Sujet Précédent Sujet Suivant

Gros problème de virus

Fermé
lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014 - 14 févr. 2009 à 11:13
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 - 12 mai 2009 à 13:58
Bonjour,

J'ai attrappé des méchants virus

je croyais pourtant être protégé ...

Une ame charitable peut elle m'aider

merci d'avance.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:06:17 , on 14/02/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18372)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\a-squared Free\a2service.exe
C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Intel\AMT\atchksrv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Intel\AMT\LMS.exe
C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
C:\Program Files\PDF Complete\pdfsvc.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Intel\AMT\UNS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\MagicRotation\MagicPvt.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDClock.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDCountdown.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDPOP3.exe
C:\Program Files\Fichiers communs\Logitech\LCD Manager\Applets\LCDMedia.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\Program Files\WinZip\WZQKPICK.EXE
C:\Program Files\BitDefender\BitDefender 2009\seccenter.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Windows NT\Accessoires\wordpad.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr?cobrand=hp-comm.msn.com&ocid=HPDHP&pc=CMDTDF
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://www.samsung.com/us/support/downloads/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar avec bloqueur de fenêtres pop-up - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
R3 - URLSearchHook: DefaultSearchHook Class - {C94E154B-1459-4A47-966B-4B843BEFC7DB} - C:\Program Files\AskSearch\bin\DefaultSearch.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe, C:\Documents and Settings\Administrateur\xvhpruq.exe \s,
O3 - Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - (no file)
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2009\IEToolbar.dll
O4 - HKLM\..\Run: [MagicRotation] C:\Program Files\MagicRotation\MagicPvt.exe
O4 - HKLM\..\Run: [Launch LCDMon] "C:\Program Files\Fichiers communs\Logitech\LCD Manager\lcdmon.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [BDAgent] "C:\Program Files\BitDefender\BitDefender 2009\bdagent.exe"
O4 - HKLM\..\Run: [BitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2009\IEShow.exe"
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKLM\..\Policies\Explorer\Run: [services] friendly error page -->

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: NETGEAR WG111v3 Smart Wizard.lnk = C:\Program Files\NETGEAR\WG111v3\WG111v3.exe
O4 - Global Startup: Nikon Monitor.lnk = C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe
O4 - Global Startup: NkbMonitor.exe.lnk = C:\Program Files\Nikon\PictureProject\NkbMonitor.exe
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\WINDOWS\system32\shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=https://www8.hp.com/fr/fr/home.html
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - (no file)
O20 - AppInit_DLLs: APSHook.dll ikarmm.dll
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: a-squared Free Service (a2free) - Emsi Software GmbH - C:\Program Files\a-squared Free\a2service.exe
O23 - Service: Service de la passerelle de la couche Application (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: BitDefender Arrakis Server (Arrakis3) - BitDefender S.R.L. https://www.bitdefender.fr/ - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe
O23 - Service: Intel(R) Active Management Technology System Status Service (atchksrv) - Intel Corporation - C:\Program Files\Intel\AMT\atchksrv.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Service d'administration du Gestionnaire de disque logique (dmadmin) - Unknown owner - C:\WINDOWS\System32\dmadmin.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: Service COM de gravage de CD IMAPI (ImapiService) - Unknown owner - C:\WINDOWS\system32\imapi.exe (file missing)
O23 - Service: Service de l’iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender SRL - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe
O23 - Service: Intel(R) Active Management Technology Local Management Service (LMS) - Intel - C:\Program Files\Intel\AMT\LMS.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe
O23 - Service: Partage de Bureau à distance NetMeeting (mnmsrvc) - Unknown owner - C:\WINDOWS\system32\mnmsrvc.exe (file missing)
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Windows Installer (MSIServer) - Unknown owner - C:\WINDOWS\system32\msiexec.exe (file missing)
O23 - Service: Service de protection contre les virus et les logiciels espions McAfee (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe
O23 - Service: PC Angel (PCA) - SoftThinks - C:\WINDOWS\SMINST\PCAngel.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: Personal Secure Drive service for encrypted drives (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: Gestionnaire de session d'aide sur le Bureau à distance (RDSessMgr) - Unknown owner - C:\WINDOWS\system32\sessmgr.exe (file missing)
O23 - Service: Localisateur d'appels de procédure distante (RPC) (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: QoS RSVP (RSVP) - Unknown owner - C:\WINDOWS\system32\rsvp.exe (file missing)
O23 - Service: ScsiAccess - Unknown owner - C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe
O23 - Service: Journaux et alertes de performance (SysmonLog) - Unknown owner - C:\WINDOWS\system32\smlogsvc.exe (file missing)
O23 - Service: Intel(R) Active Management Technology User Notification Service (UNS) - Intel - C:\Program Files\Intel\AMT\UNS.exe
O23 - Service: Onduleur (UPS) - Unknown owner - C:\WINDOWS\System32\ups.exe (file missing)
O23 - Service: Cliché instantané de volume (VSS) - Unknown owner - C:\WINDOWS\System32\vssvc.exe (file missing)
O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S. R. L. - C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe
O23 - Service: Carte de performance WMI (WmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\wmiapsrv.exe (file missing)
A voir également:

115 réponses

Précédent
Réponse 21 / 115
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
14 févr. 2009 à 14:41
Oki ...

fait la manipe de Combofix en mode sans échec alors ....


poste moi le rapport obtenu ....


