Virus : Antivirus 2010 Impossible à supprimer
Fermé
Alex51260
-
29 sept. 2010 à 12:58
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 - 10 nov. 2010 à 13:37
sherred Messages postés 8346 Date d'inscription samedi 26 janvier 2008 Statut Membre Dernière intervention 25 mars 2024 - 10 nov. 2010 à 13:37
A voir également:
- Virus : Antivirus 2010 Impossible à supprimer
- Youtu.be virus - Accueil - Guide virus
- Svchost.exe virus - Guide
- Faux message virus ordinateur - Accueil - Arnaque
- Softonic virus ✓ - Forum Virus
- Virus mcafee - Accueil - Piratage
20 réponses
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
29 sept. 2010 à 13:02
29 sept. 2010 à 13:02
essaye comme cela
Télécharger Rkill de Grinler
Pour arrêter temporairement l'infection,
Télécharge Rkill (de Grinler) sur ton Bureau.
https://download.bleepingcomputer.com/grinler/rkill.exe
fait double clic pour le lancer.
* Désactive ton antivirus
* Double clique sur Rkill.exe pour le lancer (si tu es sous Windows Vista ou 7, lance le par un clic-droit --> exécuter en temps qu'administrateur)
* Une fenêtre à fond noir (très rapide) va apparaître et se refermer.
Elle indiquera que tout s'est bien déroulé
Si tu n'arrives pas à le lancer, utilise un de ces deux autres liens :
https://download.bleepingcomputer.com/grinler/rkill.scr
https://download.bleepingcomputer.com/grinler/rkill.com
Ensuite, utilise aussitôt ton logiciel de désinfection
Malwarebyte's
Télécharger Rkill de Grinler
Pour arrêter temporairement l'infection,
Télécharge Rkill (de Grinler) sur ton Bureau.
https://download.bleepingcomputer.com/grinler/rkill.exe
fait double clic pour le lancer.
* Désactive ton antivirus
* Double clique sur Rkill.exe pour le lancer (si tu es sous Windows Vista ou 7, lance le par un clic-droit --> exécuter en temps qu'administrateur)
* Une fenêtre à fond noir (très rapide) va apparaître et se refermer.
Elle indiquera que tout s'est bien déroulé
Si tu n'arrives pas à le lancer, utilise un de ces deux autres liens :
https://download.bleepingcomputer.com/grinler/rkill.scr
https://download.bleepingcomputer.com/grinler/rkill.com
Ensuite, utilise aussitôt ton logiciel de désinfection
Malwarebyte's
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
29 sept. 2010 à 14:09
29 sept. 2010 à 14:09
sinon essai de redémarrer sans echec
Pour démarrer en mode sans échec ' avec prise en charge reseau'
>>1--demarre ou redémarre l'ordinateur. L'affichage affichent la progression du BIOS,
>>2--A la fin du chargement du BIOS, tapotte sur la touche F8 de ton clavier. jusqu'à ce que le menu des options avancées de Windows apparaisse. Si tu appuie sur la touche F8 trop tôt, il est possible que certains ordinateurs affichent le message "erreur clavier". Dans ce cas redémarre l'ordinateur et essaye de nouveau.
>>3--En utilisant les flèches de ton clavier, sélectionne « Mode sans échec ' avec prise en charge reseau'
» dans le menu puis appuie sur Entrée.
Pour démarrer en mode sans échec ' avec prise en charge reseau'
>>1--demarre ou redémarre l'ordinateur. L'affichage affichent la progression du BIOS,
>>2--A la fin du chargement du BIOS, tapotte sur la touche F8 de ton clavier. jusqu'à ce que le menu des options avancées de Windows apparaisse. Si tu appuie sur la touche F8 trop tôt, il est possible que certains ordinateurs affichent le message "erreur clavier". Dans ce cas redémarre l'ordinateur et essaye de nouveau.
>>3--En utilisant les flèches de ton clavier, sélectionne « Mode sans échec ' avec prise en charge reseau'
» dans le menu puis appuie sur Entrée.
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
29 sept. 2010 à 14:14
29 sept. 2010 à 14:14
tu me dit si ca marche
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
29 sept. 2010 à 18:02
29 sept. 2010 à 18:02
--> Télécharge FindyKill sur ton bureau :
http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe
double clique sur setup.exe
choisis ta langue ;)
--> Au menu principal, choisis l'option 1 (Recherche)
--> Poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe
double clique sur setup.exe
choisis ta langue ;)
--> Au menu principal, choisis l'option 1 (Recherche)
--> Poste le rapport FindyKill.txt
Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
Voila voila :)
############################## | FindyKill V5.050 |
# User : Valérie (Administrateurs) # ATHLON64X2-4400
# Update on 03/09/2010 by El Desaparecido
# Start at: 19:25:55 | 30/09/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1368 [VPS 100926-0] 4.8.1368 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 24,9 Go (1,68 Go free) # NTFS
# D:\ # Disque fixe local # 49,62 Go (20,65 Go free) # NTFS
# E:\ # Disque amovible
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque CD-ROM
################## | Eléments infectieux |
C:\WINDOWS\prefetch\WINUPGRO.EXE-2D513C93.pf
################## | Registre |
################## | Etat |
# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | ! Fin du rapport # FindyKill V5.050 ! |
############################## | FindyKill V5.050 |
# User : Valérie (Administrateurs) # ATHLON64X2-4400
# Update on 03/09/2010 by El Desaparecido
# Start at: 19:25:55 | 30/09/2010
# Website : http://pagesperso-orange.fr/NosTools/index.html
# Contact : FindyKill.Contact@gmail.com
# AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
# Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
# Internet Explorer 8.0.6001.18702
# Windows Firewall Status : Enabled
# AV : avast! antivirus 4.8.1368 [VPS 100926-0] 4.8.1368 [ Enabled | Updated ]
# A:\ # Lecteur de disquettes 3 ½ pouces
# C:\ # Disque fixe local # 24,9 Go (1,68 Go free) # NTFS
# D:\ # Disque fixe local # 49,62 Go (20,65 Go free) # NTFS
# E:\ # Disque amovible
# F:\ # Disque amovible
# G:\ # Disque amovible
# H:\ # Disque amovible
# I:\ # Disque CD-ROM
################## | Eléments infectieux |
C:\WINDOWS\prefetch\WINUPGRO.EXE-2D513C93.pf
################## | Registre |
################## | Etat |
# Affichage des fichiers cachés : OK
# Mode sans echec : OK
# Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
# EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
# Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
# SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
# wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
# wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )
################## | ! Fin du rapport # FindyKill V5.050 ! |
Le problème c'est que mon Antivirus : Avast est bloqué et je n'arrive pas à le fermé car la fonction arrêter le service est en grisé.
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
29 sept. 2010 à 13:17
29 sept. 2010 à 13:17
essai tout de meme , on verra ensuite
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
29 sept. 2010 à 13:39
29 sept. 2010 à 13:39
ok
* Télécharge ZHPDiag (de Nicolas Coolman). https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
Rend toi sur Cijoint http://www.cijoint.fr/
et indique l'emplacement du rapport à l'aide du bouton "Parcourir..." Ensuite Clique sur "Cliquez ici pour déposer le fichier"
Un lien sera généré, copie et colle-le dans ta prochaine réponse.
* Télécharge ZHPDiag (de Nicolas Coolman). https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
Rend toi sur Cijoint http://www.cijoint.fr/
et indique l'emplacement du rapport à l'aide du bouton "Parcourir..." Ensuite Clique sur "Cliquez ici pour déposer le fichier"
Un lien sera généré, copie et colle-le dans ta prochaine réponse.
