Sujet Précédent Sujet Suivant

Plus de 100 svchost.exe dans les Processus

Fermé
Kapewpew - 14 janv. 2009 à 10:27
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 - 16 janv. 2009 à 03:36
salut j'ai au dessus de 100 svchost.exe dans mes processus et ils gobbe tout mon UC ... voici mon log de hijackthis:

Logfile of HijackThis v1.99.1
Scan saved at 04:26:42, on 2009-01-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svcd\svchost.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Info\Bureau\Nouveau dossier\HijackThis.exe
C:\WINDOWS\System32\svchost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.videotron.com/decouvrez-espace-client
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: (no name) - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - (no file)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {385066e0-23f3-11db-a98b-0800200c9a66} - (no file)
O2 - BHO: (no name) - {631f7200-642e-11db-bd13-0800200c9a66} - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {a62d2213-2d9b-4d25-b52d-0bc282501d5b} - (no file)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: (no name) - {E15F0D11-CAF3-5295-6837-2C43D995C293} - (no file)
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: (no name) - {f37f4a40-1f20-4407-b306-9f9d9643c462} - (no file)
O2 - BHO: (no name) - {FE6C16C4-16AD-47B6-B250-26AD1829E49A} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [KIT3] C:\WINDOWS\system32\spool\hpprintqueue.exe
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Info\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://217.71.245.166/activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://80.34.87.7/activex/AMC.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\lpt5.vfk C:\WINDOWS\system32\guard32.dll
O20 - Winlogon Notify: exe2msp - exe2msp.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Unknown owner - C:\Program Files\Java\jre6\bin\jqs.exe" -service -config "C:\Program Files\Java\jre6\lib\deploy\jqs\jqs.conf (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Security Service (WXDN) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe

Aidez moi s'il vous plait

22 réponses

  • 1
  • 2
Réponse 1 / 22
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
14 janv. 2009 à 10:57
fixer une 023 avec Hijack est inutile
O23 - Service: Security Service (WXDN) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe
c'est un service et au reboot de la machine il sera à nouveau présent
2
Réponse 2 / 22
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
14 janv. 2009 à 10:37
Fait déjà ceci et poste moi le rapport.

Télécharge GenProc sur ton bureau (Attention le fichier est un fichier zip)
Dézippe le dossier, double-clique sur GenProc.bat
En final, poste le contenu du rapport qui s'affiche.
Comment utiliser GenProc

Pour ceux qui ont vista, ne pas oublier de désactiver Le contrôle des comptes utilisateurs

1
Réponse 3 / 22
TheTROLL Messages postés 4165 Date d'inscription samedi 9 février 2008 Statut Contributeur Dernière intervention 19 décembre 2012 659
14 janv. 2009 à 10:32
slt ben déjà tu peut supprimé tout les
O2 - BHO
vu que tu en a un bon paquet!
en suite fait une annalise avec spybot et ad awear
0
Réponse 4 / 22
niko51390 Messages postés 301 Date d'inscription jeudi 8 janvier 2009 Statut Membre Dernière intervention 8 novembre 2012 45
14 janv. 2009 à 10:40
tu peux supprimer:

C:\WINDOWS\system32\svcd\svchost.exe
O2 - BHO: (no name) - {037C7B8A-151A-49E6-BAED-CC05FCB50328} - (no file)
O2 - BHO: (no name) - {385066e0-23f3-11db-a98b-0800200c9a66} - (no file)
O2 - BHO: (no name) - {631f7200-642e-11db-bd13-0800200c9a66} - (no file)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: (no name) - {a62d2213-2d9b-4d25-b52d-0bc282501d5b} - (no file)
O2 - BHO: (no name) - {E15F0D11-CAF3-5295-6837-2C43D995C293} - (no file)
O2 - BHO: (no name) - {f37f4a40-1f20-4407-b306-9f9d9643c462} - (no file)
O2 - BHO: (no name) - {FE6C16C4-16AD-47B6-B250-26AD1829E49A} - (no file)
O20 - Winlogon Notify: exe2msp - exe2msp.dll (file missing)
O23 - Service: Security Service (WXDN) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe

surtout la premiere et derniere lignes, on voit bien que le processus n'est pas dans le meme repertoire que les autre,
tien nous au courant
0
pimprenelle27 Messages postés 20857 Date d'inscription lundi 10 décembre 2007 Statut Contributeur sécurité Dernière intervention 8 octobre 2019 2 502
14 janv. 2009 à 10:43
avant de supprimer il faudrait peut être d'abord faire la désinfection. tu ne crois pas.
0
TheTROLL Messages postés 4165 Date d'inscription samedi 9 février 2008 Statut Contributeur Dernière intervention 19 décembre 2012 659
14 janv. 2009 à 10:44
C:\WINDOWS\system32\svcd\svchost.exe il ne pourra pas le supprimé car svchost.exe est parti intégrante de Windows


Le processus svchost.exe (svchost signifiant Service Host Process) est un processus générique de Windows 2000/XP servant d'hôtes pour les autres processus dont le fonctionnement repose sur des librairies dynamiques (DLLs). Il existe ainsi autant d'entrées svchost qu'il y a de processus qui l'utilisent.

L'utilitaire tlist.exe fourni sur le CD-ROM de Windows 2000/XP permet de lister les applications utilisant ce service grâce à la commande suivante :

tlist -s

Le service svchost original possède une faille de sécurité qu'il est impératif de corriger en mettant à jour le système avec le service WindowsUpdate.

Il ne s'agit en aucun cas d'un Virus résident, d'un ver, d'un cheval de Troie, d'un spyware, ni d'un AdWare.
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 5 / 22
niko51390 Messages postés 301 Date d'inscription jeudi 8 janvier 2009 Statut Membre Dernière intervention 8 novembre 2012 45
14 janv. 2009 à 10:54
perso je n'ai pas de dossier svcd dans mon system32, et hijack l'identifie comme dangereux et pas les autre!
j'ai jamais eu ce pb, soit tu désinfecte et si sa marche tant mieux, sinon comme je t'ai dit
0
TheTROLL Messages postés 4165 Date d'inscription samedi 9 février 2008 Statut Contributeur Dernière intervention 19 décembre 2012 659
14 janv. 2009 à 10:55
c'est un fichier system caché!
0
Réponse 6 / 22
niko51390 Messages postés 301 Date d'inscription jeudi 8 janvier 2009 Statut Membre Dernière intervention 8 novembre 2012 45
14 janv. 2009 à 11:01
mes fichiers cachés sont affichés, et il n'y est pas :p
0
TheTROLL Messages postés 4165 Date d'inscription samedi 9 février 2008 Statut Contributeur Dernière intervention 19 décembre 2012 659
14 janv. 2009 à 11:08
et tu as démasqué les fichier protégés du systeme d'exploitation ???
0
Réponse 7 / 22
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
14 janv. 2009 à 11:04
sont problème est là

C:\WINDOWS\system32\svcd\svchost.exe
et ici
O4 - HKLM\..\Run: [KIT3] C:\WINDOWS\system32\spool\hpprintqueue.exe

sdbot et trojan crypter
0
Réponse 8 / 22
niko51390 Messages postés 301 Date d'inscription jeudi 8 janvier 2009 Statut Membre Dernière intervention 8 novembre 2012 45
14 janv. 2009 à 11:13
d'accord avec chimay8, jme suis laissé prendre par "hpprintqueue" en croyant que c'était un process pour imprimante hp!!

ps: oui tout est décoché,tjs.
0
Réponse 9 / 22
Kapewpew
14 janv. 2009 à 18:57
bonjours et merci pour les reponses, je voudrais ajouter que lorsque je demarre mon ordi je recoit l'erreur "Generic Host Process for Win32 Services". Genproc n'a fonctionner qu'une seul fois et sa donnais un message d'erreur sur 3 lignes. Je sais plus trop quoi faire franchement sa ne me tente pas de formater.
0
Réponse 10 / 22
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
14 janv. 2009 à 19:38
1°) reposte un rapport Hijack avec mon lien,le tiens est obsolète

http://www.trendsecure.com/portal/en-US/_download/HiJackThis.exe

2°) il y a du boulôt,donc

Télécharge SDfix (créé par AndyManchesta) et sauvegarde le sur ton Bureau. Tu peux suivre le tutorial SDFix de Malekal pour t'aider :

Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
Redémarre ton ordinateur
Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
Choisis ton compte.

Déroule la liste des instructions ci-dessous :
Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
Appuie sur Y pour commencer le nettoyage.

Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.

Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum, avec un nouveau log Hijackthis !

Si SDFix ne se lance pas
Clique sur Démarrer > Exécuter
Copie/colle ceci :
%systemroot%\system32\cmd.exe /K %systemdrive%\SDFix\apps\FixPath.exe

Clique sur Ok.
Redémarre et essaie de relance SDFix.
0
Réponse 11 / 22
Kapewpew
14 janv. 2009 à 20:43
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 14:42:16, on 2009-01-14
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\vVX1000.exe
C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe
C:\Program Files\PowerISO\PWRISOVM.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\a-squared Free\a2service.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\COMODO\Firewall\cmdagent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft LifeCam\MSCamS32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Documents and Settings\Info\Bureau\HiJackThis.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NetMeeting\Netsh.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.videotron.com/decouvrez-espace-client
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [Lexmark X1100 Series] "C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [VX1000] C:\WINDOWS\vVX1000.exe
O4 - HKLM\..\Run: [LifeCam] "C:\Program Files\Microsoft LifeCam\LifeExp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QT Lite\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PhilipsDM] "C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
O4 - HKLM\..\Run: [COMODO Firewall Pro] "C:\Program Files\COMODO\Firewall\cfp.exe" -h
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-21-602162358-1757981266-725345543-1003\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0 (User '?')
O4 - HKUS\S-1-5-21-602162358-1757981266-725345543-1003\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Info\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {20A60F0D-9AFA-4515-A0FD-83BD84642501} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab56986.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {5C051655-FCD5-4969-9182-770EA5AA5565} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab56986.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zone.msn.com/EN-CA/a-UNO1/GAME_UNO1.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {69EF49E5-FE46-4B92-B5FA-2193AB7A6B8A} (GameLauncher Control) - http://www.acclaim.com/cabs/acclaim_v8.cab
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} - http://217.71.245.166/activex/AMC.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (MSN Games - Installer) - http://messenger.zone.msn.com/binary/ZIntro.cab56649.cab
O16 - DPF: {BD393C14-72AD-4790-A095-76522973D6B8} (CBreakshotControl Class) - http://messenger.zone.msn.com/binary/Bankshot.cab57213.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.11) - http://gameadvisor.futuremark.com/global/msc311.cab
O16 - DPF: {DE625294-70E6-45ED-B895-CFFA13AEB044} (AxisMediaControlEmb Class) - http://80.34.87.7/activex/AMC.cab
O16 - DPF: {F5A7706B-B9C0-4C89-A715-7A0C6B05DD48} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab56986.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\FICHIE~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: \\?\C:\WINDOWS\system32\lpt5.vfk C:\WINDOWS\system32\guard32.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: COMODO Firewall Pro Helper Service (cmdAgent) - Unknown owner - C:\Program Files\COMODO\Firewall\cmdagent.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Security Service (WXDN) - Unknown owner - C:\WINDOWS\system32\svcd\svchost.exe (file missing)
0
Réponse 12 / 22
Kapewpew
14 janv. 2009 à 21:29
[b]SDFix: Version 1.240 [/b]
Run by Info on 2009-01-14 at 14:54