0
Réponse 22 / 115
lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 14:48
en mode sans échec combofix me dit toujours que je dois quitter bitdefender antivirus (mais je ne peux pas le faire)

dois je continuer le scan combo fix "à mes risque et périls"
0
Réponse 23 / 115
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
14 févr. 2009 à 14:54
non ...


attends, je cheche une manipe pour que tu puisses accéder à ton poste de travail ....


A tout'

0
Réponse 24 / 115
lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 15:02
je suis impressionné par ta patience et ton dévouement

un grand merci
0

Vous n’avez pas trouvé la réponse que vous recherchez ?

Posez votre question
Réponse 25 / 115
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
14 févr. 2009 à 15:03
Bien ...

* Utilise la commande "Exécuter" .
appuie simultanement sur la touche "Windows" et sur R > la boite de commande "Executer" va s´ouvrir...

-->là tu tapes ou copie/colle : cmd et valide par "ok"

* Dans la fenêtre noir ( type DOS ) tape exactement ce-ci :

START EXPLORER

-> valide en tapant sur [entrée]


Une fois l'explorateur ouvert , cherche Bitdefender pour le désactiver ...


0
Réponse 26 / 115
lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 15:08
il me répond

windows ne trouve START EXPLORER
0
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
14 févr. 2009 à 15:09
excuse , erreur de ma part .... ^^


j'ai modifié la manipe : http://www.commentcamarche.net/forum/affich 11040511 gros probleme de virus?page=2#30



retente le coup ^^

0
Réponse 27 / 115
lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 15:15
désolé j'ai mal lu

j'arrive sur l'explorateur windows
0
Réponse 28 / 115
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
14 févr. 2009 à 15:21
bien ...

cherche et ouvre Bitdefender pour le désactiver ...


dis moi une fois fait ....

0
Réponse 29 / 115
lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 15:39
bon alors j'ai redémarré en mode normal avec la cession administrateur
j'ai pu accéder aus paramètres avancés de bitdefender et désactivé lepare feux

j'ai lancé combofix qui me dit

la console de récupération windows n'existe pas sur ce pc

voulez vous l'installer


une connexion internet active est indispensable
0
Réponse 30 / 115
lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 15:47
je répond non

on verra bien
0
Réponse 31 / 115
lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 15:49
que ferais tu?
y a t il un risque si je dis non?
0
Réponse 32 / 115
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
14 févr. 2009 à 15:56
télécharge la depuis l'autre PC en suvant ce tuto :
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix#manual_recovery

fait l'installe de cette dernière sur le PC malade puis relance Combofix ....

0
Réponse 33 / 115
lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 16:10
quand je recherche i386

windows search me dit
c:\n'est pas indexé

entretemps
j'ai tapé non et
le pc a redémarré
0
Réponse 34 / 115
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
14 févr. 2009 à 16:14
bien ...

laisse redémarrer tranquillement et une fois terminé , poste moi le rapport combo obtenu ....

0
Réponse 35 / 115
lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 16:16
peux tu me dire ou se trouve ce rapport?
0
Réponse 36 / 115
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
14 févr. 2009 à 16:21 
Le rapport sera crée ici : C:\Combofix.txt


tout est dans la manipe que je t'ai donné .... ^^


0
Réponse 37 / 115
lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 16:31
quand je veux ouvrir c:

il me répond

c_PsdRsDll not found
0
Réponse 38 / 115
lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 16:35
Désolé en fait c'est un message qu'il me met au démarrage

voici le message combo fix..; enfin


ComboFix 09-02-12.03 - Administrateur 2009-02-14 16:22:39.3 - NTFSx86
Microsoft Windows XP Professionnel 5.1.2600.3.1252.1.1036.18.2002.1470 [GMT 1:00]
Running from: C:\Documents and Settings\Administrateur\Bureau\ComboFix.exe
AV: BitDefender Antivirus *On-access scanning disabled* (Updated)
AV: Lavasoft Ad-Watch Live! AntiVirus *On-access scanning disabled* (Updated)
FW: Pare-feu BitDefender *enabled*
FW: Total Protection Service *disabled*

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2009-01-14 to 2009-02-14 )))))))))))))))))))))))))))))))
.