Bonjour Sherred,
J'ai exactement le meme probleme! Antivirus Studio 2010 est entrain de pourir mon ordi!
J'ai suivi tes conseils et telechargé Zebulon. Jai lancer le diagnostic et enrengister sur mon Bureau. J'ai essayer de le partager sur cijoint.fr mais il n'accepte pas lefichier car il est trop grand.
STP est ce que tu peux m'aider a me defaire de ce virus qui me fligue mon ordi??
Merci d'avance!
J'ai exactement le meme probleme! Antivirus Studio 2010 est entrain de pourir mon ordi!
J'ai suivi tes conseils et telechargé Zebulon. Jai lancer le diagnostic et enrengister sur mon Bureau. J'ai essayer de le partager sur cijoint.fr mais il n'accepte pas lefichier car il est trop grand.
STP est ce que tu peux m'aider a me defaire de ce virus qui me fligue mon ordi??
Merci d'avance!
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
10 nov. 2010 à 13:37
10 nov. 2010 à 13:37
+1
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Il ne veut pas se lancer et à chaque fois un truc spybot s'ouvre et dit que le fichier n'existe pas !
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
29 sept. 2010 à 14:07
29 sept. 2010 à 14:07
si c'est spybot Désactiver le TeaTimer de Spybot (Merci à Nico):
Pour désactiver le TeaTimer :
=> Ouvrir Spybot S&D
=> Dans le menu "Mode", séléctionner le mode avancé.
=> Une fenêtre demande confirmation cliquer sur "oui".
=> Une fois le mode avancé actif, ouvrir l'onglet "Outils".
=> Cliquer sur Résident.
=> La partie Résident comporte deux lignes qui sont normalement cochées :
*Résident "SDHelper" (bloqueur de téléchargements nuisibles pour Internet Explorer) actif.
* Résident "TeaTimer" (Protection des réglages système fondamentaux) actif.
=> Décocher la ligne TeaTimer.
=> Redémarrer Spybot (le fermer et le réouvrir)
=> Retourner dans le menu Résident et vérifier qu'il soit bien désactivé.
Pour désactiver le TeaTimer :
=> Ouvrir Spybot S&D
=> Dans le menu "Mode", séléctionner le mode avancé.
=> Une fenêtre demande confirmation cliquer sur "oui".
=> Une fois le mode avancé actif, ouvrir l'onglet "Outils".
=> Cliquer sur Résident.
=> La partie Résident comporte deux lignes qui sont normalement cochées :
*Résident "SDHelper" (bloqueur de téléchargements nuisibles pour Internet Explorer) actif.
* Résident "TeaTimer" (Protection des réglages système fondamentaux) actif.
=> Décocher la ligne TeaTimer.
=> Redémarrer Spybot (le fermer et le réouvrir)
=> Retourner dans le menu Résident et vérifier qu'il soit bien désactivé.
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
2 oct. 2010 à 11:57
2 oct. 2010 à 11:57
si tu n'y arrive pas directement essaye avant avec https://download.bleepingcomputer.com/grinler/rkill.exe
puis
Télécharge combofix.exe sur ton bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
double clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt
Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.
arrête provisoirement les anti virus et autres protections pendant l'analyse
durant la durée de l'analyse ne te sert pas de ton pc
une fois l'analyse terminé ,remet toutes tes protections antivirus et antispywares
puis
Télécharge combofix.exe sur ton bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
double clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt
Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.
arrête provisoirement les anti virus et autres protections pendant l'analyse
durant la durée de l'analyse ne te sert pas de ton pc
une fois l'analyse terminé ,remet toutes tes protections antivirus et antispywares
Voilà c'est fait j'attends ton aide pour la suite :)
ComboFix 10-10-01.07 - Administrateur 02/10/2010 19:02:10.2.2 - x86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3326.3008 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur\Mes documents\Téléchargements\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100926-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\.wtav
c:\windows\system32\USRINI~1.EXE
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_USERINIT
-------\Service_userinit
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-02 au 2010-10-02 ))))))))))))))))))))))))))))))))))))
.
2010-10-02 16:56 . 2010-10-02 17:01 -------- d-----w- C:\jacombo
2010-09-30 17:25 . 2010-10-02 09:50 -------- d-----w- C:\FyK
2010-09-29 13:24 . 2010-09-29 13:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-29 10:36 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-29 10:36 . 2010-09-29 10:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-29 10:36 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-26 11:52 . 2010-09-30 19:29 -------- d-----w- c:\program files\Ad-Remover
2010-09-14 20:39 . 2010-09-14 20:39 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-09-13 19:40 . 2010-09-13 19:40 -------- d-----w- c:\program files\iPod
2010-09-13 19:40 . 2010-09-13 19:40 -------- d-----w- c:\program files\iTunes
2010-09-13 19:32 . 2010-09-13 19:32 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-05 13:44 . 2010-09-05 20:41 -------- d-----w- c:\program files\Convar
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 18:23 . 2008-01-12 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-30 14:41 . 2009-10-05 17:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-29 12:41 . 2010-05-27 11:35 -------- d-----w- c:\program files\ZHPDiag
2010-09-26 12:03 . 2010-05-27 17:25 256881 ----a-w- C:\UsbFix_Upload_Me_ATHLON64X2-4400.zip
2010-09-23 18:35 . 2007-06-11 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-19 10:10 . 2009-12-17 20:34 33424 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-13 19:40 . 2007-07-27 20:44 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-09-13 19:37 . 2008-08-07 22:46 -------- d-----w- c:\program files\LimeWire
2010-09-01 13:25 . 2007-06-11 13:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-30 11:40 . 2010-03-21 20:01 -------- d-----w- c:\program files\QuickTime
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 19:31 . 2010-08-14 19:31 -------- d-----w- c:\program files\AlerteGPS
2010-08-13 22:59 . 2008-01-18 19:43 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-13 00:03 . 2006-03-02 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-13 00:03 . 2006-03-02 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-22 15:48 . 2006-03-02 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2008-07-29 11:46 . 2008-07-29 11:46 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-12 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-6-14 135680]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nfriaoji]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
2007-09-25 17:10 102400 -c--a-w- c:\program files\Orange\SessionManager\SessionManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]
2007-09-25 19:08 94208 ----a-w- c:\program files\Orange\Systray\SystrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\weawel51\\counter-strike source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\World of Warcraft\\Repair.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\World of Warcraft\\WoW-2.4.2-frFR-downloader.exe"=
"d:\\World of Warcraft\\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10505-to-3.3.0.10958-frFR-downloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/05/2008 13:32 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/05/2008 13:32 20560]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe [28/02/2007 19:12 208896]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [11/06/2007 16:40 31744]
R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [02/03/2006 14:00 12800]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/02/2010 20:43 135664]
.
