Virus : Antivirus 2010 Impossible à supprimer

Alex51260 -  
sherred Messages postés 8605 Statut Membre -
Bonjour,



Je viens exposer mon problème, je suis harcelé par Anti virus 2010 et celui-ci me bloque Malwarebytes, je sais plus quoi faire alors je demande votre aide, merci :)

20 réponses

Résumé de la discussion

Problème principal : une infection affichant Anti Virus 2010 bloque Malwarebytes et compromet l'ordinateur sous Windows XP avec Firefox 3.6.8, rendant le nettoyage difficile et nécessitant des mesures spécifiques. Des solutions essentielles incluent Télécharger et lancer RKill pour arrêter temporairement l'infection et désactiver l'antivirus, puis lancer Malwarebytes afin de désinfecter, idéalement en mode sans échec avec prise en charge réseau. D'autres méthodes privilégient le démarrage en mode sans échec avec prise en charge réseau et l'analyse de fichiers suspects comme winstart.bat, ainsi que l'utilisation d'outils tels que FindyKill ou UsbFix selon les symptômes observés.

Généré automatiquement par IA
sur la base des meilleures réponses
  1. sherred Messages postés 8605 Statut Membre 351
     
    essaye comme cela
    Télécharger Rkill de Grinler
    Pour arrêter temporairement l'infection,

    Télécharge Rkill (de Grinler) sur ton Bureau.
    https://download.bleepingcomputer.com/grinler/rkill.exe
    fait double clic pour le lancer.
    * Désactive ton antivirus
    * Double clique sur Rkill.exe pour le lancer (si tu es sous Windows Vista ou 7, lance le par un clic-droit --> exécuter en temps qu'administrateur)
    * Une fenêtre à fond noir (très rapide) va apparaître et se refermer.
    Elle indiquera que tout s'est bien déroulé

    Si tu n'arrives pas à le lancer, utilise un de ces deux autres liens :

    https://download.bleepingcomputer.com/grinler/rkill.scr
    https://download.bleepingcomputer.com/grinler/rkill.com

    Ensuite, utilise aussitôt ton logiciel de désinfection
    Malwarebyte's
    1
  2. sherred Messages postés 8605 Statut Membre 351
     
    sinon essai de redémarrer sans echec

    Pour démarrer en mode sans échec ' avec prise en charge reseau'

    >>1--demarre ou redémarre l'ordinateur. L'affichage affichent la progression du BIOS,

    >>2--A la fin du chargement du BIOS, tapotte sur la touche F8 de ton clavier. jusqu'à ce que le menu des options avancées de Windows apparaisse. Si tu appuie sur la touche F8 trop tôt, il est possible que certains ordinateurs affichent le message "erreur clavier". Dans ce cas redémarre l'ordinateur et essaye de nouveau.

    >>3--En utilisant les flèches de ton clavier, sélectionne « Mode sans échec ' avec prise en charge reseau'
    » dans le menu puis appuie sur Entrée.
    1
    1. sherred Messages postés 8605 Statut Membre 351
       
      tu me dit si ca marche
      0
    2. Alex51260
       
      Je suis en mode sans echec avec réseau et toujours rien. Windows ne parvient pas à acceder aux periphériques ect...
      0
    3. Alex51260
       
      En gros je ne peux pas ouvrir maleware :(
      0
    4. sherred Messages postés 8605 Statut Membre 351
       
      --> Télécharge FindyKill sur ton bureau :
      http://pagesperso-orange.fr/NosTools/Chiquitine29/Setup.exe
      double clique sur setup.exe
      choisis ta langue ;)
      --> Au menu principal, choisis l'option 1 (Recherche)

      --> Poste le rapport FindyKill.txt

      Note : le rapport FindyKill.txt est sauvegardé à la racine du disque.
      0
    5. Alex51260
       
      Voila voila :)

      ############################## | FindyKill V5.050 |

      # User : Valérie (Administrateurs) # ATHLON64X2-4400
      # Update on 03/09/2010 by El Desaparecido
      # Start at: 19:25:55 | 30/09/2010
      # Website : http://pagesperso-orange.fr/NosTools/index.html
      # Contact : FindyKill.Contact@gmail.com

      # AMD Athlon(tm) 64 X2 Dual Core Processor 4400+
      # Microsoft Windows XP Professionnel (5.1.2600 32-bit) # Service Pack 3
      # Internet Explorer 8.0.6001.18702
      # Windows Firewall Status : Enabled
      # AV : avast! antivirus 4.8.1368 [VPS 100926-0] 4.8.1368 [ Enabled | Updated ]