Microsoft Windows XP [version 5.1.2600]
Running From: C:\SDFix

[b]Checking Services [/b]:

[b]Name [/b]:
ntload

[b]Path [/b]:
\??\C:\WINDOWS\system32\ntload.sys

ntload - Deleted



Restoring Default Security Values
Restoring Default Hosts File
Resetting SecurityProviders Value

Rebooting


[b]Checking Files [/b]:

Trojan Files Found:

C:\SVCIPA.EXE - Deleted
C:\WINDOWS\inf\ultra.inf - Deleted
C:\WINDOWS\system32\CID - Deleted
C:\WINDOWS\system32\hook.dll - Deleted
C:\WINDOWS\system32\SvcNm - Deleted
C:\WINDOWS\system32\upds.log - Deleted
C:\WINDOWS\system32\url1 - Deleted
C:\WINDOWS\system32\url2 - Deleted
C:\WINDOWS\system32\url3 - Deleted
C:\WINDOWS\system32\wscmp.dll.tmp - Deleted





Removing Temp Files

[b]ADS Check [/b]:



[b]Final Check [/b]:

catchme 0.3.1361.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 15:09:51
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg]
"s1"=dword:94c7fe22
"s2"=dword:c76768d5
"h0"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:68,39,ec,17,cb,89,9d,b1,f0,07,3b,48,f4,77,35,89,66,32,3a,32,ab,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:73,9c,eb,62,49,98,96,33,0e,fc,0e,85,0c,90,17,fd,61,8e,ec,94,0c,..
"a0"=hex:20,01,00,00,f9,68,d9,d0,56,57,9a,f8,19,8b,97,e7,87,e7,67,af,cf,..

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:60,c2,0c,dd,65,0d,a0,96,2a,a0,0d,40,3d,97,01,b2,8c,5c,a1,96,97,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4]
"h0"=dword:00000000
"khjeh"=hex:68,39,ec,17,cb,89,9d,b1,f0,07,3b,48,f4,77,35,89,66,32,3a,32,ab,..
"p0"="C:\Program Files\DAEMON Tools Lite\"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001]
"khjeh"=hex:73,9c,eb,62,49,98,96,33,0e,fc,0e,85,0c,90,17,fd,61,8e,ec,94,0c,..
"a0"=hex:20,01,00,00,f9,68,d9,d0,56,57,9a,f8,19,8b,97,e7,87,e7,67,af,cf,..

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4\00000001\0Jf40]
"khjeh"=hex:60,c2,0c,dd,65,0d,a0,96,2a,a0,0d,40,3d,97,01,b2,8c,5c,a1,96,97,..

scanning hidden registry entries ...

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5C879394-6B61-BB9C-EBEA-5B77FB345C10}]
"iafgfbmkhfejpicdok"=hex:69,61,69,61,6c,6b,67,62,6b,6f,69,6b,66,63,6c,65,62,62,00,00
"hapfdadmngoljgmf"=hex:69,61,69,61,6c,6b,67,62,6b,6f,69,6b,66,63,6c,65,62,62,00,00

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0


[b]Remaining Services [/b]:




Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe"="C:\\Program Files\\Microsoft Games\\Rise of Nations\\rise.exe:*:Enabled:Rise of Nations"
"C:\\Program Files\\Warcraft III\\Warcraft III.exe"="C:\\Program Files\\Warcraft III\\Warcraft III.exe:*:Enabled:Warcraft III"
"C:\\Program Files\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe"="C:\\Program Files\\Soldier of Fortune II - Double Helix GOLD\\SoF2MP.exe:*:Enabled:SoF2MP"
"C:\\Program Files\\Valve\\Steam\\SteamApps\\User\\Half-Life 2\\hl2.exe"="C:\\Program Files\\Valve\\Steam\\SteamApps\\User\\Half-Life 2\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"="C:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\\Program Files\\CheckFlow\\SpyShooter\\5.0.0.4\\FlowService.exe"="C:\\Program Files\\CheckFlow\\SpyShooter\\5.0.0.4\\FlowService.exe:*:Enabled:SpyShooter 2006"
"C:\\Program Files\\CheckFlow\\SpyShooter\\5.0.0.4\\Fp2006.exe"="C:\\Program Files\\CheckFlow\\SpyShooter\\5.0.0.4\\Fp2006.exe:*:Enabled:Spy Shooter 2006"
"C:\\Program Files\\EA GAMES\\Battlefield 2\\bf2_w32ded.exe"="C:\\Program Files\\EA GAMES\\Battlefield 2\\bf2_w32ded.exe:*:Enabled:bf2_w32ded"
"%windir%\\system32\\ccapp.exe"="%windir%\\system32\\ccapp.exe:*:Enabled:System Process"
"C:\\WINDOWS\\system32\\LEXPPS.EXE"="C:\\WINDOWS\\system32\\LEXPPS.EXE:*:Enabled:LEXPPS.EXE"
"C:\\Documents and Settings\\Info\\Bureau\\WOWEx_Blizcon-downloader.exe"="C:\\Documents and Settings\\Info\\Bureau\\WOWEx_Blizcon-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\AIM\\aim.exe"="C:\\Program Files\\AIM\\aim.exe:*:Enabled:AOL Instant Messenger"
"C:\\Program Files\\BitLord\\BitLord.exe"="C:\\Program Files\\BitLord\\BitLord.exe:*:Enabled:BitLord"
"C:\\Program Files\\World of Warcraft\\Repair.exe"="C:\\Program Files\\World of Warcraft\\Repair.exe:*:Enabled:Blizzard Repair Utility"
"C:\\StubInstaller.exe"="C:\\StubInstaller.exe:*:Enabled:LimeWire swarmed installer"
"C:\\Program Files\\LimeWire\\LimeWire.exe"="C:\\Program Files\\LimeWire\\LimeWire.exe:*:Enabled:LimeWire"
"C:\\Program Files\\Softnyx\\Rakion\\Bin\\Rakion.bin"="C:\\Program Files\\Softnyx\\Rakion\\Bin\\Rakion.bin:*:Enabled:Rakion"
"C:\\Documents and Settings\\Info\\Bureau\\BlackStorm V1\\WoWemu.exe"="C:\\Documents and Settings\\Info\\Bureau\\BlackStorm V1\\WoWemu.exe:*:Enabled:WoWemu"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox"
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"="C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\VentSrv\\ventrilo_srv.exe"="C:\\Program Files\\VentSrv\\ventrilo_srv.exe:*:Enabled:ventrilo_srv"
"C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.10.2.5302-to-1.11.0.5428-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\WINDOWS\\system32\\rtcshare.exe"="C:\\WINDOWS\\system32\\rtcshare.exe:*:Enabled:Partage de l'application RTC"
"C:\\Program Files\\NetMeeting\\conf.exe"="C:\\Program Files\\NetMeeting\\conf.exe:*:Enabled:Windows© NetMeeting©"
"C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.1.5462-to-1.11.2.5464-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Documents and Settings\\Info\\Bureau\\UWC RR v1.0.8\\WoWemu.exe"="C:\\Documents and Settings\\Info\\Bureau\\UWC RR v1.0.8\\WoWemu.exe:*:Enabled:WoWemu"
"C:\\Documents and Settings\\Info\\Bureau\\WEB-WOWEx-E3-downloader.exe"="C:\\Documents and Settings\\Info\\Bureau\\WEB-WOWEx-E3-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe"="C:\\Program Files\\Sierra\\FEAR\\fpupdate.exe:*:Enabled:fpupdate"
"C:\\Program Files\\World of Warcraft\\WoW-1.11.0-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.0-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Warcraft III\\War3.exe"="C:\\Program Files\\Warcraft III\\War3.exe:*:Enabled:Warcraft III"
"C:\\Documents and Settings\\Info\\Bureau\\WoW_Insider_PvP_Interview-downloader.exe"="C:\\Documents and Settings\\Info\\Bureau\\WoW_Insider_PvP_Interview-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.11.2.5464-to-1.12.0.5595-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Info\\Bureau\\EPL_Trailer_EG.avi-downloader.exe"="C:\\Documents and Settings\\Info\\Bureau\\EPL_Trailer_EG.avi-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Info\\Bureau\\WoW-1.12.0.5595-to-0.12.1.5803-enUS-downloader.exe"="C:\\Documents and Settings\\Info\\Bureau\\WoW-1.12.0.5595-to-0.12.1.5803-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Info\\Bureau\\Amrican93's Repack [Blizzlike pack]\\Amrican93's Repack [Blizzlike pack]\\Wowemu.exe"="C:\\Documents and Settings\\Info\\Bureau\\Amrican93's Repack [Blizzlike pack]\\Amrican93's Repack [Blizzlike pack]\\Wowemu.exe:*:Enabled:Wowemu"
"C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe"="C:\\Program Files\\MAIET\\Gunz\\GunzLauncher.exe:*:Enabled:GunzLauncher"
"C:\\Program Files\\MAIET\\Gunz\\Gunz.exe"="C:\\Program Files\\MAIET\\Gunz\\Gunz.exe:*:Enabled:Gunz"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.0.5595-to-1.12.1.5875-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\America's Army\\System\\ArmyOps.exe"="C:\\Program Files\\America's Army\\System\\ArmyOps.exe:*:Enabled:ArmyOps"
"C:\\Documents and Settings\\Info\\Bureau\\WoW-1.12.0.5590-to-2.0.1.6114-enUS-patch-downloader.exe"="C:\\Documents and Settings\\Info\\Bureau\\WoW-1.12.0.5590-to-2.0.1.6114-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Documents and Settings\\Info\\Bureau\\Office_Space.avi-downloader.exe"="C:\\Documents and Settings\\Info\\Bureau\\Office_Space.avi-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe"="C:\\Program Files\\World of Warcraft\\WoW-1.12.x-to-2.0.1-enUS-patch-downloader.exe:*:Enabled:Blizzard Downloader"
"C:\\Program Files\\Grisoft\\AVG7\\avginet.exe"="C:\\Program Files\\Grisoft\\AVG7\\avginet.exe:*:Enabled:avginet.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgamsvr.exe:*:Enabled:avgamsvr.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgcc.exe:*:Enabled:avgcc.exe"
"C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe"="C:\\Program Files\\Grisoft\\AVG7\\avgemc.exe:*:Enabled:avgemc.exe"
"C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe"="C:\\Program Files\\Sierra\\FEARCombat\\FEARMP.exe:*:Enabled:FEAR Combat"
"C:\\Documents and Settings\\Info\\Bureau\\rsgxbrG_Pinch.exe"="C:\\Documents and Settings\\Info\\Bureau\\rsgxbrG_Pinch.exe:*:Enabled:Enabled"
"C:\\Program Files\\Hamachi\\hamachi.exe"="C:\\Program Files\\Hamachi\\hamachi.exe:*:Enabled:Hamachi"
"C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"="C:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe:*:Enabled:Assistance … distance - Windows Messenger et voix"
"C:\\Program Files\\Steam\\steamapps\\nosoup4yourmom\\counter-strike source\\hl2.exe"="C:\\Program Files\\Steam\\steamapps\\nosoup4yourmom\\counter-strike source\\hl2.exe:*:Enabled:hl2"
"C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"="C:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe:*:Enabled:Veoh Client"
"C:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe"="C:\\Program Files\\Sierra\\SWAT 4\\Content\\System\\Swat4.exe:*:Enabled:SWAT 4"
"C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"="C:\\Program Files\\Microsoft LifeCam\\LifeCam.exe:*:Enabled:LifeCam.exe"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"="C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger"
"C:\\Nexon\\Combat Arms\\CombatArms.exe"="C:\\Nexon\\Combat Arms\\CombatArms.exe:*Enabled:CombatArms.exe"
"C:\\Nexon\\Combat Arms\\Engine.exe"="C:\\Nexon\\Combat Arms\\Engine.exe:*Enabled:Engine.exe"

[b]Remaining Files [/b]:


File Backups: - C:\SDFix\backups\backups.zip

[b]Files with Hidden Attributes [/b]:


[b]Finished![/b]

le probleme est toujours la
0
Réponse 13 / 22
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
14 janv. 2009 à 21:44
le probleme est toujours la

mais bien sur!!!

cela ne se regle pas en un coup de baguette magique


fais ceci stp

Télécharge Combofix sUBs : http://download.bleepingcomputer.com/sUBs/ComboFix.exe
et sauvegarde le sur ton bureau et pas ailleurs!