2009-02-14 15:32 . 2009-02-14 15:53 121 --a------ C:\WINDOWS\bdagent.INI
2009-02-14 12:32 . 2009-02-14 12:32 <REP> d-------- C:\Program Files\Malwarebytes' Anti-Malware2
2009-02-14 11:56 . 2009-02-14 11:58 <REP> d-------- C:\ToolBar SD
2009-02-14 11:30 . 2009-02-14 12:00 <REP> d-------- C:\rsit
2009-02-14 11:05 . 2009-02-14 11:05 <REP> d-------- C:\Program Files\Trend Micro
2009-02-14 11:00 . 2009-02-14 11:00 24,394 --a------ C:\upload_moi_PHOTOS.tar.gz
2009-02-14 10:26 . 2009-02-14 10:26 560 --ah----- C:\aaw7boot.cmd
2009-02-12 19:07 . 2009-02-12 19:07 183 --a------ C:\WINDOWS\dgnsetup.ini
2009-02-11 22:16 . 2009-02-13 17:51 <REP> d-------- C:\Program Files\a-squared Free
2009-02-11 22:12 . 2009-02-11 22:13 <REP> d-------- C:\Documents and Settings\All Users\Application Data\avg8
2009-02-11 22:12 . 2009-02-11 22:12 50,968 --a------ C:\WINDOWS\system32\avgfwdx.dll
2009-02-11 22:12 . 2009-02-11 22:12 29,208 --a------ C:\WINDOWS\system32\drivers\avgfwdx.sys
2009-02-11 20:14 . 2009-02-13 01:36 1,070 --a------ C:\WINDOWS\system32\BDUpdateV1.xml
2009-02-11 20:08 . 2009-02-11 20:07 64,160 --a------ C:\WINDOWS\system32\drivers\Lbd.sys
2009-02-11 19:55 . 2009-02-14 09:27 <REP> d-------- C:\Program Files\SUPERAntiSpyware
2009-02-11 19:55 . 2009-02-11 19:55 <REP> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2009-02-11 19:55 . 2009-02-11 19:55 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\SUPERAntiSpyware.com
2009-02-11 19:54 . 2009-02-11 19:54 <REP> d-------- C:\Program Files\AxBx
2009-02-11 19:52 . 2009-02-11 19:52 <REP> d--h-c--- C:\Documents and Settings\All Users\Application Data\{2BAE6915-8510-4B9F-B498-02DA86258AA0}
2009-02-11 19:16 . 2009-02-11 19:16 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Windows Search
2009-02-11 07:19 . 2008-06-19 16:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2009-02-11 07:18 . 2009-02-11 07:18 <REP> d-------- C:\Program Files\Panda Security
2009-02-11 07:12 . 2009-02-11 07:12 850 --a------ C:\WINDOWS\system32\ProductTweaks.xml
2009-02-11 07:12 . 2009-02-11 07:12 385 --a------ C:\WINDOWS\system32\user_gensett.xml
2009-02-10 23:12 . 2009-02-10 23:12 <REP> d-------- C:\Program Files\CleanUp!
2009-02-10 22:29 . 2009-02-14 16:25 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2009-02-10 22:22 . 2009-02-10 22:22 <REP> d-------- C:\d35d4aff26875d33999bdcc5
2009-02-10 22:20 . 2009-02-10 23:14 <REP> d--hs---- C:\Documents and Settings\LocalService\IETldCache
2009-02-10 22:13 . 2009-02-10 22:13 <REP> d-------- C:\WINDOWS\ie8updates
2009-02-10 22:12 . 2009-02-10 22:12 <REP> d-------- C:\WINDOWS\system32\GroupPolicy
2009-02-10 22:12 . 2009-02-10 22:12 <REP> d-------- C:\Program Files\Windows Desktop Search
2009-02-10 22:12 . 2009-02-10 22:12 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Windows Desktop Search
2009-02-10 22:11 . 2009-02-10 22:11 <REP> d-------- C:\Program Files\Windows Media Connect 2
2009-02-10 22:11 . 2008-03-07 18:02 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2009-02-10 22:11 . 2008-03-07 18:02 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2009-02-10 22:11 . 2008-03-07 18:02 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2009-02-10 22:09 . 2009-02-10 22:09 <REP> d-------- C:\WINDOWS\system32\LogFiles
2009-02-10 22:09 . 2009-02-10 22:10 <REP> d-------- C:\WINDOWS\system32\drivers\UMDF
2009-02-10 22:08 . 2009-01-11 06:00 79,360 --------- C:\WINDOWS\system32\dllcache\iecompat.dll
2009-02-10 21:25 . 2009-02-10 21:25 <REP> d-------- C:\Program Files\BitDefender
2009-02-10 21:25 . 2009-02-10 21:27 <REP> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2009-02-10 21:25 . 2009-02-10 21:25 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\BitDefender
2009-02-10 21:24 . 2009-02-10 21:25 <REP> d-------- C:\Program Files\Fichiers communs\BitDefender
2009-02-10 13:31 . 2009-02-10 13:31 <REP> d-------- C:\Program Files\LicenseAgree
2009-02-08 14:29 . 2009-02-09 16:24 754 --a------ C:\WINDOWS\WORDPAD.INI
2009-02-08 14:17 . 2009-02-08 14:17 <REP> d-------- C:\Program Files\7-Zip
2009-02-08 14:15 . 2009-02-08 14:15 <REP> d-------- C:\Documents and Settings\All Users\Application Data\ParetoLogic
2009-02-08 14:15 . 2009-02-08 14:17 <REP> d-------- C:\Documents and Settings\All Users\Application Data\DriverCure
2009-02-08 14:15 . 2009-02-08 14:15 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\DriverCure
2009-02-08 11:02 . 2009-02-08 11:02 102 --a------ C:\WINDOWS\wininit.ini
2009-02-08 10:34 . 2009-02-08 12:17 <REP> d-------- C:\Program Files\Spybot - Search & Destroy
2009-02-08 10:34 . 2009-02-14 12:28 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-02-08 10:16 . 1996-08-20 20:37 15,840 --a------ C:\WINDOWS\system32\Machnm1.exe
2009-02-08 10:16 . 2005-09-25 16:37 5,632 --a------ C:\WINDOWS\system32\Machnm64.sys
2009-02-08 10:16 . 2009-02-08 10:16 3,120 --a------ C:\WINDOWS\system32\118290.54
2009-02-08 10:16 . 2009-02-08 10:16 3,120 --a------ C:\WINDOWS\118294.78