Contenu du dossier 'Tâches planifiées'
2010-08-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-10-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-15 19:26]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 18:43]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 18:43]
2010-10-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Examen supplémentaire -------
.
uLocal Page = search.net-studio.org
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title =
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: orange.fr\www
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nuwynzs7.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{423110F9-0128-4F43-BE11-7D26AD7D9088} - (no file)
BHO-{57FD4829-DD59-4456-98E4-398A4B147F67} - (no file)
BHO-{67EF46FE-72C5-4AFC-9DB3-C1604E422454} - (no file)
BHO-{7D195C49-8A25-44B2-42B9-E0E3B3A15C55} - (no file)
BHO-{9DC2CA8B-F862-410B-B343-019D1FA8549F} - (no file)
BHO-{FF6C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-EdenFlirt - c:\program files\Eden Flirt\EdenFlirt.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-02 19:08
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ForceWare Intelligent Application Manager (IAM)]
"ImagePath"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FTRTSVC]
"ImagePath"="\"c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ICSharing]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMWDSERVICE]
"ImagePath"="c:\program files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LightScribeService]
"ImagePath"="\"c:\program files\Fichiers communs\LightScribe\LSSrvc.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MTsensor]
"ImagePath"="system32\DRIVERS\ASACPI.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nm]
"ImagePath"="system32\DRIVERS\NMnt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nSvcIp]
"ImagePath"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvata]
"ImagePath"="system32\DRIVERS\nvata.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVENETFD]
"ImagePath"="system32\DRIVERS\NVENETFD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvgts]
"ImagePath"="system32\DRIVERS\nvgts.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvnetbus]
"ImagePath"="system32\DRIVERS\nvnetbus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="\"c:\program files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Outlook]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCAMPR5]
"ImagePath"="\??\c:\windows\system32\PCAMPR5.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCANDIS5]
"ImagePath"="\??\c:\windows\system32\PCANDIS5.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PnkBstrA]
"ImagePath"="c:\windows\system32\PnkBstrA.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ROOTMODEM]
"ImagePath"="System32\Drivers\RootMdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SenFiltService]
"ImagePath"="system32\drivers\Senfilt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ser2pl]
"ImagePath"="system32\DRIVERS\ser2pl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfdrv01]
"ImagePath"="System32\drivers\sfdrv01.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfhlp02]
"ImagePath"="System32\drivers\sfhlp02.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfvfs02]
"ImagePath"="System32\drivers\sfvfs02.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdbus]
"ImagePath"="system32\DRIVERS\sscdbus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdmdfl]
"ImagePath"="system32\DRIVERS\sscdmdfl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdmdm]
"ImagePath"="system32\DRIVERS\sscdmdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_bus]
"ImagePath"="system32\DRIVERS\ssm_bus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_mdfl]
"ImagePath"="system32\DRIVERS\ssm_mdfl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_mdm]
"ImagePath"="system32\DRIVERS\ssm_mdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StarOpen]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{88B9794E-A41B-47C3-83E2-D68338581593}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBAAPL]
"ImagePath"="System32\Drivers\usbaapl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbvideo]
"ImagePath"="System32\Drivers\usbvideo.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USB_RNDIS]
"ImagePath"="system32\DRIVERS\usb8023.sys"
ComboFix 10-10-01.07 - Administrateur 02/10/2010 19:02:10.2.2 - x86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3326.3008 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur\Mes documents\Téléchargements\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 100926-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\documents and settings\All Users\Application Data\.wtav
c:\windows\system32\USRINI~1.EXE
.
((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Legacy_USERINIT
-------\Service_userinit
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-02 au 2010-10-02 ))))))))))))))))))))))))))))))))))))
.
2010-10-02 16:56 . 2010-10-02 17:01 -------- d-----w- C:\jacombo
2010-09-30 17:25 . 2010-10-02 09:50 -------- d-----w- C:\FyK
2010-09-29 13:24 . 2010-09-29 13:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-29 10:36 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-09-29 10:36 . 2010-09-29 10:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-29 10:36 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-09-26 11:52 . 2010-09-30 19:29 -------- d-----w- c:\program files\Ad-Remover
2010-09-14 20:39 . 2010-09-14 20:39 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
2010-09-13 19:40 . 2010-09-13 19:40 -------- d-----w- c:\program files\iPod
2010-09-13 19:40 . 2010-09-13 19:40 -------- d-----w- c:\program files\iTunes
2010-09-13 19:32 . 2010-09-13 19:32 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
2010-09-05 13:44 . 2010-09-05 20:41 -------- d-----w- c:\program files\Convar
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-01 18:23 . 2008-01-12 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-09-30 14:41 . 2009-10-05 17:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-29 12:41 . 2010-05-27 11:35 -------- d-----w- c:\program files\ZHPDiag
2010-09-26 12:03 . 2010-05-27 17:25 256881 ----a-w- C:\UsbFix_Upload_Me_ATHLON64X2-4400.zip
2010-09-23 18:35 . 2007-06-11 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-19 10:10 . 2009-12-17 20:34 33424 ---ha-w- c:\windows\system32\mlfcache.dat
2010-09-13 19:40 . 2007-07-27 20:44 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-09-13 19:37 . 2008-08-07 22:46 -------- d-----w- c:\program files\LimeWire
2010-09-01 13:25 . 2007-06-11 13:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-30 11:40 . 2010-03-21 20:01 -------- d-----w- c:\program files\QuickTime
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 19:31 . 2010-08-14 19:31 -------- d-----w- c:\program files\AlerteGPS
2010-08-13 22:59 . 2008-01-18 19:43 -------- d-----w- c:\program files\Messenger Plus! Live
2010-08-13 00:03 . 2006-03-02 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
2010-08-13 00:03 . 2006-03-02 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat
2010-07-22 15:48 . 2006-03-02 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2008-07-29 11:46 . 2008-07-29 11:46 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-12 68856]
"MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-6-14 135680]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nfriaoji]
[BU]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
2007-09-25 17:10 102400 -c--a-w- c:\program files\Orange\SessionManager\SessionManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]
2007-09-25 19:08 94208 ----a-w- c:\program files\Orange\Systray\SystrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\weawel51\\counter-strike source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\World of Warcraft\\Repair.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\World of Warcraft\\WoW-2.4.2-frFR-downloader.exe"=
"d:\\World of Warcraft\\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10505-to-3.3.0.10958-frFR-downloader.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/05/2008 13:32 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/05/2008 13:32 20560]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe [28/02/2007 19:12 208896]
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [11/06/2007 16:40 31744]
R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [02/03/2006 14:00 12800]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/02/2010 20:43 135664]
.
Contenu du dossier 'Tâches planifiées'
2010-08-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-10-02 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-15 19:26]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 18:43]
2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 18:43]
2010-10-02 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Examen supplémentaire -------
.
uLocal Page = search.net-studio.org
uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
mWindow Title =
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: orange.fr\www
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nuwynzs7.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHELINS SUPPRIMES - - - -
BHO-{423110F9-0128-4F43-BE11-7D26AD7D9088} - (no file)
BHO-{57FD4829-DD59-4456-98E4-398A4B147F67} - (no file)
BHO-{67EF46FE-72C5-4AFC-9DB3-C1604E422454} - (no file)
BHO-{7D195C49-8A25-44B2-42B9-E0E3B3A15C55} - (no file)
BHO-{9DC2CA8B-F862-410B-B343-019D1FA8549F} - (no file)
BHO-{FF6C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
HKLM-Run-nwiz - nwiz.exe
HKLM-Run-EdenFlirt - c:\program files\Eden Flirt\EdenFlirt.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-10-02 19:08
Windows 5.1.2600 Service Pack 3 NTFS
Recherche de processus cachés ...
Recherche d'éléments en démarrage automatique cachés ...
Recherche de fichiers cachés ...
