Your systeme is infected !

Question

Bonjour, 

Je naviguais sur internet et après je suis retourner sur le bureau et jai vu un fond d'écran bleu avec un cadre noir et dans le cadre noir il y a en rouge 
''YOUR SYSTEME IS INFECTED ! (en plus petit et en blanc) Systeme has been stopped due to a serious malnufaction.
Spyware activity has been detected.''

Et 2 autres phrase me disant d'utiliser queleque chose. 
Aider moi s'il vous plait. 

Configuration: Windows XP / Internet Explorer 8.0

moment de grace · Accepted Answer

bonjour

redémarrer le pc en mode sans échec avec prise en charge reseau

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php


Télécharge rkill 

Enregistre-le sur ton Bureau
Double-clique sur l'icone rkill ( pour Vista/Seven clic-droit Exécuter en tant qu'Administrateur)
Un bref écran noir t'indiquera que le tool s'est correctement exécuter, s'il ne lance pas
change de lien de téléchargement en utilisant le suivant à partir d'ici:
https://download.bleepingcomputer.com/grinler/rkill.exe 
https://download.bleepingcomputer.com/grinler/rkill.exe 

Rkill COM: Rkill COM: 
https://download.bleepingcomputer.com/grinler/rkill.com
 https://download.bleepingcomputer.com/grinler/rkill.com 

Rkill SCR: Rkill RCS: 
https://download.bleepingcomputer.com/grinler/rkill.scr 
https://download.bleepingcomputer.com/grinler/rkill.scr 



une fois qu'il aura terminé lance 


Téléchargez MalwareByte's Anti-Malware (que tu pourras garder ensuite)

http://www.malwarebytes.org/mbam/program/mbam-setup.exe
 
. Enregistres le sur le bureau
. Double cliques sur le fichier téléchargé pour lancer le processus d'installation. 
. Dans l'onglet "mise à jour", cliques sur le bouton Recherche de mise à jour
. Si le pare-feu demande l'autorisation de se connecter pour malwarebytes, accepte
. Une fois la mise à jour terminé
. Rend-toi dans l'onglet, Recherche
. Sélectionnes Exécuter un examen complet (examen assez long)
. Cliques sur Rechercher
. Le scan démarre. 
. A la fin de l'analyse, un message s'affiche : L'examen s'est terminé normalement. 
Cliquez sur 'Afficher les résultats' pour afficher tous les objets trouvés. 
. Cliques sur Ok pour poursuivre.
. [b]Si des malwares ont été détectés, clique sur  Afficher les résultats
. Sélectionnes tout (ou laisses cochés) et cliques sur Supprimer la sélection 
Malwarebytes va détruire les fichiers et clés de registre et en mettre une copie dans la quarantaine.
. Malwarebytes va ouvrir le bloc-notes et y copier le rapport d'analyse. 
. Rends toi dans l'onglet rapport/log 
. Tu cliques dessus pour l'afficher, une fois affiché
. Tu cliques sur edition en haut du boc notes, et puis sur sélectionner tous 
. Tu recliques sur edition et puis sur copier et tu reviens sur le forum et dans ta réponse
. tu cliques droit dans le cadre de la reponse et coller 


Si tu as besoin d'aide regarde ces tutoriels : 
 Aide: https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
 http://www.infos-du-net.com/forum/278396-11-tuto-malwarebytes-anti-malware-mbam

sonic814 · Answer

Problème Malware Se ferme quand je lance le scan.

moment de grace · Answer

ok

Attention, avant de commencer, lit attentivement la procédure, et imprime la

Aide à l'utilisation
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Télécharge ComboFix de sUBs que tu renommes SONIC.exe avant de l'enregistrer sur ton Bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

puis en mode sans échec avec prise en charge réseau

/!\ Déconnecte-toi du net et <gras>DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\ </gras>

---> Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l'installer remets internet)

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

sonic814 · Answer

Je n'arrive aps a posté le rapport
Sa me dit que je lai déja posté

sonic814 · Answer

ComboFix 10-09-25.03 - Rolland remi 26/09/2010   0:08.1.1 - x86
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.2047.1650 [GMT 2:00]
Lancé depuis: c:\documents and settings\Rolland david\Bureau\SONIC.exe
.

((((((((((((((((((((((((((((((((((((   Autres suppressions   ))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\.wtav
c:\windows\system32\Cache
c:\windows\system32\spool\prtprocs\w32x86\CNMPD7K.DLL
c:\windows\system32\spool\prtprocs\w32x86\CNMPP7K.DLL
c:\windows\system32\zlibwapi.dll

.
(((((((((((((((((((((((((((((   Fichiers créés du 2010-08-25 au 2010-09-25  ))))))))))))))))))))))))))))))))))))
.

2010-09-25 22:01 . 2010-09-25 22:01	--------	d-----w-	c:\windows\LastGood
2010-09-25 20:32 . 2010-09-25 20:32	--------	d-sh--w-	c:\documents and settings\Administrateur\PrivacIE
2010-09-25 20:32 . 2010-09-25 20:32	--------	d-sh--w-	c:\documents and settings\Administrateur\IETldCache
2010-09-25 20:03 . 2010-09-25 20:03	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\Malwarebytes
2010-09-25 20:03 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-25 20:03 . 2010-09-25 20:03	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-25 20:03 . 2010-09-25 21:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-25 20:03 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-24 19:37 . 2010-09-24 20:16	--------	d-----w-	c:\documents and settings\Rolland david\Local Settings\Application Data\AskToolbar
2010-09-24 19:35 . 2010-09-24 19:35	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\PhotoFiltre
2010-09-24 19:33 . 2010-09-24 19:33	--------	d-----w-	c:\program files\PhotoFiltre
2010-09-24 12:25 . 2010-09-24 12:27	--------	d-----w-	c:\program files\Dofus
2010-09-22 19:33 . 2010-09-24 20:31	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\vlc
2010-09-22 19:30 . 2010-09-24 19:30	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\OfferBox
2010-09-22 19:30 . 2010-09-22 19:30	--------	d-----w-	c:\program files\OfferBox
2010-09-22 19:30 . 2010-09-22 19:33	--------	d-----w-	C:\Temp
2010-09-18 08:13 . 2010-09-18 08:13	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\Uniblue
2010-09-17 19:30 . 2010-09-17 19:30	0	----a-w-	c:\windows
sreg.dat
2010-09-17 19:30 . 2010-09-17 19:30	--------	d-----w-	c:\documents and settings\Rolland david\Local Settings\Application Data\Mozilla
2010-09-17 19:28 . 2009-11-03 12:07	679936	----a-w-	c:\windows\system32\D3DX81ab.dll
2010-09-17 19:28 . 2009-11-03 12:07	1970176	----a-w-	c:\windows\system32\d3dx9.dll
2010-09-17 19:28 . 2010-09-17 19:28	--------	d-----w-	c:\documents and settings\Rolland david\Local Settings\Application Data\OpenCandy
2010-09-17 19:27 . 2010-09-17 19:28	331304	----a-w-	c:\documents and settings\Rolland david\Application Data\OpenCandy\OpenCandy_4F2912E0FD6C4327AA26F2713A7F6CE1\DLMgr_3_1.6.44.exe
2010-09-17 19:27 . 2010-09-17 19:27	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\OpenCandy
2010-09-15 15:19 . 2010-09-15 15:19	--------	d-----w-	c:\documents and settings\All Users\Menu DÚmarrer
2010-09-15 15:01 . 2010-09-23 17:32	--------	d-----w-	c:\program files\Alaplaya
2010-09-15 11:38 . 2010-09-25 22:02	--------	d-----w-	c:\program files\Fichiers communs\Akamai
2010-09-06 16:35 . 2010-09-06 16:35	--------	d-----w-	c:\program files\WinDS PRO
2010-09-06 10:48 . 2010-09-06 10:48	--------	d-----w-	c:\documents and settings\Rolland david\Local Settings\Application Data\PCHealth
2010-09-05 18:27 . 2010-09-12 01:09	184152	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1202660629-115176313-839522115-1003-0.dat
2010-09-05 18:27 . 2010-09-12 01:09	147750	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2010-09-05 15:12 . 2010-09-05 15:12	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2010-09-05 15:12 . 2010-09-05 15:12	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2010-09-05 15:12 . 2010-09-05 15:12	113504	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\10.0\1036\ResourceCache.dll
2010-09-05 15:08 . 2010-09-05 15:08	--------	d-----w-	c:\windows\symbols
2010-09-05 15:08 . 2010-09-05 15:10	--------	d-----w-	c:\program files\Microsoft Visual Studio 10.0
2010-09-05 15:08 . 2010-09-05 15:08	--------	d-----w-	c:\program files\Microsoft SDKs
2010-09-05 15:08 . 2010-09-05 15:08	--------	d-----w-	c:\program files\Microsoft Help Viewer
2010-09-05 15:08 . 2010-09-05 15:08	--------	d-----w-	c:\program files\Fichiers communs\Merge Modules
2010-09-05 14:53 . 2010-09-05 15:09	--------	d-----w-	c:\program files\Microsoft.NET
2010-09-04 19:50 . 2010-09-04 19:50	--------	d-----w-	c:\program files\Game_Maker6
2010-09-04 14:09 . 2010-09-04 14:09	--------	d-----w-	c:\program files\BreakPoint Software