2009-02-08 10:16 . 2003-08-13 00:27 2,304 --a------ C:\WINDOWS\system32\Machnm32.sys
2009-02-08 09:58 . 2009-02-08 09:59 <REP> d-------- C:\WINDOWS\BDOSCAN8
2009-02-08 09:49 . 2009-02-08 09:49 <REP> d-------- C:\photo
2009-02-08 09:49 . 2009-02-14 10:37 <REP> d--hs---- C:\Documents and Settings\Administrateur\IECompatCache
2009-02-08 09:47 . 2009-02-14 10:36 <REP> d--hs---- C:\Documents and Settings\Administrateur\IETldCache
2009-02-08 09:42 . 2009-02-08 09:43 <REP> d--h-c--- C:\WINDOWS\ie8
2009-02-07 16:30 . 2009-02-08 09:37 66,560 ---h----- C:\WINDOWS\system32\secupdat.dat
2009-02-07 16:27 . 2009-02-08 16:56 130 --a------ C:\WINDOWS\adobe.bat
2009-02-07 16:27 . 2009-02-08 14:09 6 --a------ C:\WINDOWS\_id.dat
2009-02-07 16:26 . 2009-02-07 16:26 39,936 --a------ C:\xxweksc.exe
2009-02-07 16:26 . 2009-02-07 16:26 2 --a------ C:\376140820
2009-01-31 13:51 . 2009-01-31 13:51 835,584 --a------ C:\WINDOWS\npdbplug.dll
2009-01-31 13:51 . 2009-01-31 13:51 695,296 --a------ C:\WINDOWS\dtaplugin.exe
2009-01-31 13:51 . 2009-01-31 13:51 665,600 --a------ C:\WINDOWS\dbplugin.exe
2009-01-31 13:51 . 2009-01-31 13:51 356,352 --a------ C:\WINDOWS\eSellerateEngine.dll
2009-01-31 13:51 . 2009-01-31 13:51 61,440 --a------ C:\WINDOWS\dbrmdwb.exe
2009-01-31 13:51 . 2009-01-31 13:51 601 --a------ C:\WINDOWS\npdbplug.xpt
2009-01-31 13:49 . 2009-02-11 19:00 <REP> d-------- C:\Program Files\DeskTopAuthor
2009-01-29 19:03 . 2009-01-29 19:03 <REP> d-------- C:\Program Files\inKline Global
2009-01-29 18:54 . 2009-02-11 19:52 <REP> d-------- C:\Program Files\Lavasoft
2009-01-29 18:54 . 2009-02-12 22:08 <REP> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2009-01-29 18:52 . 2009-02-12 22:08 <REP> d-------- C:\Program Files\Fichiers communs\Wise Installation Wizard
2009-01-29 13:12 . 2009-01-29 13:12 54,781,247 --a------ C:\WINDOWS\system32\xa425909359.exe
2009-01-29 13:12 . 2009-01-29 13:12 54,781,247 --a------ C:\WINDOWS\system32\xa425904984.exe
2009-01-29 10:07 . 2009-02-04 19:53 664 --a------ C:\WINDOWS\system32\d3d9caps.dat
2009-01-25 17:48 . 2009-01-25 17:48 <REP> d-------- C:\Program Files\iTunes
2009-01-25 17:48 . 2009-01-25 17:48 <REP> d-------- C:\Program Files\iPod
2009-01-25 17:48 . 2009-01-25 17:48 <REP> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2009-01-25 17:47 . 2009-01-25 17:47 <REP> d-------- C:\Program Files\QuickTime
2009-01-25 17:46 . 2008-11-07 14:23 32,000 --a------ C:\WINDOWS\system32\drivers\usbaapl.sys
2009-01-24 17:06 . 2009-01-24 17:06 <REP> d-------- C:\Program Files\Polar
2009-01-24 16:44 . 2009-01-24 16:44 <REP> d-------- C:\Program Files\Logitech
2009-01-24 16:44 . 2009-01-24 16:44 <REP> d-------- C:\Program Files\Fichiers communs\Logitech
2009-01-24 16:32 . 2009-01-24 16:32 <REP> d-------- C:\Program Files\Audacity
2009-01-24 15:40 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2009-01-24 15:40 . 2001-08-23 17:04 12,288 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2009-01-15 02:22 . 2009-01-15 02:22 57,344 --------- C:\WINDOWS\system32\msrating.dll.mui
2009-01-15 02:21 . 2009-01-15 02:21 2,560 --------- C:\WINDOWS\system32\mshta.exe.mui
2009-01-15 02:19 . 2009-01-15 02:19 81,920 --------- C:\WINDOWS\system32\iedkcs32.dll.mui
2009-01-15 02:19 . 2009-01-15 02:19 4,096 --------- C:\WINDOWS\system32\ie4uinit.exe.mui
2009-01-15 02:04 . 2009-01-15 02:04 18,944 --------- C:\WINDOWS\system32\dllcache\corpol.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-02-14 11:17 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\uTorrent
2009-02-12 18:07 --------- d--h--w C:\Program Files\InstallShield Installation Information
2009-02-11 19:17 --------- d-----w C:\Program Files\CCleaner
2009-02-11 09:19 38,496 ----a-w C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2009-02-11 09:19 15,504 ----a-w C:\WINDOWS\system32\drivers\mbam.sys
2009-02-08 11:36 --------- d-----w C:\Documents and Settings\All Users\Application Data\SiteAdvisor
2009-02-08 11:09 --------- d-----w C:\Program Files\Malwarebytes' Anti-Malware
2009-02-02 18:17 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
2009-02-02 18:15 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2009-01-25 16:48 --------- d-----w C:\Program Files\Fichiers communs\Apple
2009-01-25 16:47 --------- d-----w C:\Program Files\Bonjour
2008-12-30 18:29 --------- d-----w C:\Documents and Settings\Administrateur\Application Data\U3
2008-12-30 18:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\WinZip
2008-12-29 11:21 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
2008-12-29 11:21 --------- d-----w C:\Program Files\Fichiers communs\Nikon
2008-11-27 18:14 3,532 ----a-w C:\drmHeader.bin
2008-11-11 08:28 4,890,624 ----a-w C:\Program Files\DSAssistant.exe
2008-11-11 08:24 57,344 ----a-w C:\Program Files\AddPort.dll
2008-10-19 17:19 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLbz.DAT
2008-09-22 16:23 20 ---h--w C:\Documents and Settings\All Users\Application Data\PKP_DLck.DAT
2008-12-16 16:52 61,440 ----a-w C:\Program Files\mozilla firefox\components\FFComm.dll
.