      # A:\ # Lecteur de disquettes 3 ½ pouces
      # C:\ # Disque fixe local # 24,9 Go (1,68 Go free) # NTFS
      # D:\ # Disque fixe local # 49,62 Go (20,65 Go free) # NTFS
      # E:\ # Disque amovible
      # F:\ # Disque amovible
      # G:\ # Disque amovible
      # H:\ # Disque amovible
      # I:\ # Disque CD-ROM

      ################## | Eléments infectieux |

      C:\WINDOWS\prefetch\WINUPGRO.EXE-2D513C93.pf

      ################## | Registre |


      ################## | Etat |

      # Affichage des fichiers cachés : OK

      # Mode sans echec : OK

      # Ndisuio -> Start = 3 ( Good = 3 | Bad = 4 )
      # EapHost -> Start = 2 ( Good = 2 | Bad = 4 )
      # Ip6Fw -> Start = 2 ( Good = 2 | Bad = 4 )
      # SharedAccess -> Start = 2 ( Good = 2 | Bad = 4 )
      # wuauserv -> Start = 2 ( Good = 2 | Bad = 4 )
      # wscsvc -> Start = 2 ( Good = 2 | Bad = 4 )

      ################## | ! Fin du rapport # FindyKill V5.050 ! |
      0
  3. Alex51260
     
    Le problème c'est que mon Antivirus : Avast est bloqué et je n'arrive pas à le fermé car la fonction arrêter le service est en grisé.
    0
    1. sherred Messages postés 8605 Statut Membre 351
       
      essai tout de meme , on verra ensuite
      0
    2. Alex51260
       
      Maleware ne se lance pas :(
      0
  4. sherred Messages postés 8605 Statut Membre 351
     
    ok
    * Télécharge ZHPDiag (de Nicolas Coolman). https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
    * Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
    * Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
    * Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
    Rend toi sur Cijoint http://www.cijoint.fr/
    et indique l'emplacement du rapport à l'aide du bouton "Parcourir..." Ensuite Clique sur "Cliquez ici pour déposer le fichier"
    Un lien sera généré, copie et colle-le dans ta prochaine réponse.
    0
    1. ancenteno
       
      Bonjour Sherred,

      J'ai exactement le meme probleme! Antivirus Studio 2010 est entrain de pourir mon ordi!
      J'ai suivi tes conseils et telechargé Zebulon. Jai lancer le diagnostic et enrengister sur mon Bureau. J'ai essayer de le partager sur cijoint.fr mais il n'accepte pas lefichier car il est trop grand.
      STP est ce que tu peux m'aider a me defaire de ce virus qui me fligue mon ordi??

      Merci d'avance!
      0
    2. gen-hackman
       
      bonjour ouvre-toi un nouveau sujet
      0
    3. sherred Messages postés 8605 Statut Membre 351
       
      +1
      0
  5. Vous n’avez pas trouvé la réponse que vous recherchez ?

    Posez votre question
  6. Alex51260
     
    Il ne veut pas se lancer et à chaque fois un truc spybot s'ouvre et dit que le fichier n'existe pas !
    0
    1. sherred Messages postés 8605 Statut Membre 351
       
      si c'est spybot Désactiver le TeaTimer de Spybot (Merci à Nico):

      Pour désactiver le TeaTimer :
      => Ouvrir Spybot S&D
      => Dans le menu "Mode", séléctionner le mode avancé.
      => Une fenêtre demande confirmation cliquer sur "oui".
      => Une fois le mode avancé actif, ouvrir l'onglet "Outils".
      => Cliquer sur Résident.
      => La partie Résident comporte deux lignes qui sont normalement cochées :
      *Résident "SDHelper" (bloqueur de téléchargements nuisibles pour Internet Explorer) actif.

      * Résident "TeaTimer" (Protection des réglages système fondamentaux) actif.

