RDRIV.SYS ..... help
Résolu
melojoie
Messages postés
20
Statut
Membre
-
Utilisateur anonyme -
Utilisateur anonyme -
bonjour, depuis ce matin je cours forum et antivir en ligne pour me debarasser de cette m..... mais rien n'y fait, donc je tente un post sur votre forum en esperant trouver une solution.
Donc j'ai kapersky qui le detecte le suprime et il reviens sans cesse ( apparemment c pareil pour tout ceux qui l'on choper)
voici mon log HJT:
Logfile of HijackThis v1.99.1
Scan saved at 20:13:12, on 28/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\ISS\BlackICE\rapapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\System32\MMTray2k.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\WINDOWS\System32\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\themeGold55\CursorXP\CursorXP.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AntiViral Toolkit Pro\avpm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\melotoinou\Bureau\programme\programme\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\themeGold55\CursorXP\CursorXP.exe -s
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BlackICE Utilitaire .lnk = ?
O4 - Global Startup: AVP Monitor.lnk = C:\Program Files\AntiViral Toolkit Pro\avpm.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: wincheck (spdcheck) - Unknown owner - C:\WINDOWS\spdcheck.exe
merci de votre aide..
Donc j'ai kapersky qui le detecte le suprime et il reviens sans cesse ( apparemment c pareil pour tout ceux qui l'on choper)
voici mon log HJT:
Logfile of HijackThis v1.99.1
Scan saved at 20:13:12, on 28/09/2005
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ISS\BlackICE\blackd.exe
C:\WINDOWS\system32\pctspk.exe
C:\Program Files\ISS\BlackICE\rapapp.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\WINDOWS\System32\MMTray.exe
C:\WINDOWS\System32\MMTray2k.exe
C:\WINDOWS\System32\MMTrayLSI.exe
C:\WINDOWS\System32\qttask.exe
C:\WINDOWS\System32\ctfmon.exe
C:\themeGold55\CursorXP\CursorXP.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\ISS\BlackICE\blackice.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\AntiViral Toolkit Pro\avpm.exe
C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\melotoinou\Bureau\programme\programme\hijackthis\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.fr
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [MMTray] MMTray.exe
O4 - HKLM\..\Run: [MMTray2K] MMTray2k.exe
O4 - HKLM\..\Run: [MMTrayLSI] MMTrayLSI.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\WINDOWS\System32\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [CursorXP] C:\themeGold55\CursorXP\CursorXP.exe -s
O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - Global Startup: BlackICE Utilitaire .lnk = ?
O4 - Global Startup: AVP Monitor.lnk = C:\Program Files\AntiViral Toolkit Pro\avpm.exe
O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\PROGRA~1\YAHOO!\MESSEN~1\YPAGER.EXE
O14 - IERESET.INF: START_PAGE_URL=http://www.google.fr
O16 - DPF: JT's Blocks - http://download.games.yahoo.com/games/clients/y/blt1_x.cab
O16 - DPF: Tornado 21 - http://download.games.yahoo.com/games/clients/y/t21t0_x.cab
O16 - DPF: Yahoo! Klondike Solitaire - http://presence.games.yahoo.com/yog/y/ks12_x.cab
O16 - DPF: Yahoo! MahJong Solitaire - http://download.games.yahoo.com/games/clients/y/mjst4_x.cab
O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/pote_x.cab
O16 - DPF: Yahoo! Pyramids - http://download.games.yahoo.com/games/clients/y/pyt1_x.cab
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://by103fd.bay103.hotmail.msn.com/resources/MsnPUpld.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O23 - Service: BlackICE - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\blackd.exe
O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe
O23 - Service: RapApp - Internet Security Systems, Inc. - C:\Program Files\ISS\BlackICE\rapapp.exe
O23 - Service: wincheck (spdcheck) - Unknown owner - C:\WINDOWS\spdcheck.exe
merci de votre aide..