------- Sigcheck -------


2006-03-02 03:00 32256 bd12ed053d37f0537b83afb6c447745c C:\WINDOWS\$NtServicePackUninstall$\ctfmon.exe
2008-04-14 03:33 32256 b755c2a79b2fb0e8ee35bcbc52661ed2 C:\WINDOWS\ServicePackFiles\i386\ctfmon.exe
2008-04-14 03:33 32256 9f0a4f1d3f0795abe73e77e21f73994a C:\WINDOWS\system32\ctfmon.exe

2005-06-11 01:17 74752 1c8f0decc2a2293c7cadb9999af6cbbf C:\WINDOWS\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
2005-06-11 00:53 74752 a450b7abfa2c2d89bad05d7e4a55b040 C:\WINDOWS\$NtServicePackUninstall$\spoolsv.exe
2008-04-14 03:34 74752 e98b2fbfe8db0ccc4ee8cc6d76ac694c C:\WINDOWS\ServicePackFiles\i386\spoolsv.exe
2008-04-14 03:34 74752 1b7086b59872049086ca0af10f0c0af0 C:\WINDOWS\system32\spoolsv.exe

2006-03-02 03:00 41984 80d024dc699b057d58556f7cece22e8d C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
2008-04-14 03:34 43520 3e722d42e7acd8a5aa1ad021f3eed339 C:\WINDOWS\ServicePackFiles\i386\userinit.exe
2008-04-14 03:34 43520 62684bd3a2acbbd8034dfc4116a262aa C:\WINDOWS\system32\userinit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
NETGEAR WG111v3 Smart Wizard.lnk - C:\Program Files\NETGEAR\WG111v3\WG111v3.exe [2007-09-12 15:14:42 1548288]
Nikon Monitor.lnk - C:\Program Files\Fichiers communs\Nikon\Monitor\NkMonitor.exe [2008-08-07 15:49:12 499712]
NkbMonitor.exe.lnk - C:\Program Files\Nikon\PictureProject\NkbMonitor.exe [2008-09-16 18:21:18 139264]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 22:19:14 140800]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2007-04-30 11:10:00 394856]

[COLOR=RED] SafeBoot registry key needs repairs. This machine cannot enter Safe Mode. /COLOR

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\File system]
@="Driver Group"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vgasave.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E967-E325-11CE-BFC1-08002BE10318}]
@="DiskDrive"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96A-E325-11CE-BFC1-08002BE10318}]
@="Hdc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96B-E325-11CE-BFC1-08002BE10318}]
@="Keyboard"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E96F-E325-11CE-BFC1-08002BE10318}]
@="Mouse"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{4D36E97D-E325-11CE-BFC1-08002BE10318}]
@="System"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{71A27CDD-812A-11D0-BEC7-08002BE2092F}]
@="Volume"

[COLOR=RED]NETSVCS REQUIRES REPAIRS - current entries shown/COLOR

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs

.
Contents of the 'Scheduled Tasks' folder

2009-02-13 C:\WINDOWS\Tasks\Ad-Aware Update (Daily).job
- C:\Program Files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-02-11 20:07]

2009-01-31 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2009-02-14 C:\WINDOWS\Tasks\GlaryInitialize.job
- C:\Program Files\Glary Utilities\initialize.exe [2008-09-17 15:35]
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-02-14 16:27:20
Windows 5.1.2600 Service Pack 3 NTFS