**Désactive les logiciels de protection** (Antivirus, Antispywares) puis :
deconnecte toi d'internet,ferme tout les programmes

Double-clique sur combofix,si il te demande d'installer la console,fais le(voir plus bas)
ensuite,
il va te poser une question, réponds par la touche 1 et entrée pour valider.
ne touche plus à rien, même pas ta souris!!

Attends que combofix ait terminé, un rapport sera créé. Poste le rapport.

-----------------------------------------------------

installer la Console de Récupération sur ton pc(cela permettra de réparer ton système au cas où le pc ne redémarrerait plus suite à la désinfection.)

Clique sur le lien ci-dessous pour aller sur le site Web de Microsoft:

https://support.microsoft.com/en-us/help/310994

descend jusqu'à "Téléchargement du fichier programme des disquettes d'installation" et clique sur le téléchargement correspondant à ta version de Windows XP (Édition familiale ou Professionnel) et au Service Pack que tu as installé.
**note: pour le SP3 charge le Service Pack 2
pour Windows XP Media Center charge XP Pro Service Pack 2.

enregistre le sur ton bureau.

fais un glisser/déposer du fichier sur l'icone de combofix comme ceci
http://img.bleepingcomputer.com/combofix/usage/rc.gif

Combofix va installer la console de récupération sur ton pc

a la fin de l'installation,combofix va afficher un message qui te signale que la console est installée.
0
Réponse 14 / 22
Kapewpew
14 janv. 2009 à 22:21
ComboFix 09-01-13.04 - Info 2009-01-14 15:56:25.1 - NTFSx86
Running from: c:\documents and settings\Info\Bureau\ComboFix.exe

[COLOR=RED][B]WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !![/B][/COLOR]
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\LocalService\Bureau\Online Security Center.URL
c:\windows\Downloaded Program Files\setup.inf
c:\windows\msettings.ini
c:\windows\system32\dumphive.exe
c:\windows\system32\kbdrit32.dll
c:\windows\system32\skinboxer43.dll
c:\windows\system32\SrchSTS.exe
c:\windows\system32\tmp.reg

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NTMLSVC
-------\Legacy_OREANS32
-------\Legacy_WINCOM32
-------\Service_oreans32


((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.

2009-01-14 14:48 . 2009-01-14 14:49 <REP> d-------- c:\windows\ERUNT
2009-01-14 14:38 . 2009-01-14 15:33 <REP> d----c--- C:\SDFix
2009-01-14 13:30 . 2009-01-14 13:30 <REP> d-------- c:\program files\Lavasoft
2009-01-14 13:30 . 2009-01-14 13:31 <REP> d----c--- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-14 13:22 . 2009-01-14 13:22 <REP> d-------- c:\windows\system32\spool
2009-01-13 19:36 . 2009-01-14 16:07 <REP> d-------- c:\windows\system32\CatRoot2
2009-01-11 19:13 . 2009-01-11 19:12 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-11 18:57 . 2005-11-24 10:15 <REP> d--h-c--- c:\documents and settings\Administrateur.USER-8B\Voisinage réseau
2009-01-11 18:57 . 2005-11-24 10:15 <REP> d--h-c--- c:\documents and settings\Administrateur.USER-8B\Voisinage d'impression
2009-01-11 18:57 . 2005-11-24 15:22 <REP> d--h-c--- c:\documents and settings\Administrateur.USER-8B\Modèles
2009-01-11 18:57 . 2005-11-24 10:15 <REP> d----c--- c:\documents and settings\Administrateur.USER-8B\Mes documents
2009-01-11 18:57 . 2005-11-24 10:15 <REP> dr---c--- c:\documents and settings\Administrateur.USER-8B\Menu Démarrer
2009-01-11 18:57 . 2005-11-24 10:15 <REP> d----c--- c:\documents and settings\Administrateur.USER-8B\Favoris
2009-01-11 18:57 . 2005-11-24 10:15 <REP> d----c--- c:\documents and settings\Administrateur.USER-8B\Bureau
2009-01-11 18:57 . 2008-01-22 06:22 <REP> d----c--- c:\documents and settings\Administrateur.USER-8B\Application Data\Ventrilo
2009-01-11 18:57 . 2009-01-11 18:57 <REP> d----c--- c:\documents and settings\Administrateur.USER-8B
2009-01-09 19:50 . 2009-01-09 19:50 <REP> d-------- c:\documents and settings\Info\Application Data\dBpoweramp
2009-01-07 02:35 . 2009-01-07 02:35 <REP> d-------- c:\documents and settings\Info\Application Data\Toribash
2009-01-02 23:36 . 2009-01-02 23:36 <REP> d-------- c:\program files\Fichiers communs\Skype
2009-01-02 23:36 . 2009-01-02 23:36 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-02 16:54 . 2009-01-02 16:54 <REP> d-------- c:\program files\Realtek AC97
2009-01-01 20:02 . 2009-01-01 20:02 <REP> d-------- c:\documents and settings\Info\Application Data\Datel
2008-12-27 12:11 . 2009-01-13 13:55 0 --a------ c:\windows\1.ini
2008-12-27 03:21 . 2008-12-27 03:21 <REP> d----c--- c:\documents and settings\All Users\Application Data\Blizzard
2008-12-27 00:43 . 2008-12-27 00:43 102,400 --a------ c:\windows\system32\wow127_625.dll
2008-12-27 00:43 . 2008-12-27 00:43 20 --a------ c:\windows\syscheck
2008-12-26 21:59 . 2009-01-13 12:57 <REP> d-------- c:\program files\World of Warcraft
2008-12-20 22:13 . 2008-12-20 22:13 <REP> d-------- c:\documents and settings\Info\Application Data\AccurateRip
2008-12-19 22:42 . 2008-12-19 22:42 <REP> d----c--- C:\Your main Age of Wonders folder here

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 18:30 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-14 08:59 --------- d-----w c:\program files\a-squared Free
2009-01-12 23:08 --------- d-----w c:\program files\Steam
2009-01-12 06:51 --------- d-----w c:\documents and settings\Info\Application Data\skypePM
2009-01-12 06:51 --------- d-----w c:\documents and settings\Info\Application Data\Skype
2009-01-12 00:12 --------- d-----w c:\program files\Java
2008-12-27 03:51 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-12-27 02:58 --------- d-----w c:\program files\Fichiers communs\Real
2008-12-27 02:56 --------- dc----w c:\documents and settings\All Users\Application Data\AOL
2008-12-27 02:56 --------- d-----w c:\program files\Fichiers communs\AOL
2008-12-27 02:56 --------- d-----w c:\program files\Cheat Engine
2008-12-26 09:20 --------- d-----w c:\program files\Xfire
2008-12-25 19:25 --------- d-----w c:\documents and settings\Info\Application Data\Xfire
2008-12-21 03:13 5,068,152 ----a-w c:\windows\system32\SpoonUninstall.exe
2008-12-14 02:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 02:27 --------- d-----w c:\program files\Panasonic
2008-12-11 20:37 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-12-01 20:13 --------- d-----w c:\program files\Image-Line
2008-12-01 20:13 --------- d-----w c:\program files\DVDVideoSoft
2008-11-28 22:11 87,056 ----a-w c:\windows\system32\drivers\cmdGuard.sys
2008-11-28 22:11 24,208 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-11-28 22:11 143,104 ----a-w c:\windows\system32\guard32.dll
2008-10-19 13:57 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-08-13 05:21 24 ----a-w c:\documents and settings\Info\jagex_runescape_preferences.dat
2008-02-28 15:26 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-12-18 21:04 22,328 ----a-w c:\documents and settings\Info\Application Data\PnkBstrK.sys
2007-12-15 17:55 4,346,084 ----a-w c:\documents and settings\Info\WoW-2.3.0.7561-to-0.3.2.7627-enUS-patch.exe
2007-10-21 11:07 220,008,707 ----a-w c:\documents and settings\Info\WoW-2.2.3.7359-to-0.3.0.7441-enUS-patch.exe
2007-08-14 14:14 51,185,123 ----a-w c:\documents and settings\Info\WoW-2.1.3.6898-to-0.2.0.6932-enUS-patch.exe
2007-03-22 18:55 2,402,550 ----a-w c:\windows\inf\SETF4.tmp
2007-03-22 18:55 2,402,550 ----a-w c:\windows\inf\SET39.tmp
2006-09-22 02:49 19,456 ----a-w c:\documents and settings\Info\tspeakfp.exe
2007-04-21 17:11 56 --sh--r c:\windows\system32\A8D3C8CB10.sys
2007-04-21 17:15 1,890 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2008-01-08 163840]
"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"QuickTime Task"="c:\program files\QT Lite\qttask.exe" [2007-06-29 286720]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-12-21 663552]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-11-28 1655552]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"SiSPower"="SiSPower.dll" [2005-01-04 c:\windows\system32\SiSPower.dll]
"AtiPTA"="atiptaxx.exe" [2006-02-21 c:\windows\system32\atiptaxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.SP50"= SP5X_32.DLL
"VIDC.SP51"= SP5X_32.DLL
"VIDC.SP52"= SP5X_32.DLL
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Info^Menu Démarrer^Programmes^Démarrage^IMVU.lnk]
path=c:\documents and settings\Info\Menu Démarrer\Programmes\Démarrage\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Info^Menu Démarrer^Programmes^Démarrage^Raccourci vers SoF2mp_min.lnk]
path=c:\documents and settings\Info\Menu Démarrer\Programmes\Démarrage\Raccourci vers SoF2mp_min.lnk
backup=c:\windows\pss\Raccourci vers SoF2mp_min.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-03 08:54 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-11-02 00:02 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 17:35 3587120 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\User\\Half-Life 2\\hl2.exe"=
"%windir%\\system32\\ccapp.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 WXDN;Security Service; [x]
R3 CA500AI;maxell WS30SLIM Digital Camera; [x]
R3 CA500AV;maxell WS30SLIM Video Camera; [x]
R3 CEDRIVER52;CEDRIVER52; [x]
R3 jamilah;jamilah; [x]
R3 MTK;Media Technology Kernel Driver; [x]
R3 NTProcDrv;Process creation detector for NT.; [x]
R3 XDva222;XDva222; [x]
S1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 17952]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-11-28 87056]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-11-28 24208]
S2 NetCM;Network Connection Manager;c:\program files\NetMeeting\Netsh.exe [2007-07-04 417792]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 wowsystemcode123;Remote TCP/IP;c:\windows\System32\svchost.exe [2004-08-03 14336]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-08-24 21920]