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-25 21:53 . 2008-03-11 20:49	--------	d-----w-	c:\program files\SuperCopier2
2010-09-25 21:37 . 2010-08-15 16:31	--------	d-----w-	c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-25 21:32 . 2008-03-07 21:35	--------	d-----w-	c:\program files\BitComet
2010-09-25 20:25 . 2008-03-07 16:45	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-23 17:32 . 2008-03-07 16:21	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-09-23 16:18 . 2010-08-19 12:08	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\Dofus 2
2010-09-15 10:46 . 2008-03-30 18:54	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-09-06 18:45 . 2004-08-05 12:00	613782	----a-w-	c:\windows\system32\perfh00C.dat
2010-09-06 18:45 . 2004-08-05 12:00	115388	----a-w-	c:\windows\system32\perfc00C.dat
2010-09-05 15:11 . 2008-03-08 08:42	23032	----a-w-	c:\documents and settings\Rolland david\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-05 15:08 . 2008-03-10 07:29	--------	d-----w-	c:\program files\MSBuild
2010-09-04 19:32 . 2008-07-04 04:42	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\Hamachi
2010-09-04 19:25 . 2008-07-04 04:41	10578	----a-w-	c:\windows\system32\drivers\hamachi.sys
2010-08-26 17:52 . 2008-07-20 09:20	--------	d-----w-	c:\program files\EA Games
2010-08-26 12:51 . 2008-03-14 18:37	--------	d-----w-	c:\program files\Microsoft Games
2010-08-25 15:20 . 2010-08-25 15:14	--------	d-----w-	c:\program files\X Plugin Manager
2010-08-22 20:35 . 2010-08-22 20:35	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-08-19 16:35 . 2010-08-19 16:35	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-08-19 12:09 . 2010-08-19 12:09	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-08-19 12:09 . 2010-08-19 12:09	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\app
2010-08-19 12:08 . 2010-08-19 12:08	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-08-18 18:32 . 2010-08-18 18:32	--------	d-----w-	c:\program files\Dofus 2
2010-08-18 18:32 . 2010-08-18 18:32	--------	d-----w-	c:\program files\Fichiers communs\Adobe AIR
2010-08-18 18:31 . 2010-09-25 20:31	53632	----a-w-	c:\documents and settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-18 18:31 . 2010-08-31 20:58	53632	----a-w-	c:\documents and settings\ROLLAND\ASPNET\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-18 18:31 . 2010-08-19 12:08	53632	----a-w-	c:\documents and settings\Rolland david\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-18 18:31 . 2010-08-18 18:32	53632	----a-w-	c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-17 18:48 . 2008-03-07 16:13	86331	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-17 13:17 . 2004-08-05 12:00	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-16 19:19 . 2010-08-16 15:28	--------	d-----w-	c:\program files\C-Media PCI Audio Device
2010-08-16 14:23 . 2008-03-12 05:55	--------	d-----w-	c:\program files\Google
2010-08-16 14:22 . 2010-08-16 14:22	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\BitComet
2010-08-16 10:52 . 2008-04-10 17:59	--------	d-----w-	c:\program files\DesktopEarth
2010-08-16 10:48 . 2008-08-22 18:43	--------	d-----w-	c:\program files\OpenOffice.org 2.4
2010-08-16 10:44 . 2008-03-13 17:32	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\OpenOffice.org2
2010-08-16 10:37 . 2008-03-08 06:20	--------	d-----w-	c:\program files\Windows Live
2010-08-16 10:36 . 2010-08-16 10:36	--------	d-----w-	c:\program files\Microsoft
2010-08-16 10:36 . 2010-08-16 10:36	--------	d-----w-	c:\program files\Windows Live SkyDrive
2010-08-16 10:27 . 2010-08-16 10:27	--------	d-----w-	c:\program files\Fichiers communs\Windows Live
2010-08-16 10:23 . 2010-08-16 10:23	86576	----a-w-	c:\documents and settings\Rolland david\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2010-08-16 10:23 . 2010-08-16 10:23	392728	----a-w-	c:\documents and settings\Rolland david\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
2010-08-16 10:23 . 2010-08-16 10:23	135680	----a-w-	c:\documents and settings\Rolland david\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2010-08-16 10:23 . 2010-08-16 10:23	132672	----a-w-	c:\documents and settings\Rolland david\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2010-08-16 09:55 . 2008-03-10 14:46	--------	d-----w-	c:\program files\Canon
2010-08-15 20:18 . 2008-03-07 20:25	--------	d-----w-	c:\program files\VideoLAN
2010-08-15 18:01 . 2010-08-15 18:01	229208	----a-w-	c:\windows\system32\drivers\VMM.sys
2010-08-15 17:58 . 2010-08-15 17:59	410984	----a-w-	c:\windows\system32\deploytk.dll
2010-08-15 17:58 . 2008-03-07 17:08	--------	d-----w-	c:\program files\Java
2010-08-15 17:58 . 2010-08-15 17:58	152576	----a-w-	c:\documents and settings\Rolland david\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2010-08-15 16:31 . 2008-03-07 16:26	--------	d-----w-	c:\program files\Alwil Software
2010-08-15 16:28 . 2010-08-15 16:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\InstallShield
2010-08-15 16:28 . 2010-08-15 16:28	--------	d-----w-	c:\program files\OLITEC
2010-08-15 16:28 . 2008-03-07 16:21	--------	d-----w-	c:\program files\Fichiers communs\InstallShield
2010-08-15 16:23 . 2008-04-06 09:21	--------	d-----w-	c:\program files\Yahoo!
2010-08-15 16:23 . 2009-06-04 15:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype
2010-08-15 16:18 . 2008-03-07 16:45	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-08-15 16:16 . 2009-05-29 19:39	--------	d-----w-	c:\program files\OrangeHSS
2010-08-15 16:12 . 2009-06-04 15:59	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\skypePM
2010-07-22 15:48 . 2004-08-05 12:00	590848	----a-w-	c:\windows\system32pcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2010-06-30 12:32 . 2004-08-05 12:00	149504	----a-w-	c:\windows\system32\schannel.dll
2004-10-01 14:00 . 2008-03-11 20:39	40960	----a-w-	c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-05 12:00 . 762B2A5F0E8B0164A5DB6741959DFB0C . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{FC0D62C2-9640-4AEB-A5D5-CF25DF11FA8C}]
2010-07-21 12:59	135000	----a-w-	c:\program files\OfferBox\OfferBoxBHO.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2010-04-16 3872080]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2006-07-07 1052672]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-08-16 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2005-01-26 106496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-08-15 148888]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OBealsched.exe" [2008-03-13 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Rolland david\Menu D'marrer\Programmes\D'marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\Rolland david\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2010-8-16 135680]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Moniteur WiFi OLITEC.exe.lnk - c:\program files\OLITEC\Moniteur WiFi OLITEC\Moniteur WiFi OLITEC.exe [2010-8-15 913408]