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pdfcDispatcher]
"ImagePath"="C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\a2free]
"ImagePath"="\"C:\Program Files\a-squared Free\a2service.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\abp480n5]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ac97intc]
"ImagePath"="system32\drivers\ac97intc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ad-Watch Connect Filter]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\NSDriver.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ad-Watch Real-Time Scanner]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\AWRTPD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ad-Watch Registry Filter]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\AWRTRD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ADIHdAudAddService]
"ImagePath"="system32\drivers\ADIHdAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\adpu160m]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpu160m.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\adpu320]
"ImagePath"="\SystemRoot\system32\DRIVERS\adpu320.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AEAudio]
"ImagePath"="system32\drivers\AEAudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aec]
"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AegisP]
"ImagePath"="system32\DRIVERS\AegisP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Aha154x]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aic78u2]
"ImagePath"="\SystemRoot\system32\DRIVERS\aic78u2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aic78xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\aic78xx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AliIde]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\amsint]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Apple Mobile Device]
"ImagePath"="\"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Arrakis3]
"ImagePath"="\"C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\Arrakis3.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASBroker]
"ServiceDll"="C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asc3350p]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\asc3550]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASChannel]
"ServiceDll"="C:\Program Files\Hewlett-Packard\IAM\Bin\ASChnl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASP.NET_1.1.4322]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\atchksrv]
"ImagePath"="C:\Program Files\Intel\AMT\atchksrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\avg8emc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Avgfwdx]
"ImagePath"="system32\DRIVERS\avgfwdx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Avgfwfd]
"ImagePath"="system32\DRIVERS\avgfwdx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\AvgRkx86]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\bdfm]
"ImagePath"="system32\drivers\bdfm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Bdfndisf]
"ImagePath"="system32\DRIVERS\bdfndisf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\bdfsfltr]
"ImagePath"="system32\drivers\bdfsfltr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\bdftdif]
"ImagePath"="\??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BDSelfPr]
"ImagePath"="\??\C:\Program Files\BitDefender\BitDefender 2009\bdselfpr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BDVEDISK]
"ImagePath"="\??\C:\Program Files\BitDefender\BitDefender 2009\BDVEDISK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Bonjour Service]
"ImagePath"="\"C:\Program Files\Bonjour\mDNSResponder.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\catchme]
"ImagePath"="\??\C:\ComboFix\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CmdIde]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CognizanceCredMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\COMSysApp]
"ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dac960nt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\dpti2o]
"ImagePath"="\SystemRoot\system32\DRIVERS\dpti2o.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\E100B]
"ImagePath"="system32\DRIVERS\e100b325.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\e1express]
"ImagePath"="system32\DRIVERS\e1e5132.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\EventSystem]
"ServiceDll"="C:\WINDOWS\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FLEXnet Licensing Service]
"ImagePath"="\"C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\gusvc]
"ImagePath"="\"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HECI]
"ImagePath"="system32\DRIVERS\HECI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HpFkCryptService]
"ImagePath"="\"C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\hpqwmiex]
"ImagePath"="C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\i81x]
"ImagePath"="system32\DRIVERS\i81xnt5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimFP0]
"ImagePath"="system32\DRIVERS\wADV01nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimFP1]
"ImagePath"="system32\DRIVERS\wADV02NT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimFP2]
"ImagePath"="system32\DRIVERS\wADV05NT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimFP3]
"ImagePath"="system32\DRIVERS\wSiINTxx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimFP4]
"ImagePath"="system32\DRIVERS\wVchNTxx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimFP5]
"ImagePath"="system32\DRIVERS\wADV07nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimFP6]
"ImagePath"="system32\DRIVERS\wADV08nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimFP7]
"ImagePath"="system32\DRIVERS\wADV09nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimTV0]
"ImagePath"="system32\DRIVERS\wATV01nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimTV1]
"ImagePath"="system32\DRIVERS\wATV02NT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimTV3]
"ImagePath"="system32\DRIVERS\wATV04nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimTV4]
"ImagePath"="system32\DRIVERS\wCh7xxNT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimTV5]
"ImagePath"="system32\DRIVERS\wATV10nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iAimTV6]
"ImagePath"="system32\DRIVERS\wATV06nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ialm]
"ImagePath"="system32\DRIVERS\igxpmp32.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iaStor]
"ImagePath"="System32\DRIVERS\iaStor.sys\00aStor.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IDriverT]
"ImagePath"="\"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IFXSpMgtSrv]
"ImagePath"="C:\WINDOWS\system32\ifxspmgt.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IFXTCS]
"ImagePath"="C:\WINDOWS\system32\ifxtcs.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IFXTPM]
"ImagePath"="system32\DRIVERS\IFXTPM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IntelIde]
"ImagePath"="\SystemRoot\system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\iPod Service]
"ImagePath"="\"C:\Program Files\iPod\bin\iPodService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Lavasoft Ad-Aware Service]
"ImagePath"="\"C:\Program Files\Lavasoft\Ad-Aware\AAWService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Lbd]
"ImagePath"="system32\DRIVERS\Lbd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LIVESRV]
"ImagePath"="\"C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe\" /service"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\LMS]
"ImagePath"="C:\Program Files\Intel\AMT\LMS.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\magicpvt]
"ImagePath"="system32\drivers\magicpvt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MagicTune]
"ImagePath"="system32\drivers\MTiCtwl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\McAfee HackerWatch Service]
"ImagePath"="\"C:\Program Files\Fichiers communs\McAfee\HackerWatch\HWAPI.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MfeAVFK]
"ImagePath"="system32\drivers\MfeAVFK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MfeBOPK]
"ImagePath"="system32\drivers\MfeBOPK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mfehidk]
"ImagePath"="system32\drivers\mfehidk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MfeRKDK]
"ImagePath"="system32\drivers\MfeRKDK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mfetdik]
"ImagePath"="system32\drivers\mfetdik.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MPFP]
"ImagePath"="System32\Drivers\Mpfp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MpfService]
"ImagePath"="\"C:\Program Files\McAfee\MPF\MPFSrv.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSDTC]
"ImagePath"="C:\WINDOWS\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSSCNTRS]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSSQL$MSSMLBIZ]
"ImagePath"="\"c:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe\" -sMSSMLBIZ"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\MSSQLServerADHelper]
"ImagePath"="\"c:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\myAgtSvc]
"ImagePath"="C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe /ServiceStart"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NMSAccess]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\P3]
"ImagePath"="system32\DRIVERS\p3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pavboot]
"ImagePath"="system32\drivers\pavboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCA]
"ImagePath"="C:\WINDOWS\SMINST\PCAngel.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCAMPR5]
"ImagePath"="\??\C:\WINDOWS\system32\PCAMPR5.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCANDIS5]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\pdfcDispatcher]
"ImagePath"="C:\Program Files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PersonalSecureDrive]
"ImagePath"="\SystemRoot\System32\drivers\psd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PersonalSecureDriveService]
"ImagePath"="C:\WINDOWS\system32\IfxPsdSv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Profos]
"ImagePath"="\??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RDSessMgr]
"ImagePath"="C:\WINDOWS\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RsvLock]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\RTL8187B]
"ImagePath"="system32\DRIVERS\wg111v3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SafeBoot]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SASDIFSV]
"ImagePath"="\??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SASENUM]
"ImagePath"="\??\C:\Program Files\SUPERAntiSpyware\SASENUM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SASKUTIL]
"ImagePath"="\??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SbAlg]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SbFsLock]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SbHpNp]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\scan]
"ServiceDll"="C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\scan.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ScsiAccess]
"ImagePath"="C:\Program Files\Photodex\ProShowProducer\ScsiAccess.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SQLBrowser]
"ImagePath"="\"c:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SQLWriter]
"ImagePath"="\"c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\srservice]
"ServiceDll"="C:\WINDOWS\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SwPrv]
"ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{C0498390-AFC8-4C46-8C98-ABFB2624336E}"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\symc810]
"ImagePath"="\SystemRoot\system32\DRIVERS\symc810.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\symc8xx]
"ImagePath"="\SystemRoot\system32\DRIVERS\symc8xx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Symmpi]
"ImagePath"="\SystemRoot\system32\DRIVERS\symmpi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sym_hi]
"ImagePath"="\SystemRoot\system32\DRIVERS\sym_hi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sym_u3]
"ImagePath"="\SystemRoot\system32\DRIVERS\sym_u3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TlntSvr]
"ImagePath"="C:\WINDOWS\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\tmcomm]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\tmcomm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TPkd]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Trufos]
"ImagePath"="\??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\UGatherer]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\UGTHRSVC]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\UNS]
"ImagePath"="C:\Program Files\Intel\AMT\UNS.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\USBAAPL]
"ImagePath"="System32\Drivers\usbaapl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\ViaIde]
"ImagePath"="\SystemRoot\system32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\VSSERV]
"ImagePath"="\"C:\Program Files\BitDefender\BitDefender 2009\vsserv.exe\" /service"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\W32Time]
0
Réponse 39 / 115
sKe69 Messages postés 21360 Date d'inscription samedi 15 mars 2008 Statut Contributeur sécurité Dernière intervention 30 décembre 2012 463
14 févr. 2009 à 16:42
re,