--- Other Services/Drivers In Memory ---

*Deregistered* - a2free
*Deregistered* - aawservice
*Deregistered* - AFD
*Deregistered* - Alerter
*Deregistered* - ALG
*Deregistered* - Ati HotKey Poller
*Deregistered* - ATI Smart
*Deregistered* - atitray
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - BridgeMP
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - cmdAgent
*Deregistered* - cmdGuard
*Deregistered* - cmdHlp
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - ImapiService
*Deregistered* - Inspect
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LexBceS
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - Modem
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - MSCamSvc
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - NetCM
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PCIIde
*Deregistered* - Pcouffin
*Deregistered* - PnkBstrA
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SCDEmu
*Deregistered* - Schedule
*Deregistered* - SCREAMINGBDRIVER
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - sfdrv01
*Deregistered* - sfhlp02
*Deregistered* - sfsync02
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - sisidex
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - uagp35
*Deregistered* - UleadBurningHelper
*Deregistered* - Update
*Deregistered* - upnphost
*Deregistered* - usnjsvc
*Deregistered* - VgaSave
*Deregistered* - Viewpoint Manager Service
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - WinDriver6
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - WMPNetworkSvc
*Deregistered* - wowsystemcode123
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wowsystemcode123

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\WiiMMM_Pro_Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe []
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe
ShellExecuteHooks-{002E28F4-D7A2-456A-AE04-EB9ABF822FE4} - c:\windows\TEMP\Down(0)ow.dll
MSConfigStartUp-Aim6 - c:\program files\AIM6\aim6.exe
MSConfigStartUp-ieupdate - c:\windows\system32\ieupdates.exe
MSConfigStartUp-SUPERAntiSpyware - c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSConfigStartUp-Uniblue RegistryBooster 2 - c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Info\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
Trusted Zone: partibleu.jeam.net

O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://217.71.245.166/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.34.87.7/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf
FF - ProfilePath - c:\documents and settings\Info\Application Data\Mozilla\Firefox\Profiles\xjz2lw74.default\
FF - prefs.js: browser.startup.homepage - wikipedia.org
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Info\Application Data\Mozilla\Firefox\Profiles\xjz2lw74.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\Info\Application Data\Mozilla\Firefox\Profiles\xjz2lw74.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 16:07:39
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-602162358-1757981266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-602162358-1757981266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5C879394-6B61-BB9C-EBEA-5B77FB345C10}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iafgfbmkhfejpicdok"=hex:69,61,69,61,6c,6b,67,62,6b,6f,69,6b,66,63,6c,65,62,62,
00,00
"hapfdadmngoljgmf"=hex:69,61,69,61,6c,6b,67,62,6b,6f,69,6b,66,63,6c,65,62,62,
00,00

[HKEY_USERS\S-1-5-21-602162358-1757981266-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2f,70,69,99,dc,6f,fd,56,ef,62,b7,6e,5e,09,f1,c8,f2,68,01,d1,2d,31,12,
06,d0,01,dd,5e,47,41,08,5d,42,d4,b5,4c,08,be,71,45,1f,b2,59,18,bd,6b,46,0d,\
"??"=hex:5c,8b,1c,fb,d7,49,94,bc,57,c0,87,1f,bf,1b,01,4c

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\URLSearchHooks]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"{E15F0D11-CAF3-5295-6837-2C43D995C293}"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\jcvkn]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)

[HKEY_LOCAL_MACHINE\software\Microsoft\ltlya]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
"{5CA2D1A1-D6F6-3B1C-9639-8D3C028178B2}"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(836)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(5096)
c:\program files\Windows Media Player\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\shdoclc.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ati2evxx.exe
c:\windows\system32\ati2evxx.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\a-squared Free\a2service.exe
c:\program files\COMODO\Firewall\cmdagent.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wscntfy.exe
c:\program files\Windows Live\Messenger\usnsvc.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Completion time: 2009-01-14 16:14:40 - machine was rebooted
ComboFix-quarantined-files.txt 2009-01-14 21:14:09

Pre-Run: 27 262 074 880 octets libres
Post-Run: 27,236,433,920 octets libres

433 --- E O F --- 2008-02-26 23:11:09
0
Réponse 15 / 22
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
14 janv. 2009 à 23:00
courage,on touche au but!


Copie le texte ci-dessous :

File::
c:\windows\system32\A8D3C8CB10.sys
c:\windows\inf\SET39.tmp
c:\windows\inf\SETF4.tmp
c:\windows\1.ini



Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.

ensuite

Télécharge UsbFix sur ton bureau


--> Lance l'installation avec les paramètres par défaut

Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) suceptibles d'avoir été infectées sans les ouvrir.

--> Double clic sur le raccourci UsbFix sur ton bureau

--> Choisis l'option nettoyage

--> Le pc va redémarer

-->Après redémarrage poste le rapport UsbFix.txt

Note : le rapport UsbFix.txt est sauvegardé à la racine du disque
Note : Si le Bureau ne réapparait pas presse Ctrl + Alt + Suppr , Onglet "Fichier" , "Nouvelle tâche" , tape explorer.exe et valide!

/!\ "Process.exe", une composante de l'outil, est détecté par certains antivirus (AntiVir, Dr.Web, Kaspersky Anti-Virus) comme étant un RiskTool.
Il ne s'agit pas d'un virus, mais d'un utilitaire destiné à mettre fin à des processus.
Mis entre de mauvaises mains, cet utilitaire pourrait arrêter des logiciels de sécurité (Antivirus, Firewall...) d'où l'alerte émise par ces antivirus.

ensuite

Télécharge Malwarebytes' Anti-Malware et enregistre le sur ton Bureau.
https://www.malwarebytes.com/

(NB : S'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharges le ici : https://www.malekal.com/tutorial-aboutbuster/ )

A la fin du téléchargement, ferme toutes les fenêtres et programmes, y compris celui-ci.
Double-clique sur l'icône "Download_mbam-setup.exe" sur ton bureau pour démarrer le programme d'installation.

Pendant l'installation, suis les indications n'apporte aucune modification aux réglages par défaut et en fin d'installation, vérifie que les options "Update Malwarebytes' Anti-Malware" et "Launch Malwarebytes' Anti-Malware" soit cochées.
MBAM démarrera automatiquement et enverra un message demandant à mettre à jour le programme avant de lancer une analyse. Comme MBAM se met automatiquement à jour en fin d'installation, clique sur OK pour fermer la boîte de dialogue.
La fenêtre principale de MBAM s'affiche :
Dans l'onglet analyse, vérifie que "Exécuter un examen complet" est coché et clique sur le bouton Rechercher pour démarrer l'analyse.
MBAM analyse ton ordinateur.
L'analyse peut prendre un certain temps. Il suffit de vérifier de temps en temps son avancement.
A la fin de l'analyse, un message s'affiche indiquant la fin de l'analyse. Clique sur OK pour poursuivre.
Si des malwares sont détectés, leur liste s'affiche.
***EN CLIQUANT SUR SUPPRESSION(?)FAIT LE*** , MBAM va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
MBAM va ouvrir le Bloc-notes et y copier le rapport d'analyse. Ferme le Bloc-notes. (Le rapport peut être retrouvé sous l'onglet Rapports/logs)
Ferme MBAM en cliquant sur Quitter.
Poste le rapport dans ta réponse
0
Réponse 16 / 22
Kapewpew
15 janv. 2009 à 09:37
ComboFix 09-01-13.04 - Info 2009-01-14 17:26:41.3 - NTFSx86
Running from: c:\documents and settings\Info\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Info\Bureau\CFScript.txt

FILE ::
c:\windows\1.ini
c:\windows\inf\SET39.tmp
c:\windows\inf\SETF4.tmp
c:\windows\system32\A8D3C8CB10.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\1.ini
c:\windows\inf\SET39.tmp
c:\windows\inf\SETF4.tmp
c:\windows\system32\A8D3C8CB10.sys

.
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.

2009-01-14 16:34 . 2009-01-14 17:05 25,980 --a------ c:\windows\system32\kis.exe
2009-01-14 16:13 . 2009-01-14 16:13 65,536 --a------ c:\windows\system32\wow975_50.dll
2009-01-14 16:13 . 2009-01-14 16:13 20 --a------ c:\windows\mj
2009-01-14 14:48 . 2009-01-14 14:49 <REP> d-------- c:\windows\ERUNT
2009-01-14 14:38 . 2009-01-14 15:33 <REP> d----c--- C:\SDFix
2009-01-14 13:30 . 2009-01-14 13:30 <REP> d-------- c:\program files\Lavasoft
2009-01-14 13:30 . 2009-01-14 13:31 <REP> d----c--- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-14 13:22 . 2009-01-14 13:22 <REP> d-------- c:\windows\system32\spool
2009-01-13 19:36 . 2009-01-14 16:58 <REP> d-------- c:\windows\system32\CatRoot2
2009-01-11 19:13 . 2009-01-11 19:12 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-11 18:57 . 2005-11-24 10:15 <REP> d--h-c--- c:\documents and settings\Administrateur.USER-8B\Voisinage réseau
2009-01-11 18:57 . 2005-11-24 10:15 <REP> d--h-c--- c:\documents and settings\Administrateur.USER-8B\Voisinage d'impression
2009-01-11 18:57 . 2005-11-24 15:22 <REP> d--h-c--- c:\documents and settings\Administrateur.USER-8B\Modèles
2009-01-11 18:57 . 2005-11-24 10:15 <REP> d----c--- c:\documents and settings\Administrateur.USER-8B\Mes documents
2009-01-11 18:57 . 2005-11-24 10:15 <REP> dr---c--- c:\documents and settings\Administrateur.USER-8B\Menu Démarrer
2009-01-11 18:57 . 2005-11-24 10:15 <REP> d----c--- c:\documents and settings\Administrateur.USER-8B\Favoris
2009-01-11 18:57 . 2005-11-24 10:15 <REP> d----c--- c:\documents and settings\Administrateur.USER-8B\Bureau
2009-01-11 18:57 . 2008-01-22 06:22 <REP> d----c--- c:\documents and settings\Administrateur.USER-8B\Application Data\Ventrilo
2009-01-11 18:57 . 2009-01-11 18:57 <REP> d----c--- c:\documents and settings\Administrateur.USER-8B
2009-01-09 19:50 . 2009-01-09 19:50 <REP> d-------- c:\documents and settings\Info\Application Data\dBpoweramp
2009-01-07 02:35 . 2009-01-07 02:35 <REP> d-------- c:\documents and settings\Info\Application Data\Toribash
2009-01-02 23:36 . 2009-01-02 23:36 <REP> d-------- c:\program files\Fichiers communs\Skype
2009-01-02 23:36 . 2009-01-02 23:36 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-02 16:54 . 2009-01-02 16:54 <REP> d-------- c:\program files\Realtek AC97
2009-01-01 20:02 . 2009-01-01 20:02 <REP> d-------- c:\documents and settings\Info\Application Data\Datel
2008-12-27 03:21 . 2008-12-27 03:21 <REP> d----c--- c:\documents and settings\All Users\Application Data\Blizzard
2008-12-27 00:43 . 2008-12-27 00:43 102,400 --a------ c:\windows\system32\wow127_625.dll
2008-12-27 00:43 . 2008-12-27 00:43 20 --a------ c:\windows\syscheck
2008-12-26 21:59 . 2009-01-13 12:57 <REP> d-------- c:\program files\World of Warcraft
2008-12-20 22:13 . 2008-12-20 22:13 <REP> d-------- c:\documents and settings\Info\Application Data\AccurateRip
2008-12-19 22:42 . 2008-12-19 22:42 <REP> d----c--- C:\Your main Age of Wonders folder here