c:\documents and settings\Rolland david\Menu D'marrer\Programmes\D'marrage\
Notification de cadeaux MSN.lnk - c:\documents and settings\Rolland david\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe [2010-8-16 135680]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\BitComet\BitComet.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\Program Files\StepMania CVS\Program\StepMania.exe"=
"c:\Program Files\Microsoft Games\Halo\halo.exe"=
"c:\WINDOWS\system32\dpnsvr.exe"=
"c:\Program Files\Electronic Arts\EADM\Core.exe"=
"c:\Program Files\EA Games\Command & Conquer Generals - Heure H\patchget.dat"=
"c:\Program Files\EA Games\Command and Conquer Generals\game.dat"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Microsoft Games\Age of Mythology\aomx.exe"=
"c:\Program Files\EA Games\Need for Speed Most Wanted\speed.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26841:TCP"= 26841:TCP:BitComet 26841 TCP(ED2K)
"26841:UDP"= 26841:UDP:BitComet 26841 UDP(ED2K)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1056:TCP"= 1056:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [05/08/2004 14:00 14336]
R3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [15/08/2010 18:28 299904]
R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [05/08/2004 14:00 12800]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/08/2010 16:23 135664]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\drivers\PA707UCM.SYS [16/02/2005 09:15 144768]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?]
S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);c:\windows\system32\drivers\ZD1211U.sys [10/10/2008 12:01 233472]

--- Autres Services/Pilotes en mémoire ---

*Deregistered* - mchInjDrv

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Contenu du dossier 'Tâches planifiées'

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 14:23]

2010-09-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 14:23]
.
.
------- Examen supplémentaire -------
.
uStart Page = hxxp://google.fr/
uInternet Connection Wizard,ShellNext = iexplore
IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
IE: Tout télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Télécharger avec BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: Télécharger toutes les vidéos avec BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - c:\program files\Ask.com\GenericAskToolbar.dll
HKCU-Run-PowerBar - (no file)
HKLM-Run-CmPCIaudio - CMICNFG3.cpl
AddRemove-Cheat Engine 5.6.1_is1 - c:\program files\Cheat Engine\unins000.exe
AddRemove-D-Fend Reloaded - c:\program files\D-Fend Reloaded\Uninstall.exe
AddRemove-Hamachi - c:\program files\Hamachi\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-26 00:14
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

HKCU\Software\Microsoft\Windows\CurrentVersion\Run
  PowerBar = ????????????l?@?l?@?D?????9~??????????????9~l?@?l?@????? ???????????W?<~??9~??????9~K?9~x???????[?9~???????? ??????????????|x???0???????????? jt??9~?????????????????x??????R???????l?@?l?@?????Q?:~????t?@?????l?@?8?@?l?@?3??s????????????????????8?@?_??s8?@?8?@ 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ROLLAN~1\LOCALS~1\Temp\mc24.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services
pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gagp30kx]
"ImagePath"="system32\DRIVERS\gagp30kx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gameenum]
"ImagePath"="system32\DRIVERS\gameenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hamachi]
"ImagePath"="system32\DRIVERS\hamachi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IISADMIN]
"ImagePath"="c:\windows\system32\inetsrv\inetinfo.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\InetInfo]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\ROLLAN~1\LOCALS~1\Temp\mc24.tmp"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRVW225]
"ImagePath"="system32\DRIVERS\MRVW225.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services
apagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS
distapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS
disuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS
diswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS
etbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS
etbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32
etdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32
etdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32
etman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services
mwcd]
"ImagePath"="system32\drivers\ccdcmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services
pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32
tmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services
v]
"ImagePath"="system32\DRIVERS
v4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32
vsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS
wlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS
wlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PAC7311]
"ImagePath"="system32\DRIVERS\PA707UCM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCAMPR5]
"ImagePath"="\??\c:\windows\system32\PCAMPR5.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCANDIS5]
"ImagePath"="\??\c:\windows\system32\PCANDIS5.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PnkBstrA]
"ImagePath"="c:\windows\system32\PnkBstrA.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERSaspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\prodrv06]
"ImagePath"="\SystemRoot\System32\drivers\prodrv06.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\prohlp02]
"ImagePath"="System32\drivers\prohlp02.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\prosync1]
"ImagePath"="System32\drivers\prosync1.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERSasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32asauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERSasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32asmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERSaspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERSaspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERSdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Servicesdpdr]
"ImagePath"="system32\DRIVERSdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Servicesedbook]
"ImagePath"="system32\DRIVERSedbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32egsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32pcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32svp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfdrv01]
"ImagePath"="System32\drivers\sfdrv01.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfhlp01]
"ImagePath"="System32\drivers\sfhlp01.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfhlp02]
"ImagePath"="System32\drivers\sfhlp02.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfsync02]
"ImagePath"="System32\drivers\sfsync02.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISAGP]
"ImagePath"="system32\DRIVERS\SISAGPX.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiSGbeXP]
"ImagePath"="system32\DRIVERS\SiSGbeXP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiSRaid2]
"ImagePath"="system32\DRIVERS\SiSRaid2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\smwdm]
"ImagePath"="system32\drivers\smwdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNPSTD3]
"ImagePath"="system32\DRIVERS\snpstd3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\STI Simulator]
"ImagePath"="c:\windows\System32\PAStiSvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{761D433E-39C7-422E-8081-AFEA41D900A3}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32	apisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS	cpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS	ermdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32	ermsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32	lntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32	rkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USB]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usprserv]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vmm]
"ImagePath"="\??\c:\windows\system32\Drivers\vmm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vncdrv]
"ImagePath"="system32\DRIVERS\vncdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VPCNetS2]
"ImagePath"="system32\DRIVERS\VMNetSrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]
"ImagePath"="%SystemRoot%\system32\inetsrv\inetinfo.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wdf01000]
"ImagePath"="system32\DRIVERS\Wdf01000.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WLSetupSvc]
"ImagePath"="\"c:\program files\Windows Live\installer\WLSetupSvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"

Chris 94 · Answer

Bonsoir,

C'est-y mieux comme ça ?