le rapport n'est pas complet ( trop long pour le forum .... )


peux-tu me poster la suite stp ...

0
Réponse 40 / 115
lth375 Messages postés 72 Date d'inscription mercredi 15 octobre 2008 Statut Membre Dernière intervention 9 septembre 2014
14 févr. 2009 à 16:46
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WmdmPmSN]
"ServiceDll"="C:\WINDOWS\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WmiAcpi]
"ImagePath"="system32\DRIVERS\wmiacpi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WmiApSrv]
"ImagePath"="C:\WINDOWS\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WMPNetworkSvc]
"ImagePath"="\"C:\Program Files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WSearchIdxPi]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\wuauserv]
"ServiceDll"="C:\WINDOWS\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{28B5FD38-A8B1-4C6F-BD22-182D9A4EE4B1}]

[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{66B67C30-21A1-446C-99DD-6B3004BEB449}]
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\Administrator\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"659BD8E725A05FDCC64118EA787EAA2B534A94FABE"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,65,a2,2a,ec,c7,00,4f,ab,58,03,\
"3A77B377802A4B6183DDE08FDE4AD9AF647A702826"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,78,65,a2,2a,ec,c7,00,4f,ab,58,03,\
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,c6,93,3d,32,d6,87,4b,93,81,06,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,7e,c6,93,3d,32,d6,87,4b,93,81,06,\

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05DFFA9C-A480-4ef2-A601-B66C625CE955}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\HEWLET~1\\Shared\\HPQTOA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05DFFA9C-A480-4ef2-A601-B66C625CE955}\ProgID]
@DACL=(02 0000)
@="HpqToaster.Destroy.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05DFFA9C-A480-4ef2-A601-B66C625CE955}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05DFFA9C-A480-4ef2-A601-B66C625CE955}\TypeLib]
@DACL=(02 0000)
@="{4C7CAEB3-0400-42bc-BDED-95B0BFAC37D6}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{05DFFA9C-A480-4ef2-A601-B66C625CE955}\VersionIndependentProgID]
@DACL=(02 0000)
@="HpqToaster.Destroy"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2B6AA70F-492C-4ca4-B8FD-5499F1AB4295}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\HEWLET~1\\Shared\\HPQTOA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2B6AA70F-492C-4ca4-B8FD-5499F1AB4295}\ProgID]
@DACL=(02 0000)
@="HpqToaster.ProgressBar.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2B6AA70F-492C-4ca4-B8FD-5499F1AB4295}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2B6AA70F-492C-4ca4-B8FD-5499F1AB4295}\TypeLib]
@DACL=(02 0000)
@="{4C7CAEB3-0400-42bc-BDED-95B0BFAC37D6}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{2B6AA70F-492C-4ca4-B8FD-5499F1AB4295}\VersionIndependentProgID]
@DACL=(02 0000)
@="HpqToaster.ProgressBar"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{57787927-8B56-4e73-A2BB-5FC76872CDA0}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\HEWLET~1\\Shared\\HPQTOA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{57787927-8B56-4e73-A2BB-5FC76872CDA0}\ProgID]
@DACL=(02 0000)
@="HpqToaster.Toaster.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{57787927-8B56-4e73-A2BB-5FC76872CDA0}\TypeLib]
@DACL=(02 0000)
@="{4C7CAEB3-0400-42bc-BDED-95B0BFAC37D6}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{57787927-8B56-4e73-A2BB-5FC76872CDA0}\VersionIndependentProgID]
@DACL=(02 0000)
@="HpqToaster.Toaster"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F528D853-EAE1-43a0-BD76-546B102BC0AC}\LocalServer32]
@DACL=(02 0000)
@="c:\\PROGRA~1\\HEWLET~1\\Shared\\HPQTOA~1.EXE"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F528D853-EAE1-43a0-BD76-546B102BC0AC}\ProgID]
@DACL=(02 0000)
@="HpqToaster.MultipleIconToaster.1"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F528D853-EAE1-43a0-BD76-546B102BC0AC}\Programmable]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F528D853-EAE1-43a0-BD76-546B102BC0AC}\TypeLib]
@DACL=(02 0000)
@="{4C7CAEB3-0400-42bc-BDED-95B0BFAC37D6}"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F528D853-EAE1-43a0-BD76-546B102BC0AC}\VersionIndependentProgID]
@DACL=(02 0000)
@="HpqToaster.MultipleIconToaster"