37 réponses
oui je sais manipuler un peu le regedit, juste pour ne pas faire de betise, donc je fais rechercher spdcheck et je suprime tout ce qui concerne ce truc???
juste ces 2 et que les valeurs en gras:
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPDCHECK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPDCHECK\0000
si tu as un probleme pour les supprimer, fais un clic droit sur la valeur en gras, clic sur autorisation et assure toi que ton compte à bien le controle total de la clé (case à cocher)
a+
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPDCHECK
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_SPDCHECK\0000
si tu as un probleme pour les supprimer, fais un clic droit sur la valeur en gras, clic sur autorisation et assure toi que ton compte à bien le controle total de la clé (case à cocher)
a+
voila c suprimer et voici le rapport de regsrch:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "SPDCHECK" 28/09/2005 22:57:53
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_USERS\S-1-5-21-220523388-1993962763-1060284298-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="spdcheck.exe "
[HKEY_USERS\S-1-5-21-220523388-1993962763-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"="C:\\WINDOWS\\spdcheck.exe\\1"
merci bcp de ton aide
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "SPDCHECK" 28/09/2005 22:57:53
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_USERS\S-1-5-21-220523388-1993962763-1060284298-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="spdcheck.exe "
[HKEY_USERS\S-1-5-21-220523388-1993962763-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"="C:\\WINDOWS\\spdcheck.exe\\1"
merci bcp de ton aide
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
nickel, les 2 autres ne sont pas importantes, ce sont des mru, ca à juste noté le nom du fichier que tu as rechercher avec la fonction "rechercher" (trace d'utilisation).
rien à voir avec le virus.
pour rdriv maintenant, je te met le reg, mais je pense qu'il faudra passer par une suppr manuelle.
ouvre le bloc note et fais un copier coller de ce qui est en gras ci-dessous:
REGEDIT4
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv]
Puis enregistrer sous et dans:
Nom du fichier, met fix2.reg
Type de fichier: selectionne "tous les fichiers"
clic sur enregistrer
ensuite double clic sur fix2.reg et accepte de fusionner
ensuite, comme tout à l'heure refais une recherche sur rdriv
a+
rien à voir avec le virus.
pour rdriv maintenant, je te met le reg, mais je pense qu'il faudra passer par une suppr manuelle.
ouvre le bloc note et fais un copier coller de ce qui est en gras ci-dessous:
REGEDIT4
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv]
[-HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv]
Puis enregistrer sous et dans:
Nom du fichier, met fix2.reg
Type de fichier: selectionne "tous les fichiers"
clic sur enregistrer
ensuite double clic sur fix2.reg et accepte de fusionner
ensuite, comme tout à l'heure refais une recherche sur rdriv
a+
voila donc le rapport: REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "SPDCHECK" 28/09/2005 22:57:53
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_USERS\S-1-5-21-220523388-1993962763-1060284298-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="spdcheck.exe "
[HKEY_USERS\S-1-5-21-220523388-1993962763-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"="C:\\WINDOWS\\spdcheck.exe\\1"
; RegSrch.vbs © Bill James
; Registry search results for string "SPDCHECK" 28/09/2005 22:57:53
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_USERS\S-1-5-21-220523388-1993962763-1060284298-1003\Software\Microsoft\Search Assistant\ACMru\5603]
"001"="spdcheck.exe "
[HKEY_USERS\S-1-5-21-220523388-1993962763-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU]
"a"="C:\\WINDOWS\\spdcheck.exe\\1"
mdr je crois que je commence a etre un peu naze lol
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "rdriv" 28/09/2005 23:22:55
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Print/Providers/LanMan Print Services/Servers/AddPrinterDrivers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDF API DLL\TestTraceGuid]
"BitNames"=" TEST_TRACE_GENERAL TEST_TRACE_APP TEST_TRACE_TSTDRIVER TEST_TRACE_FLTRDRIVER"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
"Service"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]
"ActiveService"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000]
"Service"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000]
"DeviceDesc"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Enum]
"0"="Root\\LEGACY_IPFILTERDRIVER\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPFILTERDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
"Service"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPFILTERDRIVER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV\0000]
"Service"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV\0000]
"DeviceDesc"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv]
"DisplayName"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
"Service"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]
"ActiveService"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000]
"Service"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000]
"DeviceDesc"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Enum]
"0"="Root\\LEGACY_IPFILTERDRIVER\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001
[HKEY_USERS\S-1-5-21-220523388-1993962763-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"e"="C:\\WINDOWS\\system32\\rdriv.sys"
[HKEY_USERS\S-1-5-21-220523388-1993962763-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sys]
"a"="C:\\WINDOWS\\system32\\rdriv.sys"
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "rdriv" 28/09/2005 23:22:55
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Print/Providers/LanMan Print Services/Servers/AddPrinterDrivers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDF API DLL\TestTraceGuid]
"BitNames"=" TEST_TRACE_GENERAL TEST_TRACE_APP TEST_TRACE_TSTDRIVER TEST_TRACE_FLTRDRIVER"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
"Service"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]
"ActiveService"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000]
"Service"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000]
"DeviceDesc"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Enum]
"0"="Root\\LEGACY_IPFILTERDRIVER\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPFILTERDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
"Service"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPFILTERDRIVER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV\0000]
"Service"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV\0000]
"DeviceDesc"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv]
"DisplayName"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
"Service"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]
"ActiveService"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000]
"Service"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000]
"DeviceDesc"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Enum]
"0"="Root\\LEGACY_IPFILTERDRIVER\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001
[HKEY_USERS\S-1-5-21-220523388-1993962763-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"e"="C:\\WINDOWS\\system32\\rdriv.sys"
[HKEY_USERS\S-1-5-21-220523388-1993962763-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sys]
"a"="C:\\WINDOWS\\system32\\rdriv.sys"
c'est bien ce que je pensais, il faut supprimer manuellement les clé dans le registre.