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 18:30 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-14 08:59 --------- d-----w c:\program files\a-squared Free
2009-01-12 23:08 --------- d-----w c:\program files\Steam
2009-01-12 06:51 --------- d-----w c:\documents and settings\Info\Application Data\skypePM
2009-01-12 06:51 --------- d-----w c:\documents and settings\Info\Application Data\Skype
2009-01-12 00:12 --------- d-----w c:\program files\Java
2008-12-27 03:51 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-12-27 02:58 --------- d-----w c:\program files\Fichiers communs\Real
2008-12-27 02:56 --------- dc----w c:\documents and settings\All Users\Application Data\AOL
2008-12-27 02:56 --------- d-----w c:\program files\Fichiers communs\AOL
2008-12-27 02:56 --------- d-----w c:\program files\Cheat Engine
2008-12-26 09:20 --------- d-----w c:\program files\Xfire
2008-12-25 19:25 --------- d-----w c:\documents and settings\Info\Application Data\Xfire
2008-12-21 03:13 5,068,152 ----a-w c:\windows\system32\SpoonUninstall.exe
2008-12-14 02:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 02:27 --------- d-----w c:\program files\Panasonic
2008-12-11 20:37 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-12-01 20:13 --------- d-----w c:\program files\Image-Line
2008-12-01 20:13 --------- d-----w c:\program files\DVDVideoSoft
2008-11-28 22:11 87,056 ----a-w c:\windows\system32\drivers\cmdGuard.sys
2008-11-28 22:11 24,208 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-11-28 22:11 143,104 ----a-w c:\windows\system32\guard32.dll
2008-10-19 13:57 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-08-13 05:21 24 ----a-w c:\documents and settings\Info\jagex_runescape_preferences.dat
2008-02-28 15:26 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-12-18 21:04 22,328 ----a-w c:\documents and settings\Info\Application Data\PnkBstrK.sys
2007-12-15 17:55 4,346,084 ----a-w c:\documents and settings\Info\WoW-2.3.0.7561-to-0.3.2.7627-enUS-patch.exe
2007-10-21 11:07 220,008,707 ----a-w c:\documents and settings\Info\WoW-2.2.3.7359-to-0.3.0.7441-enUS-patch.exe
2007-08-14 14:14 51,185,123 ----a-w c:\documents and settings\Info\WoW-2.1.3.6898-to-0.2.0.6932-enUS-patch.exe
2006-09-22 02:49 19,456 ----a-w c:\documents and settings\Info\tspeakfp.exe
2007-04-21 17:15 1,890 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2009-01-14_16.11.53.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-14 21:58:30 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_834.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2008-01-08 163840]
"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"QuickTime Task"="c:\program files\QT Lite\qttask.exe" [2007-06-29 286720]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-12-21 663552]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-11-28 1655552]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"SiSPower"="SiSPower.dll" [2005-01-04 c:\windows\system32\SiSPower.dll]
"AtiPTA"="atiptaxx.exe" [2006-02-21 c:\windows\system32\atiptaxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [BU]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{002E28F4-D7A2-456A-AE04-EB9ABF822FE4}"= "c:\windows\TEMP\Down(0)ow.dll" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.SP50"= SP5X_32.DLL
"VIDC.SP51"= SP5X_32.DLL
"VIDC.SP52"= SP5X_32.DLL
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Info^Menu Démarrer^Programmes^Démarrage^IMVU.lnk]
path=c:\documents and settings\Info\Menu Démarrer\Programmes\Démarrage\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Info^Menu Démarrer^Programmes^Démarrage^Raccourci vers SoF2mp_min.lnk]
path=c:\documents and settings\Info\Menu Démarrer\Programmes\Démarrage\Raccourci vers SoF2mp_min.lnk
backup=c:\windows\pss\Raccourci vers SoF2mp_min.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
c:\program files\AIM6\aim6.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-03 08:54 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ieupdate]
c:\windows\system32\ieupdates.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-11-02 00:02 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 17:35 3587120 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\User\\Half-Life 2\\hl2.exe"=
"%windir%\\system32\\ccapp.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 mycode1983;Remote TCP/IP3;c:\windows\System32\svchost.exe [2004-08-03 14336]
R2 NetCM;Network Connection Manager;c:\program files\NetMeeting\Netsh.exe [2007-07-04 417792]
R2 WXDN;Security Service; [x]
R3 CA500AI;maxell WS30SLIM Digital Camera; [x]
R3 CA500AV;maxell WS30SLIM Video Camera; [x]
R3 CEDRIVER52;CEDRIVER52; [x]
R3 jamilah;jamilah; [x]
R3 MTK;Media Technology Kernel Driver; [x]
R3 NTProcDrv;Process creation detector for NT.; [x]
R3 XDva222;XDva222; [x]
S1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 17952]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-11-28 87056]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-11-28 24208]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S2 wowsystemcode123;Remote TCP/IP;c:\windows\System32\svchost.exe [2004-08-03 14336]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-08-24 21920]


--- Other Services/Drivers In Memory ---

*Deregistered* - a2free
*Deregistered* - aawservice
*Deregistered* - AFD
*Deregistered* - Alerter
*Deregistered* - ALG
*Deregistered* - Ati HotKey Poller
*Deregistered* - ATI Smart
*Deregistered* - atitray
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - BridgeMP
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - cmdAgent
*Deregistered* - cmdGuard
*Deregistered* - cmdHlp
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - ImapiService
*Deregistered* - Inspect
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LexBceS
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - Modem
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - MSCamSvc
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - NetCM
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PCIIde
*Deregistered* - Pcouffin
*Deregistered* - PnkBstrA
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SCDEmu
*Deregistered* - Schedule
*Deregistered* - SCREAMINGBDRIVER
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - sfdrv01
*Deregistered* - sfhlp02
*Deregistered* - sfsync02
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - sisidex
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - uagp35
*Deregistered* - UleadBurningHelper
*Deregistered* - Update
*Deregistered* - upnphost
*Deregistered* - usnjsvc
*Deregistered* - VgaSave
*Deregistered* - Viewpoint Manager Service
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - WinDriver6
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - WMPNetworkSvc
*Deregistered* - wowsystemcode123
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wowsystemcode123

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\WiiMMM_Pro_Setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\SETUP.EXE
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe []
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.orbitdownloader.com
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Info\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
Trusted Zone: partibleu.jeam.net

O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://217.71.245.166/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.34.87.7/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf
FF - ProfilePath - c:\documents and settings\Info\Application Data\Mozilla\Firefox\Profiles\xjz2lw74.default\
FF - prefs.js: browser.startup.homepage - wikipedia.org
FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll
FF - plugin: c:\documents and settings\Info\Application Data\Mozilla\Firefox\Profiles\xjz2lw74.default\extensions\iaplayer@instantaction.com\plugins\npiaplayer.dll
FF - plugin: c:\documents and settings\Info\Application Data\Mozilla\Firefox\Profiles\xjz2lw74.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07061050.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin2.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin3.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin4.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin5.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin6.dll
FF - plugin: c:\program files\QT Lite\Plugins\npqtplugin7.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-14 17:29:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-602162358-1757981266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\CLSID]
@Denied: (Full) (LocalSystem)

[HKEY_USERS\S-1-5-21-602162358-1757981266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5C879394-6B61-BB9C-EBEA-5B77FB345C10}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iafgfbmkhfejpicdok"=hex:69,61,69,61,6c,6b,67,62,6b,6f,69,6b,66,63,6c,65,62,62,
00,00
"hapfdadmngoljgmf"=hex:69,61,69,61,6c,6b,67,62,6b,6f,69,6b,66,63,6c,65,62,62,
00,00

[HKEY_USERS\S-1-5-21-602162358-1757981266-725345543-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2f,70,69,99,dc,6f,fd,56,ef,62,b7,6e,5e,09,f1,c8,f2,68,01,d1,2d,31,12,
06,d0,01,dd,5e,47,41,08,5d,42,d4,b5,4c,08,be,71,45,1f,b2,59,18,bd,6b,46,0d,\
"??"=hex:5c,8b,1c,fb,d7,49,94,bc,57,c0,87,1f,bf,1b,01,4c

[HKEY_LOCAL_MACHINE\software\Microsoft\Internet Explorer\URLSearchHooks]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"{E15F0D11-CAF3-5295-6837-2C43D995C293}"=""

[HKEY_LOCAL_MACHINE\software\Microsoft\jcvkn]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)

[HKEY_LOCAL_MACHINE\software\Microsoft\ltlya]
@Ace=(Denied: NO_PROPAGATE_INHERIT_ACE) ) (Everyone)
"{CFBFAE00-17A6-11D0-99CB-00C04FD64497}"=""
"{5CA2D1A1-D6F6-3B1C-9639-8D3C028178B2}"=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(832)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-14 17:33:19
ComboFix-quarantined-files.txt 2009-01-14 22:32:29
ComboFix2.txt 2009-01-14 22:23:49
ComboFix3.txt 2009-01-14 21:14:44

Pre-Run: 27 181 662 208 octets libres
Post-Run: 27,171,667,968 octets libres

414 --- E O F --- 2008-02-26 23:11:09







-------------- UsbFix V2.414.1 ---------------

* User : Info - USER-8B
* Outils mis a jours le 14/01/2009 par Chiquitine29 et Chimay8
* Recherche effectuée à 17:48:25 le 2009-01-14
* Windows Xp - Internet Explorer 6.0.2900.2180


--------------- [ Processus actifs ] ----------------


C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\logonui.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\userinit.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe

--------------- [ Informations lecteurs ] ----------------

C: - Lecteur fixe D: - Lecteur de CD-ROM E: - Lecteur de CD-ROM
+- Contenu de l'autorun : D:\autorun.inf

[autorun]
open=WiiMMM_Pro_Setup.exe


+- Contenu de l'autorun : E:\autorun.inf

[autorun]
OPEN=SETUP.EXE
ICON=D2X.ICO


--------------- [ Lecteur C ] ----------------

C: - Lecteur fixe
+- Listing des fichiers présents :