Chris 94 au rapport ! ;-)

moment de grace · Answer

ok

Télécharge ZHPDiag ( de Nicolas coolman ). 
https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html 


(outil de diagnostic)

 Double clique sur le fichier d'installation, puis installe le avec les paramètres par défaut ( N'oublie pas de cocher " Créer une icône sur le bureau " )
 
Lance ZHPDiag en double cliquant sur l'icône présente sur ton bureau (Clique droit -> Executer en tant qu'admin ( vista ) 

Clique sur la loupe en haut à gauche, puis laisse l'outil scanner. 

Une fois le scan terminé, clique sur l'icône en forme de disquette et enregistre le fichier sur ton bureau. 

Rend toi sur Cjoint : http://www.cijoint.fr/ 

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] " 

Sélectionne le rapport ZHPdiag.txt qui se trouve sur ton bureau 

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

sonic814 · Answer

Le programme ce ferme juste apres que je clique sur la loupe

Il ce ferme a 33%

moment de grace · Answer

ok

fais le en mode sans echec

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

sonic814 · Answer

Sa fait toujour pareille. C'est normale que mon avast n'assure plus ma defence ? 
Que tout mon avast et désactivé ?

moment de grace · Answer

il y a quelque chose qui colle pas

supprime combofiox que tu possèdes puis on le refait en mode sans echec avec réseau

Attention, avant de commencer, lit attentivement la procédure, et imprime la

Aide à l'utilisation
https://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix

Télécharge ComboFix de sUBs que tu renommes REMI.exe avant de l'enregistrer sur ton Bureau :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe

redémarrer le pc en mode sans échec avec prise en charge reseau

https://www.micro-astuce.com/depannage/demarrer-mode-sans-echec.php

/!\ Déconnecte-toi du net et <gras>DESACTIVES TOUTES LES DEFENSES, antivirus et antispyware y compris /!\ </gras>

---> Double-clique sur ComboFix.exe
Un "pop-up" va apparaître qui dit que ComboFix est utilisé à vos risques et avec aucune garantie... Clique sur oui pour accepter

SURTOUT INSTALLES LA CONSOLE DE RECUPERATION
(si il te propose de l'installer remets internet)

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

Ne touche à rien(souris, clavier) tant que le scan n'est pas terminé, car tu risques de planter ton PC

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

sonic814 · Answer

Je suis en train de le faire.
Et pour mon avast qui ne marche plus c'est normale ?

sonic814 · Answer

ComboFix 10-09-25.07 - Administrateur 26/09/2010  15:25:35.2.1 - x86 NETWORK
Microsoft Windows XP Professionnel  5.1.2600.3.1252.33.1036.18.2047.1782 [GMT 2:00]
Lancé depuis: c:\documents and settings\Rolland david\Bureau\REMI.exe
.

(((((((((((((((((((((((((((((   Fichiers créés du 2010-08-26 au 2010-09-26  ))))))))))))))))))))))))))))))))))))
.

2010-09-26 13:16 . 2010-09-26 13:16	--------	d-----w-	c:\windows\LastGood
2010-09-26 09:22 . 2010-09-26 09:22	--------	d-----w-	c:\documents and settings\Administrateur\Application Data\TeamViewer
2010-09-26 09:03 . 2010-09-26 09:03	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\TeamViewer
2010-09-26 09:03 . 2010-09-26 09:03	--------	d-----w-	c:\program files\TeamViewer
2010-09-26 08:10 . 2010-09-26 12:46	--------	d-----w-	c:\program files\ZHPDiag
2010-09-25 20:32 . 2010-09-25 20:32	--------	d-sh--w-	c:\documents and settings\Administrateur\PrivacIE
2010-09-25 20:32 . 2010-09-25 20:32	--------	d-sh--w-	c:\documents and settings\Administrateur\IETldCache
2010-09-25 20:03 . 2010-09-25 20:03	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\Malwarebytes
2010-09-25 20:03 . 2010-04-29 13:39	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-25 20:03 . 2010-09-25 20:03	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2010-09-25 20:03 . 2010-09-25 21:06	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2010-09-25 20:03 . 2010-04-29 13:39	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-09-24 19:35 . 2010-09-24 19:35	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\PhotoFiltre
2010-09-24 19:33 . 2010-09-24 19:33	--------	d-----w-	c:\program files\PhotoFiltre
2010-09-24 12:25 . 2010-09-24 12:27	--------	d-----w-	c:\program files\Dofus
2010-09-22 19:33 . 2010-09-24 20:31	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\vlc
2010-09-22 19:30 . 2010-09-24 19:30	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\OfferBox
2010-09-22 19:30 . 2010-09-22 19:33	--------	d-----w-	C:\Temp
2010-09-18 08:13 . 2010-09-18 08:13	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\Uniblue
2010-09-17 19:30 . 2010-09-17 19:30	0	----a-w-	c:\windows
sreg.dat
2010-09-17 19:30 . 2010-09-17 19:30	--------	d-----w-	c:\documents and settings\Rolland david\Local Settings\Application Data\Mozilla
2010-09-17 19:28 . 2009-11-03 12:07	679936	----a-w-	c:\windows\system32\D3DX81ab.dll
2010-09-17 19:28 . 2009-11-03 12:07	1970176	----a-w-	c:\windows\system32\d3dx9.dll
2010-09-17 19:28 . 2010-09-17 19:28	--------	d-----w-	c:\documents and settings\Rolland david\Local Settings\Application Data\OpenCandy
2010-09-17 19:27 . 2010-09-17 19:28	331304	----a-w-	c:\documents and settings\Rolland david\Application Data\OpenCandy\OpenCandy_4F2912E0FD6C4327AA26F2713A7F6CE1\DLMgr_3_1.6.44.exe
2010-09-17 19:27 . 2010-09-17 19:27	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\OpenCandy
2010-09-15 15:19 . 2010-09-15 15:19	--------	d-----w-	c:\documents and settings\All Users\Menu DÚmarrer
2010-09-15 15:01 . 2010-09-23 17:32	--------	d-----w-	c:\program files\Alaplaya
2010-09-15 11:38 . 2010-09-26 13:17	--------	d-----w-	c:\program files\Fichiers communs\Akamai
2010-09-06 16:35 . 2010-09-06 16:35	--------	d-----w-	c:\program files\WinDS PRO
2010-09-06 10:48 . 2010-09-06 10:48	--------	d-----w-	c:\documents and settings\Rolland david\Local Settings\Application Data\PCHealth
2010-09-05 18:27 . 2010-09-12 01:09	184152	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1202660629-115176313-839522115-1003-0.dat
2010-09-05 18:27 . 2010-09-12 01:09	147750	----a-w-	c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
2010-09-05 15:12 . 2010-09-05 15:12	--------	d-----w-	c:\program files\Microsoft Synchronization Services
2010-09-05 15:12 . 2010-09-05 15:12	--------	d-----w-	c:\program files\Microsoft SQL Server Compact Edition
2010-09-05 15:12 . 2010-09-05 15:12	113504	----a-w-	c:\documents and settings\All Users\Application Data\Microsoft\VCExpress\10.0\1036\ResourceCache.dll
2010-09-05 15:08 . 2010-09-05 15:08	--------	d-----w-	c:\windows\symbols
2010-09-05 15:08 . 2010-09-05 15:10	--------	d-----w-	c:\program files\Microsoft Visual Studio 10.0
2010-09-05 15:08 . 2010-09-05 15:08	--------	d-----w-	c:\program files\Microsoft SDKs
2010-09-05 15:08 . 2010-09-05 15:08	--------	d-----w-	c:\program files\Microsoft Help Viewer
2010-09-05 15:08 . 2010-09-05 15:08	--------	d-----w-	c:\program files\Fichiers communs\Merge Modules
2010-09-05 14:53 . 2010-09-05 15:09	--------	d-----w-	c:\program files\Microsoft.NET
2010-09-04 19:50 . 2010-09-26 10:01	--------	d-----w-	c:\program files\Game_Maker6
2010-09-04 14:09 . 2010-09-04 14:09	--------	d-----w-	c:\program files\BreakPoint Software