Scan terminé avec succès
Fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ForceWare Intelligent Application Manager (IAM)]
"ImagePath"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FTRTSVC]
"ImagePath"="\"c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ICSharing]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMWDSERVICE]
"ImagePath"="c:\program files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LightScribeService]
"ImagePath"="\"c:\program files\Fichiers communs\LightScribe\LSSrvc.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MTsensor]
"ImagePath"="system32\DRIVERS\ASACPI.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nm]
"ImagePath"="system32\DRIVERS\NMnt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nSvcIp]
"ImagePath"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvata]
"ImagePath"="system32\DRIVERS\nvata.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVENETFD]
"ImagePath"="system32\DRIVERS\NVENETFD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvgts]
"ImagePath"="system32\DRIVERS\nvgts.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvnetbus]
"ImagePath"="system32\DRIVERS\nvnetbus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="\"c:\program files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Outlook]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCAMPR5]
"ImagePath"="\??\c:\windows\system32\PCAMPR5.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCANDIS5]
"ImagePath"="\??\c:\windows\system32\PCANDIS5.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PnkBstrA]
"ImagePath"="c:\windows\system32\PnkBstrA.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ROOTMODEM]
"ImagePath"="System32\Drivers\RootMdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SenFiltService]
"ImagePath"="system32\drivers\Senfilt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ser2pl]
"ImagePath"="system32\DRIVERS\ser2pl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfdrv01]
"ImagePath"="System32\drivers\sfdrv01.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfhlp02]
"ImagePath"="System32\drivers\sfhlp02.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfvfs02]
"ImagePath"="System32\drivers\sfvfs02.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdbus]
"ImagePath"="system32\DRIVERS\sscdbus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdmdfl]
"ImagePath"="system32\DRIVERS\sscdmdfl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdmdm]
"ImagePath"="system32\DRIVERS\sscdmdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_bus]
"ImagePath"="system32\DRIVERS\ssm_bus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_mdfl]
"ImagePath"="system32\DRIVERS\ssm_mdfl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_mdm]
"ImagePath"="system32\DRIVERS\ssm_mdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StarOpen]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{88B9794E-A41B-47C3-83E2-D68338581593}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBAAPL]
"ImagePath"="System32\Drivers\usbaapl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbvideo]
"ImagePath"="System32\Drivers\usbvideo.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USB_RNDIS]
"ImagePath"="system32\DRIVERS\usb8023.sys"
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
Modifié par sherred le 3/10/2010 à 07:10
Modifié par sherred le 3/10/2010 à 07:10
maintenant tu va desinstalle Malwarebyte et le telecharger ici MBAM
tu le reinstalle correctement ,
ensuite fait un scan rapide avec
et tu me poste les resultats
continue a utiliser rkill.exe au demarrage de windows
Quand les bornes sont franchies, il n'y a plus de limite
Ce que j'ai écrit, je l'ai écrit
tu le reinstalle correctement ,
ensuite fait un scan rapide avec
et tu me poste les resultats
continue a utiliser rkill.exe au demarrage de windows
Quand les bornes sont franchies, il n'y a plus de limite
Ce que j'ai écrit, je l'ai écrit
Il démarre et se coupe au bout de 4 secondes de recherche en disant comme avant que Windows ne trouve pas le périphérique.
afideg
Messages postés
10517
Date d'inscription
lundi 10 octobre 2005
Statut
Contributeur sécurité
Dernière intervention
12 avril 2022
602
Modifié par afideg le 4/10/2010 à 23:35
Modifié par afideg le 4/10/2010 à 23:35
Hello vous deux,
Salut sherred
Que penses-tu de ==> lien supprimé à la demande de gen ;) (merci)
L'as-tu déjà testé ?
Merci
Al.
Patience-Vigilance-Amour.
Salut sherred
Que penses-tu de ==> lien supprimé à la demande de gen ;) (merci)
L'as-tu déjà testé ?
Merci
Al.
Patience-Vigilance-Amour.
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
4 oct. 2010 à 22:19
4 oct. 2010 à 22:19
c'est un rogue
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
4 oct. 2010 à 22:29
4 oct. 2010 à 22:29
si tu a une imprimante imprime ceci ce sera plus facile
démarrer en mode sans échec ' avec prise en charge reseau'
Télécharge et installe RegRun Reanimator https://www.commentcamarche.net/telecharger/securite/19201-regrun-reanimator/
Clic sur scan for viruses.
Clic sur scan windows startup.
Coche la case "Use deep level scanning once".
L'ordinateur redémarrera et le programme analysera avant d'arriver sur le bureau,
Clic sur "Reboot" et confirme.
Laisse le redémarrer en mode normal.
Clic sur la flèche verte "Fix problems".
Si il propose Regguard,répond simplement Non,
Clic-droit sur le nom du premier item trouvé (dans le milieu de la fenètre) et "Save to file" pour sauvegarder le premier résultat dans un fichier nommé 1.txt (Par défaut dans "Mes Documents")
Clic sur la flèche verte (en haut a droite) pour l'item suivant
Clic-droit sur le nom du deuxième item trouvé (dans le milieu de la fenètre) et "Save to file" pour sauvegarder le deuxième résultat dans un fichier nommé 2.txt
Ainsi de suite jusqu'au dernier ensuite,choisit "Reboot" quand il te le sera proposé pour redémarrer en mode sans échec.
Et poste les résultats contenus dans tous les fichiers 1.txt 2.txt 3.txt..
démarrer en mode sans échec ' avec prise en charge reseau'
Télécharge et installe RegRun Reanimator https://www.commentcamarche.net/telecharger/securite/19201-regrun-reanimator/
Clic sur scan for viruses.
Clic sur scan windows startup.
Coche la case "Use deep level scanning once".
L'ordinateur redémarrera et le programme analysera avant d'arriver sur le bureau,
Clic sur "Reboot" et confirme.
Laisse le redémarrer en mode normal.
Clic sur la flèche verte "Fix problems".
Si il propose Regguard,répond simplement Non,
Clic-droit sur le nom du premier item trouvé (dans le milieu de la fenètre) et "Save to file" pour sauvegarder le premier résultat dans un fichier nommé 1.txt (Par défaut dans "Mes Documents")
Clic sur la flèche verte (en haut a droite) pour l'item suivant
Clic-droit sur le nom du deuxième item trouvé (dans le milieu de la fenètre) et "Save to file" pour sauvegarder le deuxième résultat dans un fichier nommé 2.txt
Ainsi de suite jusqu'au dernier ensuite,choisit "Reboot" quand il te le sera proposé pour redémarrer en mode sans échec.
Et poste les résultats contenus dans tous les fichiers 1.txt 2.txt 3.txt..
