=system32\drivers\Wdf01000.sys - this reference has been left in place
----------
Key=WimFltr
ImagePath=system32\DRIVERS\wimfltr.sys - this reference has been left in place
----------
Key=winachsf
ImagePath=system32\DRIVERS\VSTCNXT3.SYS - this reference has been left in place
----------
Key=WLSetupSvc
ImagePath="C:\Program Files\Windows Live\installer\WLSetupSvc.exe" - this reference has been left in place
----------
Key=WmiAcpi
ImagePath=system32\DRIVERS\wmiacpi.sys - this reference has been left in place
----------
Key=wmiApSrv
ImagePath=%systemroot%\system32\wbem\WmiApSrv.exe - this reference has been left in place
----------
Key=WMPNetworkSvc
ImagePath="%ProgramFiles%\Windows Media Player\wmpnetwk.exe" - this reference has been left in place
----------
Key=WpdUsb
ImagePath=system32\DRIVERS\wpdusb.sys - this reference has been left in place
----------
Key=ws2ifsl
ImagePath=\SystemRoot\system32\drivers\ws2ifsl.sys - this reference has been left in place
----------
Key=WSearch
ImagePath=%systemroot%\system32\SearchIndexer.exe /Embedding - this reference has been left in place
----------
Key=WUDFRd
ImagePath=system32\DRIVERS\WUDFRd.sys - this reference has been left in place
----------

**************************************************
13:58:10: Scanning -----VXD ENTRIES-----
Checking VMM32 VxD files being loaded

**************************************************
13:58:10: Scanning ----- WINLOGON\NOTIFY DLLS -----
No Winlogon\Notify DLLs found to scan

**************************************************
13:58:10: Scanning ----- CONTEXTMENUHANDLERS -----
Key = avast
CLSID = {472083B0-C522-11CF-8763-00608CC02F24}
C:\Program Files\Alwil Software\Avast4\ashShell.dll - this ContextMenuHandler has been left in place
----------
Key = BriefcaseMenu
CLSID = {85BBD920-42A0-1069-A2E4-08002B30309D}
syncui.dll - this ContextMenuHandler has been left in place
----------
Key = Cover Designer
CLSID = {73FCA462-9BD5-4065-A73F-A8E5F6904EF7}
C:\Program Files\Nero\Nero 7\Nero CoverDesigner\CoverEdExtension.dll - this ContextMenuHandler has been left in place
----------
Key = Open With
CLSID = {09799AFB-AD67-11d1-ABCD-00C04FC30936}
%SystemRoot%\system32\shell32.dll - this ContextMenuHandler has been left in place
----------
Key = Open With EncryptionMenu
CLSID = {A470F8CF-A1E8-4f65-8335-227475AA5C46}
%SystemRoot%\system32\shell32.dll - this ContextMenuHandler has been left in place
----------
Key = Sharing
CLSID = {f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}
ntshrui.dll - this ContextMenuHandler has been left in place
----------
Key = SnagItMainShellExt
CLSID = {CF74B903-3389-469c-B3B6-0204D204FCBD}
C:\Program Files\TechSmith\SnagIt 8\SnagItShellExt.dll - this ContextMenuHandler has been left in place
----------
Key = Trojan Remover
A voir également:

1 réponse

Réponse 1 / 1
Fifteen
 
Salut, je pense que je peux te répondre.
Commence, à l'aide d'un autre pc d'installer Kaspersky 7 ou 8, après l'installation de celui-ci, tu cherche dans un de ces menus, l'onglet créer un cd bootable en cas d'attaque du système, ainsi, il te permettra de graver un cd que tu ppourra booter pour lanceer un scannage à partir du bios. Il va t'éradiquer vite ce sal trojan. Une mise à niveau sera nécessaire après cette opération.

Tenez moi au courant.
Peace
0
Normann78 Messages postés 8 Statut Membre 1
 
Bonjour Fifteen,

Merci d'avoir pris le temps de me répondre
je n'ai pas d'autre PC
en effet l'autre PC tour est KO depuis 3 jours suite à MALWARRIOR
qui a tout dévasté...
J'ai des CD que j'ai gravé lors de l'achat
(c'est une consigne de sauvegarde de HP pour réinstaller mon portable en cas de KO)
Peux-tu continuer avec moi?

Merci
0
Normann78 Messages postés 8 Statut Membre 1
 
Histoire de faire avancer le schmilblick
j'ai téléchargé hijackthis qui m'a préparé le rapport suivant :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:53:25, on 20/05/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16643)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\SMINST\scheduler.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\PDF Complete\pdfsty.exe
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\pthosttr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hp\HP Software Update\hpwuSchd2.exe
C:\Program Files\Alwil Software\Avast4\ashDisp.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\TechSmith\SnagIt 8\TSCHelp.exe
C:\Program Files\TechSmith\SnagIt 8\SnagPriv.exe
C:\Program Files\Alwil Software\Avast4\ashSimpl.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\PROGRA~1\WI1F86~1\MESSEN~1\msnmsgr.exe
C:\Users\Normann\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\5HUL5Y6J\HiJackThis[1].exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://us.rd.yahoo.com/customize/ie/defaults/sb/msgr8/*http://www.yahoo.com/ext/search/search.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr8/*https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://fr.yahoo.com/?p=us
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr8/*https://fr.yahoo.com/?p=us
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O1 - Hosts: ::1 localhost
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files\MyWebSearch\SrchAstt\1.bin\MWSSRCAS.DLL
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 8\SnagItBHO.dll
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: SWEETIE - {1A0AADCD-3A72-4b5f-900F-E3BB5A838E2A} - C:\PROGRA~1\MACROG~1\SWEETI~1\toolbar.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 8\SnagItIEAddin.dll
O3 - Toolbar: SweetIM For Internet Explorer - {BC4FFE41-DE9F-46fa-B455-AAD49B9F9938} - C:\Program Files\Macrogaming\SweetIMBarForIE\toolbar.dll
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files\MyWebSearch\bar\1.bin\MWSBAR.DLL
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [PDF Complete] "C:\Program Files\PDF Complete\pdfsty.exe"
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [HP Software Update] c:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKLM\..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe
O4 - HKLM\..\RunOnce: [ST Recovery Launcher] %WINDIR%\SMINST\launcher.exe
O4 - HKCU\..\Run: [StartCCC] c:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [drvsyskit] C:\Windows\system32\drivers\hldrrr.exe
O4 - HKCU\..\Run: [mule_st_key] C:\Users\Normann\AppData\Roaming\m\flec006.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'SERVICE RÉSEAU')
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\backWeb-7288971.exe
O4 - Global Startup: Logiciel Kodak EasyShare.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: SnagIt 8.lnk = C:\Program Files\TechSmith\SnagIt 8\SnagIt32.exe
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O13 - Gopher Prefix:
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} - http://ak.exe.imgfarm.com/images/nocache/funwebproducts/ei-3/CursorManiaFWBInitialSetup1.0.1.0.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/FacebookPhotoUploader3.cab
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/FacebookPhotoUploader4_5.cab
O20 - AppInit_DLLs: APSHook.dll
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - Agere Systems - C:\Windows\system32\agrsmsvc.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: Com4Qlb - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4Qlb.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ScsiAccess - Unknown owner - C:\Windows\system32\ScsiAccess.EXE
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
virus Artemis!
mabiche37 -
Malekal_morte- -

14 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses
Message Apple virus !!
Souclik67 -
MPMP10 -

3 réponses
Cheval de troie comment le supprimer?
sonia -
^^Marie^^ -

28 réponses