.
((((((((((((((((((((((((((((((((((   Compte-rendu de Find3M   ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-09-26 13:17 . 2010-08-15 16:31	--------	d-----w-	c:\documents and settings\All Users\Application Data\Alwil Software
2010-09-26 13:12 . 2008-03-07 21:35	--------	d-----w-	c:\program files\BitComet
2010-09-25 21:53 . 2008-03-11 20:49	--------	d-----w-	c:\program files\SuperCopier2
2010-09-25 20:25 . 2008-03-07 16:45	--------	d-----w-	c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-23 17:32 . 2008-03-07 16:21	--------	d--h--w-	c:\program files\InstallShield Installation Information
2010-09-23 16:18 . 2010-08-19 12:08	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\Dofus 2
2010-09-15 10:46 . 2008-03-30 18:54	--------	d-----w-	c:\program files\Microsoft Silverlight
2010-09-06 18:45 . 2004-08-05 12:00	613782	----a-w-	c:\windows\system32\perfh00C.dat
2010-09-06 18:45 . 2004-08-05 12:00	115388	----a-w-	c:\windows\system32\perfc00C.dat
2010-09-05 15:11 . 2008-03-08 08:42	23032	----a-w-	c:\documents and settings\Rolland david\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-09-05 15:08 . 2008-03-10 07:29	--------	d-----w-	c:\program files\MSBuild
2010-09-04 19:32 . 2008-07-04 04:42	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\Hamachi
2010-09-04 19:25 . 2008-07-04 04:41	10578	----a-w-	c:\windows\system32\drivers\hamachi.sys
2010-08-26 17:52 . 2008-07-20 09:20	--------	d-----w-	c:\program files\EA Games
2010-08-26 12:51 . 2008-03-14 18:37	--------	d-----w-	c:\program files\Microsoft Games
2010-08-25 15:20 . 2010-08-25 15:14	--------	d-----w-	c:\program files\X Plugin Manager
2010-08-22 20:35 . 2010-08-22 20:35	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\Dofus-3.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-08-19 16:35 . 2010-08-19 16:35	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\Dofus.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-08-19 12:09 . 2010-08-19 12:09	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\Reg.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-08-19 12:09 . 2010-08-19 12:09	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\app
2010-08-19 12:08 . 2010-08-19 12:08	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\Dofus-2.C9ECCBDBA4E09304DEEFB106465BC17F6D6749B9.1
2010-08-18 18:32 . 2010-08-18 18:32	--------	d-----w-	c:\program files\Dofus 2
2010-08-18 18:32 . 2010-08-18 18:32	--------	d-----w-	c:\program files\Fichiers communs\Adobe AIR
2010-08-18 18:31 . 2010-09-25 20:31	53632	----a-w-	c:\documents and settings\Administrateur\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-18 18:31 . 2010-08-31 20:58	53632	----a-w-	c:\documents and settings\ROLLAND\ASPNET\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-18 18:31 . 2010-08-19 12:08	53632	----a-w-	c:\documents and settings\Rolland david\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-18 18:31 . 2010-08-18 18:32	53632	----a-w-	c:\documents and settings\Default User\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe
2010-08-17 18:48 . 2008-03-07 16:13	86331	----a-w-	c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-08-17 13:17 . 2004-08-05 12:00	58880	----a-w-	c:\windows\system32\spoolsv.exe
2010-08-16 19:19 . 2010-08-16 15:28	--------	d-----w-	c:\program files\C-Media PCI Audio Device
2010-08-16 14:23 . 2008-03-12 05:55	--------	d-----w-	c:\program files\Google
2010-08-16 14:22 . 2010-08-16 14:22	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\BitComet
2010-08-16 10:52 . 2008-04-10 17:59	--------	d-----w-	c:\program files\DesktopEarth
2010-08-16 10:48 . 2008-08-22 18:43	--------	d-----w-	c:\program files\OpenOffice.org 2.4
2010-08-16 10:44 . 2008-03-13 17:32	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\OpenOffice.org2
2010-08-16 10:37 . 2008-03-08 06:20	--------	d-----w-	c:\program files\Windows Live
2010-08-16 10:36 . 2010-08-16 10:36	--------	d-----w-	c:\program files\Microsoft
2010-08-16 10:36 . 2010-08-16 10:36	--------	d-----w-	c:\program files\Windows Live SkyDrive
2010-08-16 10:27 . 2010-08-16 10:27	--------	d-----w-	c:\program files\Fichiers communs\Windows Live
2010-08-16 10:23 . 2010-08-16 10:23	86576	----a-w-	c:\documents and settings\Rolland david\Application Data\Microsoft\Services Windows Live\Raccourci Galerie de Photos Windows Live.exe
2010-08-16 10:23 . 2010-08-16 10:23	392728	----a-w-	c:\documents and settings\Rolland david\Application Data\Microsoft\Services Windows Live\Services Windows Live.dll
2010-08-16 10:23 . 2010-08-16 10:23	135680	----a-w-	c:\documents and settings\Rolland david\Application Data\Microsoft\Notification de cadeaux MSN\lsnfier.exe
2010-08-16 10:23 . 2010-08-16 10:23	132672	----a-w-	c:\documents and settings\Rolland david\Application Data\Microsoft\Services Windows Live\Raccourci Windows Live Messenger.exe
2010-08-16 09:55 . 2008-03-10 14:46	--------	d-----w-	c:\program files\Canon
2010-08-15 20:18 . 2008-03-07 20:25	--------	d-----w-	c:\program files\VideoLAN
2010-08-15 18:01 . 2010-08-15 18:01	229208	----a-w-	c:\windows\system32\drivers\VMM.sys
2010-08-15 17:58 . 2010-08-15 17:59	410984	----a-w-	c:\windows\system32\deploytk.dll
2010-08-15 17:58 . 2008-03-07 17:08	--------	d-----w-	c:\program files\Java
2010-08-15 17:58 . 2010-08-15 17:58	152576	----a-w-	c:\documents and settings\Rolland david\Application Data\Sun\Java\jre1.6.0_13\lzma.dll
2010-08-15 16:31 . 2008-03-07 16:26	--------	d-----w-	c:\program files\Alwil Software
2010-08-15 16:28 . 2010-08-15 16:28	--------	d-----w-	c:\documents and settings\All Users\Application Data\InstallShield
2010-08-15 16:28 . 2010-08-15 16:28	--------	d-----w-	c:\program files\OLITEC
2010-08-15 16:28 . 2008-03-07 16:21	--------	d-----w-	c:\program files\Fichiers communs\InstallShield
2010-08-15 16:23 . 2008-04-06 09:21	--------	d-----w-	c:\program files\Yahoo!
2010-08-15 16:23 . 2009-06-04 15:56	--------	d-----w-	c:\documents and settings\All Users\Application Data\Skype
2010-08-15 16:18 . 2008-03-07 16:45	--------	d-----w-	c:\program files\Spybot - Search & Destroy
2010-08-15 16:16 . 2009-05-29 19:39	--------	d-----w-	c:\program files\OrangeHSS
2010-08-15 16:12 . 2009-06-04 15:59	--------	d-----w-	c:\documents and settings\Rolland david\Application Data\skypePM
2010-07-22 15:48 . 2004-08-05 12:00	590848	----a-w-	c:\windows\system32pcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25	5632	----a-w-	c:\windows\system32\xpsp4res.dll
2010-06-30 12:32 . 2004-08-05 12:00	149504	----a-w-	c:\windows\system32\schannel.dll
2004-10-01 14:00 . 2008-03-11 20:39	40960	----a-w-	c:\program files\Uninstall_CDS.exe
.