RegRun Reanimator - Scan for Viruses... Start check 05/10/2010 at:19:49:59
Prohibited:1 Suspicious:18 Warnings:0
Prohibited:Services detected by Partizan
catchme=\??\C:\ComboFix\catchme.sys
Driver Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:URLSearchHook
{08C06D61-F1F3-4799-86F8-BE1A89362C85}=C:\PROGRAM FILES\ORANGE\SEARCHURLHOOK\SEARCHPAGEURL.DLL
******************************
Suspicious:Print Monitors
EPSON V5 2KMonitor=C:\WINDOWS\system32\EBPMON2.DLL
EPSON Bidirectional Monitor SEIKO EPSON CORPORATION EPSON Bidirectional Printer 2, 0, 0, 0
******************************
Suspicious:Auto Services
KMWDSERVICE=C:\Program Files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
Internal Name: KMWDSERVICE. Status: service running. Actual File: C:\Program Files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe * Keyboard And Mouse Communication Service Keyboard And Mouse Communication Service UASSOFT.COM Keyboard And Mouse Communication Service 1, 0, 6, 0
******************************
Suspicious:Services detected by Partizan
CrystalSysInfo=\??\C:\Program Files\MediaCoder\SysInfo.sys
Driver CrystalSysInfo Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Services detected by Partizan
KMWDSERVICE=C:\PROGRAM FILES\TRUST\TRUST R-SERIES MOUSE AND KEYBOARD\KMWDSRV.EXE
Service Keyboard And Mouse Communication Service Keyboard And Mouse Communication Service Start Type: loaded automatically by Server Manager Keyboard And Mouse Communication Service UASSOFT.COM Keyboard And Mouse Communication Service 1, 0, 6, 0
******************************
Suspicious:Codecs
VIDC.I420=C:\WINDOWS\system32\I420VFW.DLL
Helix I420 YUV Codec www.helixcommunity.org Helix I420 YUV Codec Helix I420 YUV Codec
******************************
Suspicious:Codecs
msacm.voxacm160=C:\WINDOWS\system32\VCT3216.ACM
Voxware Audio Compression Manager Driver Voxware, Inc. Voxware Audio Compression Manager Driver 1.6.0.17
******************************
Suspicious:Codecs
msacm.scg726=C:\WINDOWS\system32\SCG726.ACM
SHARP G.726 ACM Audio Decoder SHARP Corporation SHARP ACM Audio Decoder 1, 0, 0, 3
******************************
Suspicious:Codecs
msacm.alf2cd=C:\WINDOWS\system32\ALF2CD.ACM
NCT ALF2CD Audio CODEC NCT Company NCT ALF2 CDAudio CODEC 2.03
******************************
Suspicious:Codecs
vidc.dvsd=C:\WINDOWS\system32\MCDVD_32.DLL
MainConcept DV Codec MainConcept MainConcept DV Codec "2.0.4 2.0.4
******************************
Suspicious:Codecs
vidc.xvid=xvid.dll
File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Codecs
vidc.mpg4=C:\WINDOWS\system32\MPG4C32.DLL
Microsoft MPEG-4 Video Codec Microsoft Corporation Microsoft MPEG-4 Video Codec 4.1.00.3927
******************************
Suspicious:Codecs
vidc.mp42=C:\WINDOWS\system32\MPG4C32.DLL
Microsoft MPEG-4 Video Codec Microsoft Corporation Microsoft MPEG-4 Video Codec 4.1.00.3927
******************************
Suspicious:Codecs
vidc.mp43=C:\WINDOWS\system32\MPG4C32.DLL
Microsoft MPEG-4 Video Codec Microsoft Corporation Microsoft MPEG-4 Video Codec 4.1.00.3927
******************************
Suspicious:Codecs
msacm.lhacm=C:\WINDOWS\system32\LHACM.ACM
Lernout & Hauspie Codecs Microsoft Corporation Windows® NetMeeting® 3.01
******************************
Suspicious:Detected using Heuristic Algorithm
DiracSplitter.ax=C:\WINDOWS\SYSTEM32\DIRACSPLITTER.AX
Dirac Splitter Gabest Dirac Splitter 1, 0, 0, 0
******************************
Suspicious:Registry Run
amd_dc_opt=C:\PROGRAM FILES\AMD\AMD_DC_OPT\AMD_DC_OPT.EXE
sync_tsc Application sync_tsc Application 1, 0, 0, 0
******************************
Suspicious:Running Processes
KMWDSrv.exe=C:\PROGRAM FILES\TRUST\TRUST R-SERIES MOUSE AND KEYBOARD\KMWDSRV.EXE
Keyboard And Mouse Communication Service UASSOFT.COM Keyboard And Mouse Communication Service 1, 0, 6, 0
Prohibited:1 Suspicious:18 Warnings:0
Prohibited:Services detected by Partizan
catchme=\??\C:\ComboFix\catchme.sys
Driver Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:URLSearchHook
{08C06D61-F1F3-4799-86F8-BE1A89362C85}=C:\PROGRAM FILES\ORANGE\SEARCHURLHOOK\SEARCHPAGEURL.DLL
******************************
Suspicious:Print Monitors
EPSON V5 2KMonitor=C:\WINDOWS\system32\EBPMON2.DLL
EPSON Bidirectional Monitor SEIKO EPSON CORPORATION EPSON Bidirectional Printer 2, 0, 0, 0
******************************
Suspicious:Auto Services
KMWDSERVICE=C:\Program Files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
Internal Name: KMWDSERVICE. Status: service running. Actual File: C:\Program Files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe * Keyboard And Mouse Communication Service Keyboard And Mouse Communication Service UASSOFT.COM Keyboard And Mouse Communication Service 1, 0, 6, 0
******************************
Suspicious:Services detected by Partizan
CrystalSysInfo=\??\C:\Program Files\MediaCoder\SysInfo.sys
Driver CrystalSysInfo Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Services detected by Partizan
KMWDSERVICE=C:\PROGRAM FILES\TRUST\TRUST R-SERIES MOUSE AND KEYBOARD\KMWDSRV.EXE
Service Keyboard And Mouse Communication Service Keyboard And Mouse Communication Service Start Type: loaded automatically by Server Manager Keyboard And Mouse Communication Service UASSOFT.COM Keyboard And Mouse Communication Service 1, 0, 6, 0
******************************
Suspicious:Codecs
VIDC.I420=C:\WINDOWS\system32\I420VFW.DLL
Helix I420 YUV Codec www.helixcommunity.org Helix I420 YUV Codec Helix I420 YUV Codec
******************************
Suspicious:Codecs
msacm.voxacm160=C:\WINDOWS\system32\VCT3216.ACM
Voxware Audio Compression Manager Driver Voxware, Inc. Voxware Audio Compression Manager Driver 1.6.0.17
******************************
Suspicious:Codecs
msacm.scg726=C:\WINDOWS\system32\SCG726.ACM
SHARP G.726 ACM Audio Decoder SHARP Corporation SHARP ACM Audio Decoder 1, 0, 0, 3
******************************
Suspicious:Codecs
msacm.alf2cd=C:\WINDOWS\system32\ALF2CD.ACM
NCT ALF2CD Audio CODEC NCT Company NCT ALF2 CDAudio CODEC 2.03
******************************
Suspicious:Codecs
vidc.dvsd=C:\WINDOWS\system32\MCDVD_32.DLL
MainConcept DV Codec MainConcept MainConcept DV Codec "2.0.4 2.0.4
******************************
Suspicious:Codecs
vidc.xvid=xvid.dll
File is deleted or hidden by rootkit or could not be located.
******************************
Suspicious:Codecs
vidc.mpg4=C:\WINDOWS\system32\MPG4C32.DLL
Microsoft MPEG-4 Video Codec Microsoft Corporation Microsoft MPEG-4 Video Codec 4.1.00.3927
******************************
Suspicious:Codecs
vidc.mp42=C:\WINDOWS\system32\MPG4C32.DLL
Microsoft MPEG-4 Video Codec Microsoft Corporation Microsoft MPEG-4 Video Codec 4.1.00.3927
******************************
Suspicious:Codecs
vidc.mp43=C:\WINDOWS\system32\MPG4C32.DLL
Microsoft MPEG-4 Video Codec Microsoft Corporation Microsoft MPEG-4 Video Codec 4.1.00.3927
******************************
Suspicious:Codecs
msacm.lhacm=C:\WINDOWS\system32\LHACM.ACM
Lernout & Hauspie Codecs Microsoft Corporation Windows® NetMeeting® 3.01
******************************
Suspicious:Detected using Heuristic Algorithm
DiracSplitter.ax=C:\WINDOWS\SYSTEM32\DIRACSPLITTER.AX
Dirac Splitter Gabest Dirac Splitter 1, 0, 0, 0
******************************
Suspicious:Registry Run
amd_dc_opt=C:\PROGRAM FILES\AMD\AMD_DC_OPT\AMD_DC_OPT.EXE
sync_tsc Application sync_tsc Application 1, 0, 0, 0
******************************
Suspicious:Running Processes
KMWDSrv.exe=C:\PROGRAM FILES\TRUST\TRUST R-SERIES MOUSE AND KEYBOARD\KMWDSRV.EXE
Keyboard And Mouse Communication Service UASSOFT.COM Keyboard And Mouse Communication Service 1, 0, 6, 0
Utilisateur anonyme
5 oct. 2010 à 20:22
5 oct. 2010 à 20:22
ca sent le fabul c't'embrouille ^^
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
5 oct. 2010 à 20:37
5 oct. 2010 à 20:37
oui
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
5 oct. 2010 à 20:48
5 oct. 2010 à 20:48
ca donne pas grand chose tous ca :(
si tu le peu
ressaie encore ceci
* Télécharge ZHPDiag (de Nicolas Coolman). https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
Rend toi sur Cijoint http://www.cijoint.fr/
et indique l'emplacement du rapport à l'aide du bouton "Parcourir..." Ensuite Clique sur "Cliquez ici pour déposer le fichier"
Un lien sera généré, copie et colle-le dans ta prochaine réponse.