      => Décocher la ligne TeaTimer.
      => Redémarrer Spybot (le fermer et le réouvrir)
      => Retourner dans le menu Résident et vérifier qu'il soit bien désactivé.
      0
    2. Alex51260
       
      Impossile de l'ouvrir le tableau revient et montre le fichier à ouvrir il le scan et dit nothing found. Un vrais chantier ! :s
      0
  7. sherred Messages postés 8605 Statut Membre 351
     
    si tu n'y arrive pas directement essaye avant avec https://download.bleepingcomputer.com/grinler/rkill.exe

    puis

    Télécharge combofix.exe sur ton bureau
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    double clique combofix.exe.
    touche 1 (Yes) pour démarrer le scan.
    une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve également ici : C:\Combofix.txt

    Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.

    arrête provisoirement les anti virus et autres protections pendant l'analyse
    durant la durée de l'analyse ne te sert pas de ton pc

    une fois l'analyse terminé ,remet toutes tes protections antivirus et antispywares
    0
  8. Alex51260
     
    Voilà c'est fait j'attends ton aide pour la suite :)

    ComboFix 10-10-01.07 - Administrateur 02/10/2010 19:02:10.2.2 - x86 NETWORK
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3326.3008 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Administrateur\Mes documents\Téléchargements\ComboFix.exe
    AV: avast! antivirus 4.8.1368 [VPS 100926-0] *On-access scanning enabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
    .

    (((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\documents and settings\All Users\Application Data\.wtav
    c:\windows\system32\USRINI~1.EXE

    .
    ((((((((((((((((((((((((((((((((((((((( Pilotes/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_USERINIT
    -------\Service_userinit

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-02 au 2010-10-02 ))))))))))))))))))))))))))))))))))))
    .

    2010-10-02 16:56 . 2010-10-02 17:01 -------- d-----w- C:\jacombo
    2010-09-30 17:25 . 2010-10-02 09:50 -------- d-----w- C:\FyK
    2010-09-29 13:24 . 2010-09-29 13:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-29 10:36 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-09-29 10:36 . 2010-09-29 10:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-29 10:36 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-09-26 11:52 . 2010-09-30 19:29 -------- d-----w- c:\program files\Ad-Remover
    2010-09-14 20:39 . 2010-09-14 20:39 -------- d-sh--w- c:\documents and settings\Default User\IETldCache
    2010-09-13 19:40 . 2010-09-13 19:40 -------- d-----w- c:\program files\iPod
    2010-09-13 19:40 . 2010-09-13 19:40 -------- d-----w- c:\program files\iTunes
    2010-09-13 19:32 . 2010-09-13 19:32 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.0.68\SetupAdmin.exe
    2010-09-05 13:44 . 2010-09-05 20:41 -------- d-----w- c:\program files\Convar

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-01 18:23 . 2008-01-12 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-09-30 14:41 . 2009-10-05 17:32 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-09-29 12:41 . 2010-05-27 11:35 -------- d-----w- c:\program files\ZHPDiag
    2010-09-26 12:03 . 2010-05-27 17:25 256881 ----a-w- C:\UsbFix_Upload_Me_ATHLON64X2-4400.zip
    2010-09-23 18:35 . 2007-06-11 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-09-19 10:10 . 2009-12-17 20:34 33424 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-09-13 19:40 . 2007-07-27 20:44 -------- d-----w- c:\program files\Fichiers communs\Apple
    2010-09-13 19:37 . 2008-08-07 22:46 -------- d-----w- c:\program files\LimeWire
    2010-09-01 13:25 . 2007-06-11 13:08 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-30 11:40 . 2010-03-21 20:01 -------- d-----w- c:\program files\QuickTime
    2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-14 19:31 . 2010-08-14 19:31 -------- d-----w- c:\program files\AlerteGPS
    2010-08-13 22:59 . 2008-01-18 19:43 -------- d-----w- c:\program files\Messenger Plus! Live
    2010-08-13 00:03 . 2006-03-02 12:00 80508 ----a-w- c:\windows\system32\perfc00C.dat
    2010-08-13 00:03 . 2006-03-02 12:00 500482 ----a-w- c:\windows\system32\perfh00C.dat
    2010-07-22 15:48 . 2006-03-02 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
    2008-07-29 11:46 . 2008-07-29 11:46 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-12 68856]
    "MsnMsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-07-26 3883856]
    "SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-08-10 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-01 421160]