Au fait, tu as du modifier les autorisations tout à l'heure pour les clés de spdcheck ?
supprime les valeurs en gras
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv
Au fait, tu as du modifier les autorisations tout à l'heure pour les clés de spdcheck ?
supprime les valeurs en gras
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_RDRIV\0000
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\rdriv
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_RDRIV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\rdriv
oui j'ai du modifier les autorisations pour suprimer les cle tout a l'heure et j'ai du recommencer aussi pour les derniere cle, par contre certaine clé que tu me citais dans le post precedent n'etais pas dans le registre est-ce un probleme??
voila le rapport suite a la manip:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "rdriv" 28/09/2005 23:42:19
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Print/Providers/LanMan Print Services/Servers/AddPrinterDrivers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDF API DLL\TestTraceGuid]
"BitNames"=" TEST_TRACE_GENERAL TEST_TRACE_APP TEST_TRACE_TSTDRIVER TEST_TRACE_FLTRDRIVER"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
"Service"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]
"ActiveService"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Enum]
"0"="Root\\LEGACY_IPFILTERDRIVER\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPFILTERDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
"Service"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPFILTERDRIVER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv]
"DisplayName"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
"Service"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]
"ActiveService"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Enum]
"0"="Root\\LEGACY_IPFILTERDRIVER\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001
[HKEY_USERS\S-1-5-21-220523388-1993962763-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"e"="C:\\WINDOWS\\system32\\rdriv.sys"
[HKEY_USERS\S-1-5-21-220523388-1993962763-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sys]
"a"="C:\\WINDOWS\\system32\\rdriv.sys"
merci de ton aide
voila le rapport suite a la manip:
REGEDIT4
; RegSrch.vbs © Bill James
; Registry search results for string "rdriv" 28/09/2005 23:42:19
; NOTE: This file will be deleted when you close WordPad.
; You must manually save this file to a new location if you want to refer to it again later.
; (If you save the file with a .reg extension, you can use it to restore any Registry changes you make to these values.)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SeCEdit\Reg Values\MACHINE/System/CurrentControlSet/Control/Print/Providers/LanMan Print Services/Servers/AddPrinterDrivers]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WDF API DLL\TestTraceGuid]
"BitNames"=" TEST_TRACE_GENERAL TEST_TRACE_APP TEST_TRACE_TSTDRIVER TEST_TRACE_FLTRDRIVER"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
"Service"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]
"ActiveService"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\IpFilterDriver\Enum]
"0"="Root\\LEGACY_IPFILTERDRIVER\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPFILTERDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
"Service"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\Root\LEGACY_IPFILTERDRIVER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\IpFilterDriver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv]
"DisplayName"="rdriv"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Print\Providers\LanMan Print Services\servers]
"addprinterdrivers"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{8B6D7859-A639-4A15-8790-7161976D057A}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Video\{DEB039CC-B704-4F53-B43E-9DD4432FA2E9}\0000]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000]
"Service"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\LogConf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_IPFILTERDRIVER\0000\Control]
"ActiveService"="IpFilterDriver"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters]
"LayerDriver JPN"="kbd101.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\i8042prt\Parameters]
"LayerDriver KOR"="kbd101a.dll"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Security]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Enum]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\IpFilterDriver\Enum]
"0"="Root\\LEGACY_IPFILTERDRIVER\\0000"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\mnmdd\Device0]
"MirrorDriver"=dword:00000001
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\RDPCDD\Device0]
"MirrorDriver"=dword:00000001
[HKEY_USERS\S-1-5-21-220523388-1993962763-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\*]
"e"="C:\\WINDOWS\\system32\\rdriv.sys"
[HKEY_USERS\S-1-5-21-220523388-1993962763-1060284298-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSaveMRU\sys]
"a"="C:\\WINDOWS\\system32\\rdriv.sys"
merci de ton aide
je pense que tu veux parler de celles ci:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000
je pense que c'est normal, si tu as supprimer LEGACY_RDRIV, avant de supprimer la sous-clé 0000
il en reste une qui m'a echappée tout à l'heure
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv
apres ca, je pense que se sera ok
fais quand meme un scan av de controle, car en général il peut y avoir d'autres fichiers infectés qui n'apparaissent pas dans hijackthis, ici
http://webscanner.kaspersky.fr/
apres le chargement du control active X, clic sur suivant
puis clic sur configuration et choisis "étendue"
Choisis l'analyse répertoire et choisis ton ou tes disques durs
et poste le rapport, s'il detecte quelque chose.