[2002-01-10 20:19][--a--c---] C:\AUTOEXEC.BAT
[2004-08-03 21:38][-rahs----] C:\NTDETECT.COM
[2008-01-13 19:27][--a--c---] C:\info.exe
[2008-01-13 19:27][--a--c---] C:\StubInstaller.exe
[2009-01-14 17:09][-rahsc---] C:\boot.ini
[2006-05-27 13:13][--a--c---] C:\boutlog.txt
[2006-05-27 13:13][--a--c---] C:\ComboFix.txt
[2006-05-27 13:13][--a--c---] C:\DVDPATH.TXT
[2006-05-27 13:13][--a--c---] C:\dxdiag.txt
[2006-05-27 13:13][--a--c---] C:\fftoutput.txt
[2006-05-27 13:13][--a--c---] C:\ip.txt
[2006-05-27 13:13][--a--c---] C:\log.txt
[2006-05-27 13:13][--a--c---] C:\rapport.txt
[2006-05-27 13:13][--a--c---] C:\receiveBytes.txt
[2006-05-27 13:13][--a--c---] C:\UsbFix.txt
[2002-01-10 20:19][--a--c---] C:\CONFIG.SYS
[2002-01-10 20:19][--a--c---] C:\IO.SYS
[2002-01-10 20:19][--a--c---] C:\MSDOS.SYS
[2002-01-10 20:19][--a--c---] C:\pagefile.sys

--------------- [ Lecteur D ] ----------------

D: - Lecteur de CD-ROM
+- Listing des fichiers présents :

[2007-05-11 06:56][-r-------] D:\WiiMMM_Pro_Setup.exe
[2007-03-16 11:59][-r-------] D:\Autorun.inf

--------------- [ Lecteur E ] ----------------

E: - Lecteur de CD-ROM
+- Listing des fichiers présents :

[2001-05-09 11:19][-r-------] E:\INSTALL.EXE
[2001-05-09 11:19][-r-------] E:\SETUP.EXE
[2001-04-18 02:23][-r-------] E:\AUTORUN.INF

--------------- [ Registre / Startup ] ----------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,"

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch"
"Start Page"="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome"

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
updateMgr=C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_0
MSMSGS="C:\Program Files\Messenger\msmsgs.exe" /background
msnmsgr="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
ctfmon.exe=C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\run]
SiSPower=Rundll32.exe SiSPower.dll,ModeAgent
Lexmark X1100 Series="C:\Program Files\Lexmark X1100 Series\lxbkbmgr.exe"
SunJavaUpdateSched="C:\Program Files\Java\jre6\bin\jusched.exe"
NeroFilterCheck=C:\WINDOWS\system32\NeroCheck.exe
VX1000=C:\WINDOWS\vVX1000.exe
LifeCam="C:\Program Files\Microsoft LifeCam\LifeExp.exe"
QuickTime Task="C:\Program Files\QT Lite\qttask.exe" -atboottime
PhilipsDM="C:\Program Files\Philips\Philips Device Manager\Bin\DeviceManager.exe"
COMODO Firewall Pro="C:\Program Files\COMODO\Firewall\cfp.exe" -h
AtiPTA=atiptaxx.exe
PWRISOVM.EXE=C:\Program Files\PowerISO\PWRISOVM.EXE
WinampAgent="C:\Program Files\Winamp\winampa.exe"
SoundMan=SOUNDMAN.EXE

--------------- [ Registre / Mountpoint2 ] ----------------

Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\Shell\AutoRun\command
Supprimé ! - HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\E\Shell\AutoRun\command

--------------- [ Nettoyage des disques ] ----------------

Supprimé ! - [2007-06-24 01:28][--a--c---] C:\WINDOWS\system32\tmp.txt
Supprimé ! - [2008-01-13 19:27][--a--c---] C:\info.exe
Echec de la supression !! - [2007-03-16 11:59] D:\autorun.inf
Echec de la supression !! - [2007-03-16 11:59] D:\autorun.inf
Echec de la supression !! - [2001-05-09 11:19] E:\install.exe
Echec de la supression !! - [2001-04-30 04:33] E:\Setup.exe
Echec de la supression !! - [2001-04-18 02:23] E:\autorun.inf
Echec de la supression !! - [2001-04-18 02:23] E:\autorun.inf

--------------- [ Resumé ] ----------------

-> /!\ Le resultat doit etre interprété par un spécialiste /!\

[2002-01-10 20:19][--a--c---] C:\AUTOEXEC.BAT
[2004-08-03 21:38][-rahs----] C:\NTDETECT.COM
[2005-10-31 10:56][--a--c---] C:\StubInstaller.exe
[2009-01-14 17:09][-rahsc---] C:\boot.ini
[2007-05-11 06:56][-r-------] D:\WiiMMM_Pro_Setup.exe
[2007-03-16 11:59][-r-------] D:\Autorun.inf
[2001-05-09 11:19][-r-------] E:\INSTALL.EXE
[2001-05-09 11:19][-r-------] E:\SETUP.EXE
[2001-04-18 02:23][-r-------] E:\AUTORUN.INF

--------------- [ Vaccination ] ----------------

C:\autorun.inf -> Dossier autorun.inf crée par UsbFix !

--------------- ! Fin du rapport ! ----------------







Malwarebytes' Anti-Malware 1.32
Version de la base de données: 1616
Windows 5.1.2600 Service Pack 2

2009-01-15 03:29:14
mbam-log-2009-01-15 (03-29-14).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 209076
Temps écoulé: 52 minute(s), 53 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\Interface\{2f223fdc-164a-492c-82d0-055fd8ce349c} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{4d3bc08f-3c13-4cd1-80f4-f5a7b7d0388f} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{5ba3ee9b-a96e-4301-b839-388afefcd9f4} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{85292bee-65ff-41ad-8e72-b385d1c93c89} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{861adda2-0216-49ac-aa5b-62f64f1d91d1} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{8d3014ae-0854-4222-a733-d9dd0149d9fa} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9a9e938c-4a18-4b36-a973-dadcd8a1c268} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9c4d0d3f-f36e-42a3-9b35-a43c08ab1866} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{abd41a08-5c4d-4cdb-8310-a681e73755bf} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b151b421-a97b-4c1d-b555-eed8a35ba5c8} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{b3d80493-3013-4e93-a878-4cefc401f4a6} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{bdc7bb72-6c19-415d-86c3-76cc46ec00a9} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{ce351b84-f0d6-4fa0-aad7-3c0616ea647e} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d64dcdae-38cd-488c-a85c-00a0b5c03ae8} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{d9f4d801-2431-465a-b754-ab9e3b649e8c} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e0dbb136-fcd7-4180-9207-d4a9e822002e} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{099a05c2-cda0-41ff-9a38-dd8b6149a766} (Rogue.Spylocked) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8109fd3d-d891-4f80-8339-50a4913ace6f} (Adware.Zango) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\legacy_windev-d2e-913 (Rootkit.Agent) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{01e69986-a054-4c52-abe8-ef63df1c5211} (Adware.SoftMate) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\Documents and Settings\Info\Bureau\Desktop crap\Css-Hack\holzed\holzed.exe (Backdoor.Poison) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{F09A42C9-3AB9-4A00-A6D1-6C98F473E54D}\RP110\A0118460.exe (Trojan.BHO) -> Quarantined and deleted successfully.
C:\WINDOWS\inf\ultra.PNF (Malware.Trace) -> Quarantined and deleted successfully.
0
Réponse 17 / 22
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
15 janv. 2009 à 10:33
Copie le texte ci-dessous :

File::
c:\windows\system32\wow975_50.dll
c:\windows\system32\wow127_625.dll

Folder::
c:\windows\mj
c:\windows\syscheck

Registry::
[HKEY_USERS\S-1-5-21-602162358-1757981266-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{5C879394-6B61-BB9C-EBEA-5B77FB345C10}*]
"iafgfbmkhfejpicdok"=-
"hapfdadmngoljgmf"=-
[-HKEY_LOCAL_MACHINE\software\Microsoft\ltlya\{5CA2D1A1-D6F6-3B1C-9639-8D3C028178B2}]


Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
Sauvegarde ce fichier sous le nom de CFScript.txt

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci :
http://img.photobucket.com/albums/v666/sUBs/CFScript.gif

Cela va relancer Combofix,

Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.

Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!

Ne touche à rien tant que le scan n'est pas terminé.

Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.

S'il n'y a pas de rédémarrage, poste quand même les rapports.
0
Réponse 18 / 22
Kapewpew
15 janv. 2009 à 19:47
ComboFix 09-01-13.04 - Info 2009-01-15 13:29:59.4 - NTFSx86
Running from: c:\documents and settings\Info\Bureau\ComboFix.exe
Command switches used :: c:\documents and settings\Info\Bureau\CFScript.txt

FILE ::
c:\windows\system32\wow127_625.dll
c:\windows\system32\wow975_50.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\mj\
c:\windows\syscheck\
c:\windows\system32\wow127_625.dll
c:\windows\system32\wow975_50.dll

.
((((((((((((((((((((((((( Files Created from 2008-12-15 to 2009-01-15 )))))))))))))))))))))))))))))))
.

2009-01-14 17:54 . 2009-01-14 17:54 <REP> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-14 17:54 . 2009-01-14 17:54 <REP> d-------- c:\documents and settings\Info\Application Data\Malwarebytes
2009-01-14 17:54 . 2009-01-14 17:54 <REP> d----c--- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-14 17:54 . 2009-01-04 18:38 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-14 17:54 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-14 17:41 . 2009-01-14 17:48 <REP> d-------- c:\program files\UsbFix
2009-01-14 16:34 . 2009-01-15 13:28 25,980 --a------ c:\windows\system32\kis.exe
2009-01-14 16:13 . 2009-01-14 16:13 20 --a------ c:\windows\mj
2009-01-14 14:48 . 2009-01-14 14:49 <REP> d-------- c:\windows\ERUNT
2009-01-14 14:38 . 2009-01-14 15:33 <REP> d----c--- C:\SDFix
2009-01-14 13:30 . 2009-01-14 13:30 <REP> d-------- c:\program files\Lavasoft
2009-01-14 13:30 . 2009-01-14 13:31 <REP> d----c--- c:\documents and settings\All Users\Application Data\Lavasoft
2009-01-14 13:22 . 2009-01-14 13:22 <REP> d-------- c:\windows\system32\spool
2009-01-13 19:36 . 2009-01-15 13:22 <REP> d-------- c:\windows\system32\CatRoot2
2009-01-11 19:13 . 2009-01-11 19:12 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-11 18:57 . 2005-11-24 10:15 <REP> d--h-c--- c:\documents and settings\Administrateur.USER-8B\Voisinage réseau
2009-01-11 18:57 . 2005-11-24 10:15 <REP> d--h-c--- c:\documents and settings\Administrateur.USER-8B\Voisinage d'impression
2009-01-11 18:57 . 2005-11-24 15:22 <REP> d--h-c--- c:\documents and settings\Administrateur.USER-8B\Modèles
2009-01-11 18:57 . 2005-11-24 10:15 <REP> d----c--- c:\documents and settings\Administrateur.USER-8B\Mes documents
2009-01-11 18:57 . 2005-11-24 10:15 <REP> dr---c--- c:\documents and settings\Administrateur.USER-8B\Menu Démarrer
2009-01-11 18:57 . 2005-11-24 10:15 <REP> d----c--- c:\documents and settings\Administrateur.USER-8B\Favoris
2009-01-11 18:57 . 2005-11-24 10:15 <REP> d----c--- c:\documents and settings\Administrateur.USER-8B\Bureau
2009-01-11 18:57 . 2008-01-22 06:22 <REP> d----c--- c:\documents and settings\Administrateur.USER-8B\Application Data\Ventrilo
2009-01-11 18:57 . 2009-01-11 18:57 <REP> d----c--- c:\documents and settings\Administrateur.USER-8B
2009-01-09 19:50 . 2009-01-09 19:50 <REP> d-------- c:\documents and settings\Info\Application Data\dBpoweramp
2009-01-07 02:35 . 2009-01-07 02:35 <REP> d-------- c:\documents and settings\Info\Application Data\Toribash
2009-01-02 23:36 . 2009-01-02 23:36 <REP> d-------- c:\program files\Fichiers communs\Skype
2009-01-02 23:36 . 2009-01-02 23:36 56 --ah----- c:\windows\system32\ezsidmv.dat
2009-01-02 16:54 . 2009-01-02 16:54 <REP> d-------- c:\program files\Realtek AC97
2009-01-01 20:02 . 2009-01-01 20:02 <REP> d-------- c:\documents and settings\Info\Application Data\Datel
2008-12-27 03:21 . 2008-12-27 03:21 <REP> d----c--- c:\documents and settings\All Users\Application Data\Blizzard
2008-12-27 00:43 . 2008-12-27 00:43 20 --a------ c:\windows\syscheck
2008-12-26 21:59 . 2009-01-13 12:57 <REP> d-------- c:\program files\World of Warcraft
2008-12-20 22:13 . 2008-12-20 22:13 <REP> d-------- c:\documents and settings\Info\Application Data\AccurateRip
2008-12-19 22:42 . 2008-12-19 22:42 <REP> d----c--- C:\Your main Age of Wonders folder here