------- Sigcheck -------

[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\mspmsnsv.dll
[-] 2006-10-18 19:47 . C51B4A5C05A5475708E3C81C7765B71D . 27136 . . [11.0.5721.5145] . . c:\windows\system32\dllcache\mspmsnsv.dll
[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\$NtUninstallWMFDist11$\mspmsnsv.dll
[-] 2005-01-28 12:44 . 140EF97B64F560FD78643CAE2CDAD838 . 25088 . . [10.0.3790.3802] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}\MsPMSNSv.dll
[-] 2004-08-05 12:00 . 762B2A5F0E8B0164A5DB6741959DFB0C . 52736 . . [9.0.1.56] . . c:\windows\RegisteredPackages\{30C7234B-6482-4A55-A11D-ECD9030313F2}$BACKUP$\System\MsPMSNSv.dll
.
(((((((((((((((((((((((((((((   SnapShot@2010-09-25_22.14.19   )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-09-26 13:16 . 2010-09-07 14:24	12112              c:\windows\LastGood\system32\DRIVERS\aswNdis.sys
+ 2008-06-27 05:06 . 2010-09-26 13:21	212967              c:\windows\system32\inetsrv\MetaBase.bin
.
(((((((((((((((((((((((((((((((((   Points de chargement Reg   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés 
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2005-01-26 106496]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-06-01 7618560]
"nwiz"="nwiz.exe" [2006-06-01 1519616]
"NvMediaCenter"="NvMCTray.dll" [2006-06-01 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-08-15 148888]
"OpwareSE2"="c:\program files\ScanSoft\OmniPageSE2.0\OpwareSE2.exe" [2003-05-08 49152]
"RemoteControl"="c:\program files\CyberLink DVD Solution\PowerDVD\PDVDServ.exe" [2004-11-02 32768]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OBealsched.exe" [2008-03-13 185896]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"snpstd3"="c:\windows\vsnpstd3.exe" [2006-09-19 827392]
"ISUSPM Startup"="c:\program files\Fichiers communs\InstallShield\UpdateService\isuspm.exe" [2005-08-11 249856]
"ISUSScheduler"="c:\program files\Fichiers communs\InstallShield\UpdateService\issch.exe" [2005-08-11 81920]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
Moniteur WiFi OLITEC.exe.lnk - c:\program files\OLITEC\Moniteur WiFi OLITEC\Moniteur WiFi OLITEC.exe [2010-8-15 913408]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe"=
"%windir%\Network Diagnostic\xpnetdiag.exe"=
"c:\Program Files\BitComet\BitComet.exe"=
"c:\WINDOWS\system32\dpvsetup.exe"=
"c:\Program Files\StepMania CVS\Program\StepMania.exe"=
"c:\Program Files\Microsoft Games\Halo\halo.exe"=
"c:\WINDOWS\system32\dpnsvr.exe"=
"c:\Program Files\Electronic Arts\EADM\Core.exe"=
"c:\Program Files\EA Games\Command & Conquer Generals - Heure H\patchget.dat"=
"c:\Program Files\EA Games\Command and Conquer Generals\game.dat"=
"c:\Program Files\Windows Live\Messenger\wlcsdk.exe"=
"c:\Program Files\Windows Live\Messenger\msnmsgr.exe"=
"c:\Program Files\Microsoft Games\Age of Mythology\aomx.exe"=
"c:\Program Files\EA Games\Need for Speed Most Wanted\speed.exe"=
"c:\Program Files\TeamViewer\Version5\TeamViewer.exe"=
"c:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26841:TCP"= 26841:TCP:BitComet 26841 TCP(ED2K)
"26841:UDP"= 26841:UDP:BitComet 26841 UDP(ED2K)
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"1058:TCP"= 1058:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface

R3 MRVW225;802.11g/b Wireless LAN Dirver for Windows XP;c:\windows\system32\drivers\MRVW225.sys [15/08/2010 18:28 299904]
R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [05/08/2004 14:00 12800]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [05/08/2004 14:00 14336]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [18/03/2010 13:16 130384]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [16/08/2010 16:23 135664]
S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?]
S3 PAC7311;VGA SoC PC-Camer@;c:\windows\system32\drivers\PA707UCM.SYS [16/02/2005 09:15 144768]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [18/03/2010 13:16 753504]
S3 XDva362;XDva362;\??\c:\windows\system32\XDva362.sys --> c:\windows\system32\XDva362.sys [?]
S3 ZD1211U(Sitecom);Sitecom Wireless Network USB Adapter Driver(Sitecom);c:\windows\system32\drivers\ZD1211U.sys [10/10/2008 12:01 233472]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
Contenu du dossier 'Tâches planifiées'

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 14:23]

2010-09-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-08-16 14:23]
.
- - - - ORPHELINS SUPPRIMES - - - -

AddRemove-OfferBox - c:\program files\OfferBox\uninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-09-26 15:34
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ... 

Recherche d'éléments en démarrage automatique cachés ... 

Recherche de fichiers cachés ... 