[HKEY_LOCAL_MACHINE\software\McAfee\VSCore\Email Scanner\Outlook\OnDemand\ActionOptions]
@DACL=(02 0000)
"dwPromptButton"=dword:00000007
"szMoveFolder"="Quarantine"
"uSecAction_Program"=dword:00000003
"dwScanAction"=dword:00000002
"uSecAction"=dword:00000003
"uAction"=dword:00000005
"uAction_Program"=dword:00000005

[HKEY_LOCAL_MACHINE\software\McAfee\VSCore\Email Scanner\Outlook\OnDemand\AlertOptions]
@DACL=(02 0000)
"bDMIAlert"=dword:00000000
"bDisplayMessage"=dword:00000001
"szSendCc"=""
"szCustomMessage"="McAfee Total Protection Service Email Scanner: Alert!"
"bNetworkAlertPath"=""
"bSendMailToUser"=dword:00000000
"bNetworkAlert"=dword:00000000
"szNetworkAlertPath"=""
"bSoundAlert"=dword:00000001
"szSendSubject"=""
"szSendBody"=""
"szSendTo"=""

[HKEY_LOCAL_MACHINE\software\McAfee\VSCore\Email Scanner\Outlook\OnDemand\DetectionOptions]
@DACL=(02 0000)
"dwMacroHeuristicsLevel"=dword:00000001
"bScanInbox"=dword:00000000
"UseAVPServer"=dword:00000001
"bScanCompressed"=dword:00000001
"bScanAllMails"=dword:00000001
"ScanMessageBodies"=dword:00000001
"ApplyNVP"=dword:00000001
"ExtensionMode"=dword:00000001
"ScanMime"=dword:00000001
"dwProgramHeuristicsLevel"=dword:00000001
"szProgExts"=""
"ScanArchives"=dword:00000001
"szIncludeExts"=""

[HKEY_LOCAL_MACHINE\software\McAfee\VSCore\Email Scanner\Outlook\OnDemand\GeneralOptions]
@DACL=(02 0000)
"bModified"=dword:00000001

[HKEY_LOCAL_MACHINE\software\McAfee\VSCore\Email Scanner\Outlook\OnDemand\ReportOptions]
@DACL=(02 0000)
"LogFileFormat"=dword:00000001
"uMaxLogSizeMB"=dword:00000001
"bLimitSize"=dword:00000001
"bLogToFile"=dword:00000000
"szLogFileName"=expand:""
"dwLogEvent"=dword:000001e0

[HKEY_LOCAL_MACHINE\software\Microsoft\Advanced INF Setup\IEHomePageInfo\RegBackup]
@DACL=(02 0000)
@SACL=

[HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\Root\LEGACY_BADNREMA\0000\LogConf]
@DACL=(02 0000)

[HKEY_LOCAL_MACHINE\System\ControlSet004\Enum\Root\LEGACY_NDISPROT\0000\LogConf]
@DACL=(02 0000)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(416)
C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
C:\Program Files\Hewlett-Packard\IAM\bin\ItMsg.dll

- - - - - - - > 'lsass.exe'(472)
C:\WINDOWS\SbHpNp.dll
C:\Program Files\Hewlett-Packard\IAM\bin\ASWLNPkg.dll
C:\Program Files\Hewlett-Packard\IAM\bin\ItMsg.dll

- - - - - - - > 'explorer.exe'(3748)
C:\WINDOWS\system32\APSHook.dll
C:\Program Files\Windows Desktop Search\deskbar.dll
C:\Program Files\Windows Desktop Search\fr-fr\dbres.dll.mui
C:\Program Files\Windows Desktop Search\dbres.dll
C:\Program Files\Windows Desktop Search\wordwheel.dll
C:\Program Files\Windows Desktop Search\fr-fr\msnlExtRes.dll.mui
C:\Program Files\Windows Desktop Search\msnlExtRes.dll
C:\WINDOWS\system32\ieframe.dll
C:\WINDOWS\system32\eappprxy.dll
.
0

Discussions similaires

Softonic,est-ce un virus ?
techmel1 -
techmel1 -

6 réponses
Est ce que le site tlauncher est dangereux ?
caribou -
bazfile -

1 réponse
4 virus en raison d’un porno ????
valou -
Bello040420 -

9 réponses
problême Opéra est ce un virus??
sand2504 -
sand2504 -

85 réponses
Désinstaller Softonic
Diguimette -
lilidurhone -

5 réponses