    c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
    EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-6-14 135680]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nfriaoji]
    [BU]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
    2007-09-25 17:10 102400 -c--a-w- c:\program files\Orange\SessionManager\SessionManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]
    2007-09-25 19:08 94208 ----a-w- c:\program files\Orange\Systray\SystrayApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Steam\\steamapps\\weawel51\\counter-strike source\\hl2.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\World of Warcraft\\BackgroundDownloader.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "d:\\World of Warcraft\\Repair.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "d:\\World of Warcraft\\WoW-2.4.2-frFR-downloader.exe"=
    "d:\\World of Warcraft\\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe"=
    "d:\\World of Warcraft\\Launcher.exe"=
    "d:\\Program Files\\Steam\\Steam.exe"=
    "d:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"=
    "d:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"=
    "d:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"=
    "d:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "d:\\World of Warcraft\\WoW-3.2.2.10505-to-3.3.0.10958-frFR-downloader.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [12/05/2008 13:32 114768]
    R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [12/05/2008 13:32 20560]
    R2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe [28/02/2007 19:12 208896]
    R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [11/06/2007 16:40 31744]
    R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [02/03/2006 14:00 12800]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/02/2010 20:43 135664]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-08-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-10-02 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-15 19:26]

    2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 18:43]

    2010-10-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 18:43]

    2010-10-02 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
    .
    .
    ------- Examen supplémentaire -------
    .
    uLocal Page = search.net-studio.org
    uSearchMigratedDefaultURL = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
    mWindow Title =
    IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
    Trusted Zone: orange.fr\www
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nuwynzs7.default\
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .
    - - - - ORPHELINS SUPPRIMES - - - -

    BHO-{423110F9-0128-4F43-BE11-7D26AD7D9088} - (no file)
    BHO-{57FD4829-DD59-4456-98E4-398A4B147F67} - (no file)
    BHO-{67EF46FE-72C5-4AFC-9DB3-C1604E422454} - (no file)
    BHO-{7D195C49-8A25-44B2-42B9-E0E3B3A15C55} - (no file)
    BHO-{9DC2CA8B-F862-410B-B343-019D1FA8549F} - (no file)
    BHO-{FF6C3CF0-4B15-11D1-ABED-709549C10000} - (no file)
    HKLM-Run-nwiz - nwiz.exe
    HKLM-Run-EdenFlirt - c:\program files\Eden Flirt\EdenFlirt.exe

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-10-02 19:08
    Windows 5.1.2600 Service Pack 3 NTFS

    Recherche de processus cachés ...

    Recherche d'éléments en démarrage automatique cachés ...

    Recherche de fichiers cachés ...