je dois arreter pour ce soir, je repasse demain voir si tout est ok
a+
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_RDRIV\0000
je pense que c'est normal, si tu as supprimer LEGACY_RDRIV, avant de supprimer la sous-clé 0000
il en reste une qui m'a echappée tout à l'heure
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Services\rdriv
apres ca, je pense que se sera ok
fais quand meme un scan av de controle, car en général il peut y avoir d'autres fichiers infectés qui n'apparaissent pas dans hijackthis, ici
http://webscanner.kaspersky.fr/
apres le chargement du control active X, clic sur suivant
puis clic sur configuration et choisis "étendue"
Choisis l'analyse répertoire et choisis ton ou tes disques durs
et poste le rapport, s'il detecte quelque chose.
je dois arreter pour ce soir, je repasse demain voir si tout est ok
a+
je te remercie enormement, moi aussi je doit arreter pour ce soir, mon lit m'attend
bonne nuit a toi et merci encore
bonne nuit a toi et merci encore
bonjour moe,
voila j'ai fait l'antivir en ligne:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, September 29, 2005 12:10:12
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 29/09/2005
Kaspersky Anti-Virus database records: 142495
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - Folders:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 20173
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 4863 sec
Infected Object Name - Virus Name
C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab
Scan process completed.
comme tu peux vois plus de nouvelle du troj d'hier, par contre nouveau truc ( a savoir que ce trojan reviens souvent mais que je le suprime sans probleme dans le sys 32)
si t'as une solution pour moi, sinon merci enormement pour tu m'a été d'un grand secour!!!
voila j'ai fait l'antivir en ligne:
-------------------------------------------------------------------------------
KASPERSKY ON-LINE SCANNER REPORT
Thursday, September 29, 2005 12:10:12
Operating System: Microsoft Windows XP Professional, Service Pack 1 (Build 2600)
Kaspersky On-line Scanner version: 5.0.67.0
Kaspersky Anti-Virus database last update: 29/09/2005
Kaspersky Anti-Virus database records: 142495
-------------------------------------------------------------------------------
Scan Settings:
Scan using the following antivirus database: standard
Scan Archives: true
Scan Mail Bases: true
Scan Target - Folders:
C:\
D:\
Scan Statistics:
Total number of scanned objects: 20173
Number of viruses found: 1
Number of infected objects: 1
Number of suspicious objects: 0
Duration of the scan process: 4863 sec
Infected Object Name - Virus Name
C:\WINDOWS\system32\i Infected: Trojan-Downloader.BAT.Ftp.ab
Scan process completed.
comme tu peux vois plus de nouvelle du troj d'hier, par contre nouveau truc ( a savoir que ce trojan reviens souvent mais que je le suprime sans probleme dans le sys 32)
si t'as une solution pour moi, sinon merci enormement pour tu m'a été d'un grand secour!!!
salut
supprime:
C:\WINDOWS\system32\i
Est ce que tu as installé toutes les mise à jour de sécurité sur windowsupdate ?
Certaines, corrige des failles exploitées par certains vers.
a+
supprime:
C:\WINDOWS\system32\i
Est ce que tu as installé toutes les mise à jour de sécurité sur windowsupdate ?
Certaines, corrige des failles exploitées par certains vers.
a+