si tu le peu
ressaie encore ceci
* Télécharge ZHPDiag (de Nicolas Coolman). https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
* Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
* Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
* Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
Rend toi sur Cijoint http://www.cijoint.fr/
et indique l'emplacement du rapport à l'aide du bouton "Parcourir..." Ensuite Clique sur "Cliquez ici pour déposer le fichier"
Un lien sera généré, copie et colle-le dans ta prochaine réponse.
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
6 oct. 2010 à 14:11
6 oct. 2010 à 14:11
ha on viens de m'informer
pour les virus bloquant
Télécharge sur le bureau RogueKiller (par tigzy)
https://www.luanagames.com/index.fr.html
* Quitte tous tes programmes en cours
* Lance le.
* Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
pour les virus bloquant
Télécharge sur le bureau RogueKiller (par tigzy)
https://www.luanagames.com/index.fr.html
* Quitte tous tes programmes en cours
* Lance le.
* Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
Je ne sais pas si il faut attendre mais il n'a rien trouvé j'ai fait cliqué sur une touche comme il était écris !
On en est toujours au stade où je n'ai plus Anti Virus 2010 qui se lance mais toujours des logiciels bloqués
---------------- RogueKiller V1.1.0 by Tigzy ---------------
------------ contact at www.sur-la-toile.com ---------------
------------- mail: tigzy44<at>hotmail<dot>com -------------
Remontées: https://www.luanagames.com/index.fr.html
Bad processes:
Deregistred:
Finished
On en est toujours au stade où je n'ai plus Anti Virus 2010 qui se lance mais toujours des logiciels bloqués
---------------- RogueKiller V1.1.0 by Tigzy ---------------
------------ contact at www.sur-la-toile.com ---------------
------------- mail: tigzy44<at>hotmail<dot>com -------------
Remontées: https://www.luanagames.com/index.fr.html
Bad processes:
Deregistred:
Finished
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
6 oct. 2010 à 18:24
6 oct. 2010 à 18:24
ok
derniere etape
Télécharge combofix.exe sur ton bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
double clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt
Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.
arrête provisoirement les anti virus et autres protections pendant l'analyse
durant la durée de l'analyse ne te sert pas de ton pc
une fois l'analyse terminé ,remet toutes tes protections antivirus et antispywares
derniere etape
Télécharge combofix.exe sur ton bureau
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
double clique combofix.exe.
touche 1 (Yes) pour démarrer le scan.
une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
Le rapport se trouve également ici : C:\Combofix.txt
Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.
arrête provisoirement les anti virus et autres protections pendant l'analyse
durant la durée de l'analyse ne te sert pas de ton pc
une fois l'analyse terminé ,remet toutes tes protections antivirus et antispywares
En esperant que tout ai marché !!
ComboFix 10-10-07.01 - Administrateur 07/10/2010 21:01:14.4.2 - x86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3326.3035 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur\Mes documents\Téléchargements\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-07 au 2010-10-07 ))))))))))))))))))))))))))))))))))))
.
2010-10-07 15:11 . 2010-10-07 16:43 -------- d-----w- c:\program files\Pixia 4.3a FR
2010-10-06 14:57 . 2010-10-06 15:13 -------- d-----w- c:\program files\Everest Poker.fr
2010-10-06 14:23 . 2007-02-13 06:42 14848 ----a-w- c:\windows\system32\drivers\KMWDFilter.SYS
2010-10-05 18:19 . 2010-10-05 18:19 -------- d-----w- c:\program files\iPod
2010-10-05 18:19 . 2010-10-05 18:20 -------- d-----w- c:\program files\iTunes
2010-10-05 18:17 . 2010-10-05 18:18 -------- d-----w- c:\program files\QuickTime
2010-10-05 18:17 . 2010-10-05 18:17 -------- d-----w- c:\program files\Bonjour
2010-10-05 18:14 . 2010-10-05 18:14 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-10-05 17:46 . 2010-10-05 17:46 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-10-05 17:46 . 2010-10-05 17:46 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-10-05 17:36 . 2010-10-05 17:36 2 --shatr- c:\windows\winstart.bat
2010-10-05 17:36 . 2010-10-05 17:36 -------- d-----w- c:\program files\Greatis
2010-10-04 15:45 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-04 15:45 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 16:56 . 2010-10-02 17:01 -------- d-----w- C:\jacombo
2010-09-30 17:25 . 2010-10-02 09:50 -------- d-----w- C:\FyK
2010-09-29 13:24 . 2010-09-29 13:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-29 10:36 . 2010-10-04 15:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-26 11:52 . 2010-09-30 19:29 -------- d-----w- c:\program files\Ad-Remover
2010-09-14 20:39 . 2010-09-14 20:39 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 18:25 . 2008-07-12 10:50 -------- d-----w- c:\program files\DNA
2010-10-06 18:04 . 2008-01-12 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-10-06 14:29 . 2006-03-02 12:00 80698 ----a-w- c:\windows\system32\perfc00C.dat
2010-10-06 14:29 . 2006-03-02 12:00 500672 ----a-w- c:\windows\system32\perfh00C.dat
2010-10-05 20:07 . 2008-08-07 22:46 -------- d-----w- c:\program files\LimeWire
2010-10-05 18:19 . 2007-07-27 20:44 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-10-04 18:52 . 2009-12-17 20:34 37824 ---ha-w- c:\windows\system32\mlfcache.dat
2010-10-03 14:15 . 2008-09-10 19:31 -------- d-----w- c:\program files\MSECACHE
2010-09-30 14:41 . 2009-10-05 17:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-29 12:41 . 2010-05-27 11:35 -------- d-----w- c:\program files\ZHPDiag
2010-09-26 12:03 . 2010-05-27 17:25 256881 ----a-w- C:\UsbFix_Upload_Me_ATHLON64X2-4400.zip
2010-09-23 18:35 . 2007-06-11 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-05 20:41 . 2010-09-05 13:44 -------- d-----w- c:\program files\Convar
2010-09-01 13:25 . 2007-06-11 13:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 19:31 . 2010-08-14 19:31 -------- d-----w- c:\program files\AlerteGPS
2010-08-13 22:59 . 2008-01-18 19:43 -------- d-----w- c:\program files\Messenger Plus! Live
2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 15:48 . 2006-03-02 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2008-07-29 11:46 . 2008-07-29 11:46 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-6-14 135680]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nfriaoji]
[BU]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
2007-09-25 17:10 102400 -c--a-w- c:\program files\Orange\SessionManager\SessionManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]
2007-09-25 19:08 94208 ----a-w- c:\program files\Orange\Systray\SystrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\weawel51\\counter-strike source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\World of Warcraft\\Repair.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\World of Warcraft\\WoW-2.4.2-frFR-downloader.exe"=
"d:\\World of Warcraft\\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10505-to-3.3.0.10958-frFR-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [11/06/2007 16:40 31744]
R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [02/03/2006 14:00 12800]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/02/2010 20:43 135664]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe [28/02/2007 19:12 208896]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [05/10/2010 19:46 35816]
.