    Scan terminé avec succès
    Fichiers cachés: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
    "ServiceDll"="c:\windows\system32\es.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
    "ImagePath"="system32\DRIVERS\fdc.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
    "ImagePath"="system32\DRIVERS\flpydisk.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
    "ImagePath"="system32\drivers\fltmgr.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
    "ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ForceWare Intelligent Application Manager (IAM)]
    "ImagePath"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
    "ImagePath"="system32\DRIVERS\ftdisk.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FTRTSVC]
    "ImagePath"="\"c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
    "ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
    "ImagePath"="system32\DRIVERS\msgpc.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
    "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
    "ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HdAudAddService]
    "ImagePath"="system32\drivers\HdAudio.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
    "ImagePath"="system32\DRIVERS\HDAudBus.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
    "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
    "ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
    "ImagePath"="system32\DRIVERS\hidusb.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
    "ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
    "ImagePath"="System32\Drivers\HTTP.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
    "ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
    "ImagePath"="system32\DRIVERS\i8042prt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ICSharing]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
    "ImagePath"="\"c:\program files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
    "ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
    "ImagePath"="system32\DRIVERS\imapi.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
    "ImagePath"="%systemroot%\system32\imapi.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
    "ImagePath"="system32\drivers\ip6fw.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
    "ImagePath"="system32\DRIVERS\ipfltdrv.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
    "ImagePath"="system32\DRIVERS\ipinip.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
    "ImagePath"="system32\DRIVERS\ipnat.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPod Service]
    "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
    "ImagePath"="system32\DRIVERS\ipsec.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
    "ImagePath"="system32\DRIVERS\irenum.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
    "ImagePath"="system32\DRIVERS\isapnp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
    "ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
    "ImagePath"="system32\DRIVERS\kbdclass.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
    "ImagePath"="system32\DRIVERS\kbdhid.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
    "ImagePath"="system32\drivers\kmixer.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMWDSERVICE]
    "ImagePath"="c:\program files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
    "ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
    "ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LightScribeService]
    "ImagePath"="\"c:\program files\Fichiers communs\LightScribe\LSSrvc.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
    "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
    "ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
    "ImagePath"="c:\windows\system32\mnmsrvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
    "ImagePath"="system32\DRIVERS\mouclass.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
    "ImagePath"="system32\DRIVERS\mouhid.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
    "ImagePath"="system32\DRIVERS\mrxdav.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
    "ImagePath"="system32\DRIVERS\mrxsmb.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
    "ImagePath"="c:\windows\system32\msdtc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
    "ImagePath"="%systemroot%\system32\msiexec.exe /V"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
    "ImagePath"="system32\drivers\MSKSSRV.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
    "ImagePath"="system32\drivers\MSPCLOCK.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
    "ImagePath"="system32\drivers\MSPQM.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
    "ImagePath"="system32\DRIVERS\mssmbios.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
    "ImagePath"="system32\drivers\MSTEE.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MTsensor]
    "ImagePath"="system32\DRIVERS\ASACPI.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
    "ImagePath"="system32\DRIVERS\NABTSFEC.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
    "ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
    "ImagePath"="system32\DRIVERS\NdisIP.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
    "ImagePath"="system32\DRIVERS\ndistapi.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
    "ImagePath"="system32\DRIVERS\ndisuio.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
    "ImagePath"="system32\DRIVERS\ndiswan.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
    "ImagePath"="system32\DRIVERS\netbios.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
    "ImagePath"="system32\DRIVERS\netbt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
    "ImagePath"="%SystemRoot%\system32\netdde.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
    "ImagePath"="%SystemRoot%\system32\netdde.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
    "ServiceDll"="%SystemRoot%\System32\netman.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
    "ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
    "ServiceDll"="%SystemRoot%\System32\mswsock.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nm]
    "ImagePath"="system32\DRIVERS\NMnt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nSvcIp]
    "ImagePath"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
    "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
    "ImagePath"="system32\DRIVERS\nv4_mini.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvata]
    "ImagePath"="system32\DRIVERS\nvata.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVENETFD]
    "ImagePath"="system32\DRIVERS\NVENETFD.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvgts]
    "ImagePath"="system32\DRIVERS\nvgts.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvnetbus]
    "ImagePath"="system32\DRIVERS\nvnetbus.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
    "ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
    "ImagePath"="system32\DRIVERS\nwlnkflt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
    "ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
    "ImagePath"="\"c:\program files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Outlook]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P3]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
    "ImagePath"="system32\DRIVERS\parport.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCAMPR5]
    "ImagePath"="\??\c:\windows\system32\PCAMPR5.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCANDIS5]
    "ImagePath"="\??\c:\windows\system32\PCANDIS5.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
    "ImagePath"="system32\DRIVERS\pci.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
    "ImagePath"="system32\DRIVERS\pciide.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
    "ImagePath"="%SystemRoot%\system32\services.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PnkBstrA]