Scan terminé avec succès
Fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services
pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gagp30kx]
"ImagePath"="system32\DRIVERS\gagp30kx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gameenum]
"ImagePath"="system32\DRIVERS\gameenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hamachi]
"ImagePath"="system32\DRIVERS\hamachi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IISADMIN]
"ImagePath"="c:\windows\system32\inetsrv\inetinfo.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\InetInfo]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRVW225]
"ImagePath"="system32\DRIVERS\MRVW225.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services
apagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS
distapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS
disuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS
diswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS
etbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS
etbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32
etdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32
etdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32
etman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services
mwcd]
"ImagePath"="system32\drivers\ccdcmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services
pggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32
tmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services
v]
"ImagePath"="system32\DRIVERS
v4_mini.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32
vsvc32.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS
wlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS
wlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PAC7311]
"ImagePath"="system32\DRIVERS\PA707UCM.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCAMPR5]
"ImagePath"="\??\c:\windows\system32\PCAMPR5.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCANDIS5]
"ImagePath"="\??\c:\windows\system32\PCANDIS5.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PnkBstrA]
"ImagePath"="c:\windows\system32\PnkBstrA.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERSaspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\prodrv06]
"ImagePath"="\SystemRoot\System32\drivers\prodrv06.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\prohlp02]
"ImagePath"="System32\drivers\prohlp02.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\prosync1]
"ImagePath"="System32\drivers\prosync1.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERSasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32asauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERSasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32asmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERSaspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERSaspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERSdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Servicesdpdr]
"ImagePath"="system32\DRIVERSdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Servicesedbook]
"ImagePath"="system32\DRIVERSedbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32egsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32pcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32svp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfdrv01]
"ImagePath"="System32\drivers\sfdrv01.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfhlp01]
"ImagePath"="System32\drivers\sfhlp01.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfhlp02]
"ImagePath"="System32\drivers\sfhlp02.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfsync02]
"ImagePath"="System32\drivers\sfsync02.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SISAGP]
"ImagePath"="system32\DRIVERS\SISAGPX.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiSGbeXP]
"ImagePath"="system32\DRIVERS\SiSGbeXP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SiSRaid2]
"ImagePath"="system32\DRIVERS\SiSRaid2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\smwdm]
"ImagePath"="system32\drivers\smwdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SNPSTD3]
"ImagePath"="system32\DRIVERS\snpstd3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\STI Simulator]
"ImagePath"="c:\windows\System32\PAStiSvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{761D433E-39C7-422E-8081-AFEA41D900A3}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32	apisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS	cpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS	ermdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32	ermsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32	lntsvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32	rkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USB]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usprserv]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vmm]
"ImagePath"="\??\c:\windows\system32\Drivers\vmm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\vncdrv]
"ImagePath"="system32\DRIVERS\vncdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VPCNetS2]
"ImagePath"="system32\DRIVERS\VMNetSrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]
"ImagePath"="%SystemRoot%\system32\inetsrv\inetinfo.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wdf01000]
"ImagePath"="system32\DRIVERS\Wdf01000.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 4.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WLSetupSvc]
"ImagePath"="\"c:\program files\Windows Live\installer\WLSetupSvc.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\mspmsnsv.dll"

moment de grace · Answer

Rends toi sur ce site : 

https://www.virustotal.com/gui/ 

Clique sur parcourir et cherche ce fichier : 

c:\documents and settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-1202660629-115176313-839522115-1003-0.dat 

c:\windows\LastGood\system32\DRIVERS\aswNdis.sys  

c:\windows\system32\inetsrv\MetaBase.bin 

c:\windows\system32\drivers\mvb35316.sys 

c:\windows\system32\XDva362.sys 



Clique sur Send File. 

Un rapport va s'élaborer ligne à ligne. 

Attends la fin. Il doit comprendre la taille du fichier envoyé. 


Copie le lien de Virus Total dans ta réponse.

Si tu ne trouves pas le fichier alors

Affiche tous les fichiers et dossiers : 

Pour cela : 
Clique sur démarrer/panneau de configuration/option des dossiers/affichage 

Cocher afficher les dossiers cachés

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" 

Décocher masquer les extensions dont le type est connu 

Puis fais «appliquer» pour valider les changements. 

Et OK


tuto pour t'aider

http://www.bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm

sonic814 · Answer

Le 1er 

http://www.virustotal.com/file-scan/report.html?id=2040f39b7674ca446677b2ac09d10d72a68f51df7a286b61141270d143733a58-1285515565

Le 2éme 

Je ne le trouve pas et je ne trouve aps le dosier LastGood je tombe directement sur Systeme32 

Le 3éme  

http://www.virustotal.com/file-scan/report.html?id=76500fd9352156a403b0bc23a476647e41d8ae73a77cd3e10b9ea0715609d584-1285513194 

Le 4éme  

 Je ne le trouve pas.

moment de grace · Answer

le premier lien ne donne rien

sonic814 · Answer

C'est corrigé

moment de grace · Answer

ok

j'ai du mal avec ton sujet

on fait le point

avast est ko

et zhp coince ?

y 'a t il autre chose qui cloche ?

sonic814 · Answer

Avast est bien KO je les désinstalelr pour pouvoir le réinstalelr plus tard ZHP Se ferme tous seule a 33% du scan.Et sur ZHP quand je scan avec et qui se ferme je réexécuter le programme d'installation pour le refaire masi sa rebloque a 33 %. 
Et peut être d'autre chsoe je n'ai aps vérifier A MBAM Aussi sa me dit en gros que je ne dispose peut être pas des autorisation requise sa me l'avait fait pour avast et ZHP quand je veut el lancer une deuxième fois.

moment de grace · Answer

DESACTIVE TON ANTIVIRUS ET TON PAREFEU SI PRESENTS !!!!!(car il est detecté a tort comme infection)

Télécharge List_Kill'em et enregistre le sur ton bureau

http://sd-4.archive-host.com/membres/up/829108531491024/Mes_Tools/List_Killem_Install.exe


double clique ( clic droit "executer en tant qu'administrateur" pour Vista/7 ) sur le raccourci sur ton bureau pour lancer l'installation

Laisse coché :

 Executer List_Kill'em"


une fois terminée , clic sur "terminer" et le programme se lancera seul

choisis l'option Search

laisse travailler l'outil

à l'apparition de la fenetre blanche , c'est un peu long , c'est normal , le programme n'est pas bloqué.

 Poste le contenu du rapport qui s'ouvre aux 100 % du scan à l'ecran "COMPLETED"

Rend toi sur Cjoint : http://www.cijoint.fr/ 

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] " 

Sélectionne le rapport C:\List'em.txt

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

Même opération pour le rapport more.txt qui se trouve sur ton bureau


si soucis avec ci joint. fr 

=> utiliser https://www.cjoint.com/
=>  utiliser http://ww38.toofiles.com/fr/oip/documents/txt/av.html

sonic814 · Answer

http://www.cijoint.fr/cjlink.php?file=cj201009/cijjOkgmhK.txt 
http://www.cijoint.fr/cjlink.php?file=cj201009/cijmcxs09l.txt

moment de grace · Answer

1)

Relance List_Kill'em(soit en clic droit pour vista/7),avec le raccourci sur ton bureau. 
mais cette fois-ci : 

choisis l'option CLEAN
 

laisse travailler l'outil. 

en fin de scan la fenetre se ferme , et tu as un rapport du nom de Kill'em.txt sur ton bureau , 

colle le contenu dans ta reponse

.............

2)

Rends toi sur ce site : 

https://www.virustotal.com/gui/ 

Clique sur parcourir et cherche ce fichier : 


C:\Program Files\StepMania CVS\Program\StepMania.exe


Clique sur Send File. 

Un rapport va s'élaborer ligne à ligne. 

Attends la fin. Il doit comprendre la taille du fichier envoyé. 


Copie le lien de Virus Total dans ta réponse.

Si tu ne trouves pas le fichier alors

Affiche tous les fichiers et dossiers : 

Pour cela : 
Clique sur démarrer/panneau de configuration/option des dossiers/affichage 

Cocher afficher les dossiers cachés

Décoche la case "Masquer les fichiers protégés du système d'exploitation (recommandé)" 

Décocher masquer les extensions dont le type est connu 

Puis fais «appliquer» pour valider les changements. 