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 18:30 --------- d-----w c:\program files\Fichiers communs\Wise Installation Wizard
2009-01-14 08:59 --------- d-----w c:\program files\a-squared Free
2009-01-12 23:08 --------- d-----w c:\program files\Steam
2009-01-12 06:51 --------- d-----w c:\documents and settings\Info\Application Data\skypePM
2009-01-12 06:51 --------- d-----w c:\documents and settings\Info\Application Data\Skype
2009-01-12 00:12 --------- d-----w c:\program files\Java
2008-12-27 03:51 --------- d-----w c:\program files\Fichiers communs\Blizzard Entertainment
2008-12-27 02:58 --------- d-----w c:\program files\Fichiers communs\Real
2008-12-27 02:56 --------- dc----w c:\documents and settings\All Users\Application Data\AOL
2008-12-27 02:56 --------- d-----w c:\program files\Fichiers communs\AOL
2008-12-27 02:56 --------- d-----w c:\program files\Cheat Engine
2008-12-26 09:20 --------- d-----w c:\program files\Xfire
2008-12-25 19:25 --------- d-----w c:\documents and settings\Info\Application Data\Xfire
2008-12-21 03:13 5,068,152 ----a-w c:\windows\system32\SpoonUninstall.exe
2008-12-14 02:27 --------- d--h--w c:\program files\InstallShield Installation Information
2008-12-14 02:27 --------- d-----w c:\program files\Panasonic
2008-12-11 20:37 42,320 ----a-w c:\windows\system32\xfcodec.dll
2008-12-01 20:13 --------- d-----w c:\program files\Image-Line
2008-12-01 20:13 --------- d-----w c:\program files\DVDVideoSoft
2008-11-28 22:11 87,056 ----a-w c:\windows\system32\drivers\cmdGuard.sys
2008-11-28 22:11 24,208 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2008-11-28 22:11 143,104 ----a-w c:\windows\system32\guard32.dll
2008-10-19 13:57 111,928 ----a-w c:\windows\system32\PnkBstrB.exe
2008-08-13 05:21 24 ----a-w c:\documents and settings\Info\jagex_runescape_preferences.dat
2008-02-28 15:26 32 -c--a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-12-18 21:04 22,328 ----a-w c:\documents and settings\Info\Application Data\PnkBstrK.sys
2007-12-15 17:55 4,346,084 ----a-w c:\documents and settings\Info\WoW-2.3.0.7561-to-0.3.2.7627-enUS-patch.exe
2007-10-21 11:07 220,008,707 ----a-w c:\documents and settings\Info\WoW-2.2.3.7359-to-0.3.0.7441-enUS-patch.exe
2007-08-14 14:14 51,185,123 ----a-w c:\documents and settings\Info\WoW-2.1.3.6898-to-0.2.0.6932-enUS-patch.exe
2006-09-22 02:49 19,456 ----a-w c:\documents and settings\Info\tspeakfp.exe
2007-04-21 17:15 1,890 --sha-w c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( snapshot@2009-01-14_16.11.53.75 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-01-15 18:22:22 16,384 ----atw c:\windows\Temp\Perflib_Perfdata_344.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"updateMgr"="c:\program files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2004-11-22 307200]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-03 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-11 136600]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2008-01-08 163840]
"VX1000"="c:\windows\vVX1000.exe" [2006-10-13 707376]
"LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2006-10-13 277296]
"QuickTime Task"="c:\program files\QT Lite\qttask.exe" [2007-06-29 286720]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2006-12-21 663552]
"COMODO Firewall Pro"="c:\program files\COMODO\Firewall\cfp.exe" [2008-11-28 1655552]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-01-20 217088]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-04-01 36352]
"SiSPower"="SiSPower.dll" [2005-01-04 c:\windows\system32\SiSPower.dll]
"AtiPTA"="atiptaxx.exe" [2006-02-21 c:\windows\system32\atiptaxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-12-22 c:\windows\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
"ALUAlert"="c:\program files\Symantec\LiveUpdate\ALUNotify.exe" [BU]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{002E28F4-D7A2-456A-AE04-EB9ABF822FE4}"= "c:\windows\TEMP\Down(0)ow.dll" [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.dvacm"= c:\progra~1\FICHIE~1\ULEADS~1\Vio\Dvacm.acm
"VIDC.SP50"= SP5X_32.DLL
"VIDC.SP51"= SP5X_32.DLL
"VIDC.SP52"= SP5X_32.DLL
"VIDC.SP53"= SP5X_32.DLL
"VIDC.SP54"= SP5X_32.DLL
"VIDC.SP55"= SP5X_32.DLL
"VIDC.SP56"= SP5X_32.DLL
"VIDC.SP57"= SP5X_32.DLL
"VIDC.SP58"= SP5X_32.DLL
"VIDC.SP59"= SP5X_32.DLL
"VIDC.XFR1"= xfcodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Utility Tray.lnk]
path=c:\documents and settings\All Users\Menu Démarrer\Programmes\Démarrage\Utility Tray.lnk
backup=c:\windows\pss\Utility Tray.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Info^Menu Démarrer^Programmes^Démarrage^IMVU.lnk]
path=c:\documents and settings\Info\Menu Démarrer\Programmes\Démarrage\IMVU.lnk
backup=c:\windows\pss\IMVU.lnkStartup

[HKLM\~\startupfolder\C:^Documents and Settings^Info^Menu Démarrer^Programmes^Démarrage^Raccourci vers SoF2mp_min.lnk]
path=c:\documents and settings\Info\Menu Démarrer\Programmes\Démarrage\Raccourci vers SoF2mp_min.lnk
backup=c:\windows\pss\Raccourci vers SoF2mp_min.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
c:\program files\AIM6\aim6.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
--a------ 2008-01-03 08:54 486856 c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ieupdate]
c:\windows\system32\ieupdates.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
--a------ 2008-11-02 00:02 1410296 c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Uniblue RegistryBooster 2]
c:\program files\Uniblue\RegistryBooster 2\RegistryBooster.exe [BU]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Veoh]
--a------ 2008-04-01 17:35 3587120 c:\program files\Veoh Networks\Veoh\VeohClient.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG]
--------- 2006-10-18 20:05 204288 c:\program files\Windows Media Player\wmpnscfg.exe

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Valve\\Steam\\SteamApps\\User\\Half-Life 2\\hl2.exe"=
"%windir%\\system32\\ccapp.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=
"c:\\Program Files\\BitLord\\BitLord.exe"=
"c:\\Program Files\\World of Warcraft\\Repair.exe"=
"c:\\StubInstaller.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\VentSrv\\ventrilo_srv.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\HelpCtr.exe"=
"c:\\Program Files\\Veoh Networks\\Veoh\\VeohClient.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009

R2 mycode1983;Remote TCP/IP3;c:\windows\System32\svchost.exe [2004-08-03 14336]
R2 wowsystemcode123;Remote TCP/IP;c:\windows\System32\svchost.exe [2004-08-03 14336]
R2 WXDN;Security Service; [x]
R3 CA500AI;maxell WS30SLIM Digital Camera; [x]
R3 CA500AV;maxell WS30SLIM Video Camera; [x]
R3 CEDRIVER52;CEDRIVER52; [x]
R3 jamilah;jamilah; [x]
R3 MTK;Media Technology Kernel Driver; [x]
R3 NTProcDrv;Process creation detector for NT.; [x]
R3 XDva222;XDva222; [x]
S1 atitray;atitray;c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys [2007-11-05 17952]
S1 cmdGuard;COMODO Firewall Pro Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2008-11-28 87056]
S1 cmdHlp;COMODO Firewall Pro Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2008-11-28 24208]
S2 NetCM;Network Connection Manager;c:\program files\NetMeeting\Netsh.exe [2007-07-04 417792]
S2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [2007-08-24 21920]