Contenu du dossier 'Tâches planifiées'
2010-08-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-10-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-15 19:26]
2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 18:43]
2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 18:43]
2010-10-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nuwynzs7.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ForceWare Intelligent Application Manager (IAM)]
"ImagePath"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FTRTSVC]
"ImagePath"="\"c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ICSharing]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMWDFilter]
"ImagePath"="\??\c:\windows\System32\Drivers\KMWDFilter.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMWDSERVICE]
"ImagePath"="c:\program files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LightScribeService]
"ImagePath"="\"c:\program files\Fichiers communs\LightScribe\LSSrvc.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MTsensor]
"ImagePath"="system32\DRIVERS\ASACPI.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nm]
"ImagePath"="system32\DRIVERS\NMnt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nSvcIp]
"ImagePath"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvata]
"ImagePath"="system32\DRIVERS\nvata.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVENETFD]
"ImagePath"="system32\DRIVERS\NVENETFD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvgts]
"ImagePath"="system32\DRIVERS\nvgts.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvnetbus]
"ImagePath"="system32\DRIVERS\nvnetbus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="\"c:\program files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Outlook]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Partizan]
"ImagePath"="system32\drivers\Partizan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCAMPR5]
"ImagePath"="\??\c:\windows\system32\PCAMPR5.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCANDIS5]
"ImagePath"="\??\c:\windows\system32\PCANDIS5.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PnkBstrA]
"ImagePath"="c:\windows\system32\PnkBstrA.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ROOTMODEM]
"ImagePath"="System32\Drivers\RootMdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SenFiltService]
"ImagePath"="system32\drivers\Senfilt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ser2pl]
"ImagePath"="system32\DRIVERS\ser2pl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfdrv01]
"ImagePath"="System32\drivers\sfdrv01.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfhlp02]
"ImagePath"="System32\drivers\sfhlp02.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfvfs02]
"ImagePath"="System32\drivers\sfvfs02.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdbus]
"ImagePath"="system32\DRIVERS\sscdbus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdmdfl]
"ImagePath"="system32\DRIVERS\sscdmdfl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdmdm]
"ImagePath"="system32\DRIVERS\sscdmdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_bus]
"ImagePath"="system32\DRIVERS\ssm_bus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_mdfl]
"ImagePath"="system32\DRIVERS\ssm_mdfl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_mdm]
"ImagePath"="system32\DRIVERS\ssm_mdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StarOpen]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{88B9794E-A41B-47C3-83E2-D68338581593}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBAAPL]
"ImagePath"="System32\Drivers\usbaapl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbvideo]
"ImagePath"="System32\Drivers\usbvideo.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USB_RNDIS]
"ImagePath"="system32\DRIVERS\usb8023.sys"
ComboFix 10-10-07.01 - Administrateur 07/10/2010 21:01:14.4.2 - x86 NETWORK
Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3326.3035 [GMT 2:00]
Lancé depuis: c:\documents and settings\Administrateur\Mes documents\Téléchargements\ComboFix.exe
.
((((((((((((((((((((((((((((( Fichiers créés du 2010-09-07 au 2010-10-07 ))))))))))))))))))))))))))))))))))))
.
2010-10-07 15:11 . 2010-10-07 16:43 -------- d-----w- c:\program files\Pixia 4.3a FR
2010-10-06 14:57 . 2010-10-06 15:13 -------- d-----w- c:\program files\Everest Poker.fr
2010-10-06 14:23 . 2007-02-13 06:42 14848 ----a-w- c:\windows\system32\drivers\KMWDFilter.SYS
2010-10-05 18:19 . 2010-10-05 18:19 -------- d-----w- c:\program files\iPod
2010-10-05 18:19 . 2010-10-05 18:20 -------- d-----w- c:\program files\iTunes
2010-10-05 18:17 . 2010-10-05 18:18 -------- d-----w- c:\program files\QuickTime
2010-10-05 18:17 . 2010-10-05 18:17 -------- d-----w- c:\program files\Bonjour
2010-10-05 18:14 . 2010-10-05 18:14 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
2010-10-05 17:46 . 2010-10-05 17:46 37600 ----a-w- c:\windows\system32\Partizan.exe
2010-10-05 17:46 . 2010-10-05 17:46 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-10-05 17:36 . 2010-10-05 17:36 2 --shatr- c:\windows\winstart.bat
2010-10-05 17:36 . 2010-10-05 17:36 -------- d-----w- c:\program files\Greatis
2010-10-04 15:45 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-10-04 15:45 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-10-02 16:56 . 2010-10-02 17:01 -------- d-----w- C:\jacombo
2010-09-30 17:25 . 2010-10-02 09:50 -------- d-----w- C:\FyK
2010-09-29 13:24 . 2010-09-29 13:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
2010-09-29 10:36 . 2010-10-04 15:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-09-26 11:52 . 2010-09-30 19:29 -------- d-----w- c:\program files\Ad-Remover
2010-09-14 20:39 . 2010-09-14 20:39 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-07 18:25 . 2008-07-12 10:50 -------- d-----w- c:\program files\DNA
2010-10-06 18:04 . 2008-01-12 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
2010-10-06 14:29 . 2006-03-02 12:00 80698 ----a-w- c:\windows\system32\perfc00C.dat
2010-10-06 14:29 . 2006-03-02 12:00 500672 ----a-w- c:\windows\system32\perfh00C.dat
2010-10-05 20:07 . 2008-08-07 22:46 -------- d-----w- c:\program files\LimeWire
2010-10-05 18:19 . 2007-07-27 20:44 -------- d-----w- c:\program files\Fichiers communs\Apple
2010-10-04 18:52 . 2009-12-17 20:34 37824 ---ha-w- c:\windows\system32\mlfcache.dat
2010-10-03 14:15 . 2008-09-10 19:31 -------- d-----w- c:\program files\MSECACHE
2010-09-30 14:41 . 2009-10-05 17:32 -------- d-----w- c:\program files\Microsoft Silverlight
2010-09-29 12:41 . 2010-05-27 11:35 -------- d-----w- c:\program files\ZHPDiag
2010-09-26 12:03 . 2010-05-27 17:25 256881 ----a-w- C:\UsbFix_Upload_Me_ATHLON64X2-4400.zip
2010-09-23 18:35 . 2007-06-11 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2010-09-05 20:41 . 2010-09-05 13:44 -------- d-----w- c:\program files\Convar
2010-09-01 13:25 . 2007-06-11 13:08 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
2010-08-14 19:31 . 2010-08-14 19:31 -------- d-----w- c:\program files\AlerteGPS
2010-08-13 22:59 . 2008-01-18 19:43 -------- d-----w- c:\program files\Messenger Plus! Live
2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll
2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
2010-07-22 15:48 . 2006-03-02 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
2008-07-29 11:46 . 2008-07-29 11:46 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
.