Et OK


tuto pour t'aider

http://www.bibou0007.com/scans-en-ligne-f75/tutorial-sur-virustotal-t190.htm

sonic814 · Answer

¤¤¤¤¤¤¤¤¤¤ Kill'em by g3n-h@ckm@n 2.1.0.8 ¤¤¤¤¤¤¤¤¤¤ 
 
User : Rolland remi (Administrateurs) 
Update on 25/09/2010 by g3n-h@ckm@n ::::: 19.10
Start at: 19:18:29 | 26/09/2010

AMD Sempron(tm) Processor 2800+
Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
Internet Explorer 8.0.6001.18702
Windows Firewall Status : Disabled

A:\ -> Lecteur de disquettes 3 ½ pouces
C:\ -> Disque fixe local | 76,32 Go (2,88 Go free) | NTFS
D:\ -> Disque fixe local | 232,88 Go (142,43 Go free) [animes] | NTFS
E:\ -> Disque CD-ROM | 2,09 Go (0 Mo free) [NFSMW] | UDF

¤¤¤¤¤¤¤¤¤¤ Files/folders : 

Quarantined & Deleted !! : C:\WINDOWS\003190_.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET3.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET4.tmp 
Quarantined & Deleted !! : C:\WINDOWS\SET8.tmp 
 
Quarantined & Deleted !! : C:\WINDOWS\System32\drivers\etc\hosts.msn 
Quarantined & Deleted !! : C:\WINDOWS\System32\ealregsnapshot1.reg 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET164.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET166.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SET172.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETF6.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETF7.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETF8.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETF9.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETFA.tmp 
Quarantined & Deleted !! : C:\WINDOWS\System32\SETFB.tmp 
Quarantined & Deleted !! : C:\Documents and Settings\Rolland david\Application Data\app 
 
¤¤¤¤¤¤¤¤¤¤ Hosts ¤¤¤¤¤¤¤¤¤¤

127.0.0.1       localhost   

¤¤¤¤¤¤¤¤¤¤ Registry ¤¤¤¤¤¤¤¤¤¤

Deleted : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser : {0E5CBF21-D15F-11D0-8301-00AA005B4383}  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives  
Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer : NoDrives  
Deleted : HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System : DisableRegistryTools  
Deleted : "HKCU\software\microsoft\internet explorer\searchscopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}"  
Deleted : HKCR\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}  
Deleted : HKLM\software\classes\appid\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}  
Deleted : HKLM\software\classes\appid\GenericAskToolbar.DLL  
Deleted : HKLM\Software\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}  
Deleted : HKLM\Software\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}  
Deleted : HKLM\Software\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}  

¤¤¤¤¤¤¤¤¤¤ Internet Explorer ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
Start Page	=         	https://www.msn.com/fr-fr/?ocid=iehp
Local Page	=         	C:\WINDOWS\system32\blank.htm
Default_Search_URL	=         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
Default_Page_URL	=         	https://www.msn.com/fr-fr/?ocid=iehp
Search Page	=         	https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
Start Page	=         	https://www.google.com/?gws_rd=ssl
Local Page	=         	C:\WINDOWS\system32\blank.htm
Search Page	=         	http://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch

¤¤¤¤¤¤¤¤¤¤ Security Center ¤¤¤¤¤¤¤¤¤¤

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] 
FirstRunDisabled	=      	1 () 
AntiVirusDisableNotify	=      	0 (0x0) 
FirewallDisableNotify	=      	0 (0x0) 
UpdatesDisableNotify	=      	0 (0x0) 
AntiVirusOverride	=      	0 (0x0) 
FirewallOverride	=      	0 (0x0) 
 
¤¤¤¤¤¤¤¤¤¤ Services ¤¤¤¤¤¤¤¤¤¤

 Ndisuio : Start = 3   
 EapHost : Start = 2   
 Ip6Fw : Start = 2   
 SharedAccess : Start = 2   
 wuauserv : Start = 2   
 wscsvc : Start = 2   

¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤
Disk Cleaned
anti-ver blaster : OK 
Prefetch cleaned 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ 

FEATURE_BROWSER_EMULATION | svchost : 
====================================
 

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: MBR read successfully
called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll prosync1.sys sfsync02.sys atapi.sys pciide.sys PCIIDEX.SYS 
kernel: MBR read successfully
user & kernel MBR OK 
 
 
 
 
¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤ ( EOF ) ¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

sonic814 · Answer

http://www.virustotal.com/file-scan/report.html?id=5b8c1c67b77e1d526301e693e3691f39f79b224195f429723aa392d87c660e52-1285522928

moment de grace · Answer

1)

tu le connais ce StepMania CVS\

2)

tente à nouveau zhp quitte à le supprimer et le retélécharger

sinon

* Télécharge Random's System Information Tool (RSIT) de Random/Random. 

(outil de diagnostic)

http://images.malwareremoval.com/random/RSIT.exe 

* Enregistre le sur ton Bureau. 

* Double clique sur RSIT.exe pour lancer l'outil. 

* Clique sur "Continue" à l'écran Disclaimer. 

* Si l'outil HijackThis n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera (autorise l'accès dans ton pare-feu s'il te le demande) 

et tu devras accepter la licence. 

* Une fois le scan terminé, deux rapports vont apparaître 

Rend toi sur Cjoint : http://www.cijoint.fr/ 

Clique sur "Parcourir " dans la partie " Joindre un fichier[...] " 

Sélectionne chaque rapport 

Clique ensuite sur "Cliquez ici pour déposer le fichier " et copie/colle le lien dans ton prochain message

Les rapports se trouvent à cet endroit: 
C:\rsit\info.txt 
C:\rsit\log.txt

sonic814 · Answer

1. oui je connais step mania c'est un jeu.

sonic814 · Answer

Je ne vois que le log.
http://www.cijoint.fr/cjlink.php?file=cj201009/cijTiQcCbk.txt

moment de grace · Answer

tu n'as pas installé hijackthis...

télécharges Hijackthis
https://www.commentcamarche.net/telecharger/securite/11747-hijackthis/
Lancer HijackThis en double-cliquant sur l'icône du logiciel
Au menu principal, cliquer sur Do a system Scan only and Save a Logfile
Un rapport sera alors généré dans un fichier bloc-notes, il sera situé dans le dossier désinfection initialement créé pour l'installation.
Postes le ici

sonic814 · Answer

Je ne le trouve pas.

moment de grace · Answer

tu ne trouves pas quoi ?

sonic814 · Answer

Le  2éme rapport

moment de grace · Answer

refais hijackthis simplement et sauvegarde le rapport

sonic814 · Answer

Je ne peut plus le lancer j'ai juste le rapport log que je t'es posté un peut plus haut.

moment de grace · Answer

je comprends rien..

as tu un message, quelque chose,... "je ne peux plus le lancer" ca fait court quand on est pas devant le pc

retélécharges le et relances le

de plus le fond d'écran bleu avec un cadre noir et dans le cadre noir il y a en rouge a bien disparu lui ?

sonic814 · Answer

Oui dés que j'a rallumé le PC je n'avais même pas encore posté il est partie

moment de grace · Answer

ok  

faisons simple  

as tu tenté de réinstaller ton antivirus ?  

CONTRIBUTEUR SECURITE  

Désinfection = diagnostic + traitement + finalisation  
"Restez" jusqu'au bout...merci

sonic814 · Answer

Oui désolé pour la lenteur j'ai eu un petit problème. 
J'ai tenté de le réinstallé 2 3 fois. Au départ c'est comme si tous marché bien ensuite tous les agent son désactivé et  tous le reste de l'antivirus.

moment de grace · Answer

on refait MBAM qui n'a pas eu lieu

comme indiqué ici  https://forums.commentcamarche.net/forum/affich-19295515-your-systeme-is-infected#1

sonic814 · Answer

D'accord mais j'ai un problème mon internet se met plus.

moment de grace · Answer

c'est de pire en pire

as tu encore acces à la restauration systeme ?

Your systeme is infected !

40 réponses

Votre réponse

Discussions similaires

Newsletters