--- Other Services/Drivers In Memory ---

*Deregistered* - a2free
*Deregistered* - aawservice
*Deregistered* - AFD
*Deregistered* - Alerter
*Deregistered* - ALG
*Deregistered* - Ati HotKey Poller
*Deregistered* - ATI Smart
*Deregistered* - atitray
*Deregistered* - AudioSrv
*Deregistered* - audstub
*Deregistered* - Beep
*Deregistered* - BridgeMP
*Deregistered* - Browser
*Deregistered* - Cdfs
*Deregistered* - cmdAgent
*Deregistered* - cmdGuard
*Deregistered* - cmdHlp
*Deregistered* - CryptSvc
*Deregistered* - DcomLaunch
*Deregistered* - Dhcp
*Deregistered* - dmio
*Deregistered* - dmload
*Deregistered* - dmserver
*Deregistered* - ERSvc
*Deregistered* - EventSystem
*Deregistered* - Fastfat
*Deregistered* - FastUserSwitchingCompatibility
*Deregistered* - Fips
*Deregistered* - FltMgr
*Deregistered* - Ftdisk
*Deregistered* - Gpc
*Deregistered* - helpsvc
*Deregistered* - HidServ
*Deregistered* - HTTP
*Deregistered* - HTTPFilter
*Deregistered* - ImapiService
*Deregistered* - Inspect
*Deregistered* - IpNat
*Deregistered* - IPSec
*Deregistered* - JavaQuickStarterService
*Deregistered* - KSecDD
*Deregistered* - lanmanserver
*Deregistered* - lanmanworkstation
*Deregistered* - LexBceS
*Deregistered* - LmHosts
*Deregistered* - mnmdd
*Deregistered* - Modem
*Deregistered* - Mouclass
*Deregistered* - MountMgr
*Deregistered* - MRxDAV
*Deregistered* - MRxSmb
*Deregistered* - MSCamSvc
*Deregistered* - Msfs
*Deregistered* - mssmbios
*Deregistered* - Mup
*Deregistered* - NDIS
*Deregistered* - NdisTapi
*Deregistered* - Ndisuio
*Deregistered* - NdisWan
*Deregistered* - NDProxy
*Deregistered* - NetBIOS
*Deregistered* - NetBT
*Deregistered* - NetCM
*Deregistered* - Netman
*Deregistered* - Nla
*Deregistered* - Npfs
*Deregistered* - Ntfs
*Deregistered* - Null
*Deregistered* - PartMgr
*Deregistered* - ParVdm
*Deregistered* - PCIIde
*Deregistered* - Pcouffin
*Deregistered* - PnkBstrA
*Deregistered* - PolicyAgent
*Deregistered* - PptpMiniport
*Deregistered* - ProtectedStorage
*Deregistered* - PSched
*Deregistered* - RasAcd
*Deregistered* - Rasl2tp
*Deregistered* - RasMan
*Deregistered* - RasPppoe
*Deregistered* - Raspti
*Deregistered* - Rdbss
*Deregistered* - RDPCDD
*Deregistered* - rdpdr
*Deregistered* - RemoteRegistry
*Deregistered* - RpcSs
*Deregistered* - SamSs
*Deregistered* - SCDEmu
*Deregistered* - Schedule
*Deregistered* - SCREAMINGBDRIVER
*Deregistered* - Secdrv
*Deregistered* - seclogon
*Deregistered* - SENS
*Deregistered* - sfdrv01
*Deregistered* - sfhlp02
*Deregistered* - sfsync02
*Deregistered* - SharedAccess
*Deregistered* - ShellHWDetection
*Deregistered* - sisidex
*Deregistered* - Spooler
*Deregistered* - sptd
*Deregistered* - sr
*Deregistered* - srservice
*Deregistered* - Srv
*Deregistered* - SSDPSRV
*Deregistered* - stisvc
*Deregistered* - swenum
*Deregistered* - TapiSrv
*Deregistered* - Tcpip
*Deregistered* - TermDD
*Deregistered* - TermService
*Deregistered* - Themes
*Deregistered* - TrkWks
*Deregistered* - uagp35
*Deregistered* - UleadBurningHelper
*Deregistered* - Update
*Deregistered* - upnphost
*Deregistered* - usnjsvc
*Deregistered* - VgaSave
*Deregistered* - Viewpoint Manager Service
*Deregistered* - VolSnap
*Deregistered* - W32Time
*Deregistered* - Wanarp
*Deregistered* - WebClient
*Deregistered* - WinDriver6
*Deregistered* - winmgmt
*Deregistered* - WmiApSrv
*Deregistered* - WMPNetworkSvc
*Deregistered* - wowsystemcode123
*Deregistered* - wscsvc
*Deregistered* - wuauserv
*Deregistered* - WudfPf
*Deregistered* - WudfSvc
*Deregistered* - WZCSVC

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
wowsystemcode123
.
Contents of the 'Scheduled Tasks' folder

2009-01-02 c:\windows\Tasks\Maintenance en 1 clic.job
- c:\program files\TuneUp Utilities 2008\OneClick.exe []
.
.
------- Supplementary Scan -------
.
IE: {{d9288080-1baa-4bc4-9cf8-a92d743db949} - c:\documents and settings\Info\Menu Démarrer\Programmes\IMVU\Run IMVU.lnk
Trusted Zone: partibleu.jeam.net

O16 -: {745395C8-D0E1-4227-8586-624CA9A10A8D} - hxxp://217.71.245.166/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf

O16 -: {DE625294-70E6-45ED-B895-CFFA13AEB044} - hxxp://80.34.87.7/activex/AMC.cab
c:\windows\Downloaded Program Files\setup.inf
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-15 13:35:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\a2free]
"ImagePath"="\"c:\program files\a-squared Free\a2service.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aawservice]
"ImagePath"="\"c:\program files\Lavasoft\Ad-Aware\aawservice.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\abp480n5]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\adpu160m]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Aha154x]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78u2]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aic78xx]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALCXWDM]
"ImagePath"="system32\drivers\ALCXWDM.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AliIde]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AmdK7]
"ImagePath"="system32\DRIVERS\amdk7.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\amsint]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\APLMp50]
"ImagePath"="System32\Drivers\APLMp50.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\asc]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\asc3350p]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\asc3550]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_1.1.4322]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ASPI32]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Atdisk]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ati HotKey Poller]
"ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ATI Smart]
"ImagePath"="c:\windows\system32\ati2sgag.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Atierecord]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\atitray]
"ImagePath"="\??\c:\program files\Radeon Omega Drivers\v4.8.442\ATI Tray Tools\atitray.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\bdfdll]
"ImagePath"="\??\c:\program files\Softwin\BitDefender9\bdfdll.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BridgeMP]
"ImagePath"="system32\DRIVERS\bridge.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BulkUsb]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CA500AI]
"ImagePath"="System32\Drivers\LG_BULK.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CA500AV]
"ImagePath"="system32\DRIVERS\CA500AV.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\combofix\catchme.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CCDECODE]
"ImagePath"="system32\DRIVERS\CCDECODE.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CEDRIVER52]
"ImagePath"="\??\c:\program files\Cheat Engine\dbk32.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdAgent]
"ImagePath"="\"c:\program files\COMODO\Firewall\cmdagent.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdGuard]
"ImagePath"="System32\DRIVERS\cmdguard.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\cmdHlp]
"ImagePath"="System32\DRIVERS\cmdhlp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CmdIde]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dac960nt]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dpti2o]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\dtscsi]
"ImagePath"="\SystemRoot\System32\Drivers\dtscsi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ENTECH]
"ImagePath"="\??\c:\windows\system32\DRIVERS\ENTECH.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hamachi]
"ImagePath"="system32\DRIVERS\hamachi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Inspect]
"ImagePath"="System32\DRIVERS\inspect.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IntelIde]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\jamilah]
"ImagePath"="\??\c:\documents and settings\Info\Bureau\jamilah.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LexBceS]
"ImagePath"="c:\windows\system32\LEXBCES.EXE"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSCamSvc]
"ImagePath"="\"c:\program files\Microsoft LifeCam\MSCamS32.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSSQL$SONY_MEDIAMGR]
"ImagePath"="c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlservr.exe -sSONY_MEDIAMGR"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSSQLServerADHelper]
"ImagePath"="c:\program files\Microsoft SQL Server\80\Tools\Binn\sqladhlp.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MTK]
"ImagePath"="System32\Drivers\mtk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\mycode1983]
"ServiceDll"="c:\windows\system32\wow975_50.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ndiscm]
"ImagePath"="system32\DRIVERS\NetMotCM.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetCM]
"ImagePath"="c:\program files\NetMeeting\Netsh.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\nm]
"ImagePath"="system32\DRIVERS\NMnt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npkcrypt]
"ImagePath"="\??\c:\nexon\MapleStory\npkcrypt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\npkcusb]
"ImagePath"="\??\c:\nexon\MapleStory\npkcusb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NTProcDrv]
"ImagePath"="\??\c:\documents and settings\Info\Bureau\NtProcDrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Pcouffin]
"ImagePath"="System32\Drivers\Pcouffin.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PnkBstrA]
"ImagePath"="c:\windows\system32\PnkBstrA.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ROOTMODEM]
"ImagePath"="System32\Drivers\RootMdm.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCDEmu]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SCREAMINGBDRIVER]
"ImagePath"="system32\drivers\ScreamingBAudio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfdrv01]
"ImagePath"="System32\drivers\sfdrv01.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfhlp02]
"ImagePath"="System32\drivers\sfhlp02.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sfsync02]
"ImagePath"="System32\drivers\sfsync02.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiS315]
"ImagePath"="system32\DRIVERS\sisgrp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SISAGP]
"ImagePath"="system32\DRIVERS\SISAGPX.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSide]
"ImagePath"="system32\DRIVERS\siside.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sisidex]
"ImagePath"="system32\drivers\sisidex.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SiSkp]
"ImagePath"="system32\DRIVERS\srvkp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SISNIC]
"ImagePath"="system32\DRIVERS\sisnic.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sisperf]
"ImagePath"="system32\drivers\sisperf.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SQLAgent$SONY_MEDIAMGR]
"ImagePath"="c:\program files\Sony\Shared Plug-Ins\Media Manager\MSSQL$SONY_MEDIAMGR\Binn\sqlagent.EXE -i SONY_MEDIAMGR"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\srservice]
"ServiceDll"="c:\windows\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{2AC174D2-266C-488C-9DEB-52053F8A75C9}"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\uagp35]
"ImagePath"="system32\DRIVERS\uagp35.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UleadBurningHelper]
"ImagePath"="c:\program files\Fichiers communs\Ulead Systems\DVD\ULCDRSvr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USB]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usnjsvc]
"ImagePath"="\"c:\program files\Windows Live\Messenger\usnsvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\usprserv]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Viewpoint Manager Service]
"ImagePath"="\"c:\program files\Viewpoint\Common\ViewpointService.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VX1000]
"ImagePath"="system32\DRIVERS\VX1000.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\VxD]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinDriver6]
"ImagePath"="system32\drivers\windrvr6.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WLSetupSvc]
"Imag
0
Réponse 19 / 22
Kapewpew
15 janv. 2009 à 19:50
"ImagePath"="\"c:\program files\Windows Live\installer\WLSetupSvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WMPNetworkSvc]
"ImagePath"="\"c:\program files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wowsystemcode123]
"ServiceDll"="c:\windows\system32\wow127_625.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WXDN]
"ImagePath"="c:\windows\system32\svcd\svchost.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\XDva222]
"ImagePath"="\??\c:\windows\system32\XDva222.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\xnacc]
"ImagePath"="system32\DRIVERS\xnacc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\XTrapD12]
"ImagePath"="\??\c:\windows\system32\XTrapD12.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{32A61713-08A9-4473-98BA-1A8251635408}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{6F08F2AB-8EB6-4477-9DF7-999571077EA5}]

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\{7E5B1C87-AAF1-4296-96E9-E401CE14B085}]
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(896)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-15 13:42:56
ComboFix-quarantined-files.txt 2009-01-15 18:41:56
ComboFix2.txt 2009-01-14 22:33:20
ComboFix3.txt 2009-01-14 22:23:49
ComboFix4.txt 2009-01-14 21:14:44

Pre-Run: 27 880 337 408 octets libres
Post-Run: 27,885,326,336 octets libres

990 --- E O F --- 2008-02-26 23:11:09
0
Réponse 20 / 22
chimay8 Messages postés 7720 Date d'inscription jeudi 1 mai 2008 Statut Contributeur sécurité Dernière intervention 3 janvier 2014 60
16 janv. 2009 à 02:11
poste un nouveau rapport Hijack stp
0

Discussions similaires

taxe foncière pour locataire
Cryséis -
irongege -

1 réponse
100 mo internet, équivalent en nombre d'heures
sara ! 75014 -
ictus -

15 réponses
100 mo d'internet en gros c quoi ?
jess4 -
MPMP10 -

4 réponses
A quoi correspond 1 Go en Mo
clara65 -
Jeff -

10 réponses
processus inactif du systeme
edsurf64 -
mick8 -

29 réponses