((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
"amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
"Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]
c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-6-14 135680]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nfriaoji]
[BU]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
2007-09-25 17:10 102400 -c--a-w- c:\program files\Orange\SessionManager\SessionManager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]
2007-09-25 19:08 94208 ----a-w- c:\program files\Orange\Systray\SystrayApp.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"DisableNotifications"= 1 (0x1)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Steam\\steamapps\\weawel51\\counter-strike source\\hl2.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"d:\\World of Warcraft\\BackgroundDownloader.exe"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"d:\\World of Warcraft\\Repair.exe"=
"c:\\WINDOWS\\system32\\mmc.exe"=
"c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"d:\\World of Warcraft\\WoW-2.4.2-frFR-downloader.exe"=
"d:\\World of Warcraft\\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe"=
"d:\\World of Warcraft\\Launcher.exe"=
"d:\\Program Files\\Steam\\Steam.exe"=
"d:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"d:\\World of Warcraft\\WoW-3.2.2.10505-to-3.3.0.10958-frFR-downloader.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [11/06/2007 16:40 31744]
R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [02/03/2006 14:00 12800]
S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/02/2010 20:43 135664]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe [28/02/2007 19:12 208896]
S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [05/10/2010 19:46 35816]
.
Contenu du dossier 'Tâches planifiées'
2010-08-30 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2010-10-07 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-15 19:26]
2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 18:43]
2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 18:43]
2010-10-07 c:\windows\Tasks\OGALogon.job
- c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
.
.
------- Examen supplémentaire -------
.
mWindow Title =
DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nuwynzs7.default\
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
---- PARAMETRES FIREFOX ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ForceWare Intelligent Application Manager (IAM)]
"ImagePath"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FTRTSVC]
"ImagePath"="\"c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
"ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
"ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
"ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HdAudAddService]
"ImagePath"="system32\drivers\HdAudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"=" %SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ICSharing]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPod Service]
"ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
"ImagePath"="system32\DRIVERS\kbdhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMWDFilter]
"ImagePath"="\??\c:\windows\System32\Drivers\KMWDFilter.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMWDSERVICE]
"ImagePath"="c:\program files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LightScribeService]
"ImagePath"="\"c:\program files\Fichiers communs\LightScribe\LSSrvc.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MTsensor]
"ImagePath"="system32\DRIVERS\ASACPI.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nm]
"ImagePath"="system32\DRIVERS\NMnt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nSvcIp]
"ImagePath"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvata]
"ImagePath"="system32\DRIVERS\nvata.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVENETFD]
"ImagePath"="system32\DRIVERS\NVENETFD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvgts]
"ImagePath"="system32\DRIVERS\nvgts.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvnetbus]
"ImagePath"="system32\DRIVERS\nvnetbus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
"ImagePath"="\"c:\program files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE\""
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Outlook]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Partizan]
"ImagePath"="system32\drivers\Partizan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCAMPR5]
"ImagePath"="\??\c:\windows\system32\PCAMPR5.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCANDIS5]
"ImagePath"="\??\c:\windows\system32\PCANDIS5.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PnkBstrA]
"ImagePath"="c:\windows\system32\PnkBstrA.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ROOTMODEM]
"ImagePath"="System32\Drivers\RootMdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SenFiltService]
"ImagePath"="system32\drivers\Senfilt.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ser2pl]
"ImagePath"="system32\DRIVERS\ser2pl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfdrv01]
"ImagePath"="System32\drivers\sfdrv01.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfhlp02]
"ImagePath"="System32\drivers\sfhlp02.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfvfs02]
"ImagePath"="System32\drivers\sfvfs02.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdbus]
"ImagePath"="system32\DRIVERS\sscdbus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdmdfl]
"ImagePath"="system32\DRIVERS\sscdmdfl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdmdm]
"ImagePath"="system32\DRIVERS\sscdmdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_bus]
"ImagePath"="system32\DRIVERS\ssm_bus.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_mdfl]
"ImagePath"="system32\DRIVERS\ssm_mdfl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_mdm]
"ImagePath"="system32\DRIVERS\ssm_mdm.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StarOpen]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{88B9794E-A41B-47C3-83E2-D68338581593}"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
"ImagePath"="c:\windows\system32\tlntsvr.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBAAPL]
"ImagePath"="System32\Drivers\usbaapl.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbvideo]
"ImagePath"="System32\Drivers\usbvideo.sys"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USB_RNDIS]
"ImagePath"="system32\DRIVERS\usb8023.sys"
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
8 oct. 2010 à 06:42
8 oct. 2010 à 06:42
d'accord
regarde si tu vois ce fichier ?winstart.bat
qui est dans c:\windows\winstart.bat
tu fait un clic droit dessus , et tu choisi "modifier" ou " ouvrir avec" , et tu choisis un editeur , comme le bloc note
ensuite tu me fait un copié / collé de ce qui est ecrit dedans , dans ta prochaine reponse
*****************************************
encore un truc
je vois sans doute une infect usb
donc
Télécharge UsbFix (de Chiquitine29) sur ton bureau
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir
--> Double clic sur UsbFix
clic sur le bouton Recherche
et ne touche plus a rien pendant le scan
Une fois l'analyse terminée, un rapport de scan est proposé... appuie sur une touche pour ouvrir ce rapport.
copier/coller ce rapport dans ta prochaine réponse
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque
regarde si tu vois ce fichier ?winstart.bat
qui est dans c:\windows\winstart.bat
tu fait un clic droit dessus , et tu choisi "modifier" ou " ouvrir avec" , et tu choisis un editeur , comme le bloc note
ensuite tu me fait un copié / collé de ce qui est ecrit dedans , dans ta prochaine reponse
*****************************************
encore un truc
je vois sans doute une infect usb
donc
Télécharge UsbFix (de Chiquitine29) sur ton bureau
http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe
Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir
--> Double clic sur UsbFix
clic sur le bouton Recherche
et ne touche plus a rien pendant le scan
Une fois l'analyse terminée, un rapport de scan est proposé... appuie sur une touche pour ouvrir ce rapport.
copier/coller ce rapport dans ta prochaine réponse
Note : le rapport UsbFix.txt est sauvegardé à la racine du disque
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
8 oct. 2010 à 13:12
8 oct. 2010 à 13:12
j'ai lu quelque part qu'il pouvait etre utilisé pour effacer des fichiers ou autres actions , au demarrage de xp ,
au meme emplacement ?
en fait tout ca est de regrun
c:\windows\system32\Partizan.exe
2010-10-05 17:46 . 2010-10-05 17:46 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-10-05 17:36 . 2010-10-05 17:36 2 --shatr- c:\windows\winstart.bat
2010-10-05 17:36 . 2010-10-05 17:36 -------- d-----w- c:\program files\Greatis
en fait tout ca est de regrun
c:\windows\system32\Partizan.exe
2010-10-05 17:46 . 2010-10-05 17:46 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
2010-10-05 17:36 . 2010-10-05 17:36 2 --shatr- c:\windows\winstart.bat
2010-10-05 17:36 . 2010-10-05 17:36 -------- d-----w- c:\program files\Greatis
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
8 oct. 2010 à 13:35
8 oct. 2010 à 13:35
oui j'avai vu le partizan
bah on verra
par contre ca [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
tu sais ce que c'est ?
bah on verra
par contre ca [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
tu sais ce que c'est ?
sherred
Messages postés
8346
Date d'inscription
samedi 26 janvier 2008
Statut
Membre
Dernière intervention
25 mars 2024
350
8 oct. 2010 à 13:38
8 oct. 2010 à 13:38
et il y a \WINDOWS\prefetch\WINUPGRO.EXE-2D513C93.pf