    "ImagePath"="c:\windows\system32\PnkBstrA.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
    "ImagePath"="system32\DRIVERS\raspptp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
    "ImagePath"="system32\DRIVERS\processr.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
    "ImagePath"="system32\DRIVERS\psched.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
    "ImagePath"="system32\DRIVERS\ptilink.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
    "ImagePath"="system32\DRIVERS\rasacd.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
    "ServiceDll"="%SystemRoot%\System32\rasauto.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
    "ImagePath"="system32\DRIVERS\rasl2tp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
    "ServiceDll"="%SystemRoot%\System32\rasmans.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
    "ImagePath"="system32\DRIVERS\raspppoe.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
    "ImagePath"="system32\DRIVERS\raspti.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
    "ImagePath"="system32\DRIVERS\rdbss.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
    "ImagePath"="System32\DRIVERS\RDPCDD.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
    "ImagePath"="system32\DRIVERS\rdpdr.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
    "ImagePath"="c:\windows\system32\sessmgr.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
    "ImagePath"="system32\DRIVERS\redbook.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
    "ServiceDll"="%SystemRoot%\System32\mprdim.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
    "ServiceDll"="%SystemRoot%\system32\regsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ROOTMODEM]
    "ImagePath"="System32\Drivers\RootMdm.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
    "ImagePath"="%SystemRoot%\system32\locator.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
    "ServiceDll"="%SystemRoot%\System32\rpcss.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
    "ImagePath"="%SystemRoot%\system32\rsvp.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
    "ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
    "ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
    "ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
    "ImagePath"="system32\DRIVERS\secdrv.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
    "ServiceDll"="%SystemRoot%\System32\seclogon.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SenFiltService]
    "ImagePath"="system32\drivers\Senfilt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
    "ServiceDll"="%SystemRoot%\system32\sens.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ser2pl]
    "ImagePath"="system32\DRIVERS\ser2pl.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
    "ImagePath"="system32\DRIVERS\serenum.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
    "ImagePath"="system32\DRIVERS\serial.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfdrv01]
    "ImagePath"="System32\drivers\sfdrv01.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfhlp02]
    "ImagePath"="System32\drivers\sfhlp02.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfvfs02]
    "ImagePath"="System32\drivers\sfvfs02.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
    "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
    "ImagePath"="system32\DRIVERS\SLIP.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
    "ImagePath"="system32\drivers\splitter.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
    "ImagePath"="%SystemRoot%\system32\spoolsv.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
    "ImagePath"="system32\DRIVERS\sr.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
    "ServiceDll"="%SystemRoot%\system32\srsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
    "ImagePath"="system32\DRIVERS\srv.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdbus]
    "ImagePath"="system32\DRIVERS\sscdbus.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdmdfl]
    "ImagePath"="system32\DRIVERS\sscdmdfl.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdmdm]
    "ImagePath"="system32\DRIVERS\sscdmdm.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
    "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_bus]
    "ImagePath"="system32\DRIVERS\ssm_bus.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_mdfl]
    "ImagePath"="system32\DRIVERS\ssm_mdfl.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_mdm]
    "ImagePath"="system32\DRIVERS\ssm_mdm.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StarOpen]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
    "ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
    "ImagePath"="system32\DRIVERS\StreamIP.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
    "ImagePath"="system32\DRIVERS\swenum.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
    "ImagePath"="system32\drivers\swmidi.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
    "ImagePath"="c:\windows\system32\dllhost.exe /Processid:{88B9794E-A41B-47C3-83E2-D68338581593}"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
    "ImagePath"="system32\drivers\sysaudio.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
    "ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
    "ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
    "ImagePath"="system32\DRIVERS\tcpip.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
    "ImagePath"="system32\DRIVERS\termdd.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
    "ServiceDll"="%SystemRoot%\System32\termsrv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
    "ImagePath"="c:\windows\system32\tlntsvr.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
    "ServiceDll"="%SystemRoot%\system32\trkwks.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
    "ImagePath"="system32\DRIVERS\update.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
    "ServiceDll"="%SystemRoot%\System32\upnphost.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
    "ImagePath"="%SystemRoot%\System32\ups.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBAAPL]
    "ImagePath"="System32\Drivers\usbaapl.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
    "ImagePath"="system32\DRIVERS\usbccgp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
    "ImagePath"="system32\DRIVERS\usbehci.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
    "ImagePath"="system32\DRIVERS\usbhub.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
    "ImagePath"="system32\DRIVERS\usbohci.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
    "ImagePath"="system32\DRIVERS\usbscan.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]
    "ImagePath"="system32\DRIVERS\USBSTOR.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbvideo]
    "ImagePath"="System32\Drivers\usbvideo.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USB_RNDIS]
    "ImagePath"="system32\DRIVERS\usb8023.sys"
    0
  9. Alex51260
     
    Ca ne semble pas vouloir s'afficher :s
    0
  10. sherred Messages postés 8605 Statut Membre 351
     
    maintenant tu va desinstalle Malwarebyte et le telecharger ici MBAM
    tu le reinstalle correctement ,
    ensuite fait un scan rapide avec
    et tu me poste les resultats
    continue a utiliser rkill.exe au demarrage de windows
    Quand les bornes sont franchies, il n'y a plus de limite
    Ce que j'ai écrit, je l'ai écrit
    0
  11. Alex51260
     
    Il démarre et se coupe au bout de 4 secondes de recherche en disant comme avant que Windows ne trouve pas le périphérique.
    0
  12. afideg Messages postés 10466 Date d'inscription   Statut Contributeur sécurité Dernière intervention   602
     
    Hello vous deux,
    Salut sherred

    Que penses-tu de ==> lien supprimé à la demande de gen ;) (merci)
    L'as-tu déjà testé ?
    Merci
    Al.

    Patience-Vigilance-Amour.
    0
    1. gen-hackman
       
      salut afideg WOT bloque ton lien...
      0
    2. Alex51260
       
      Je dois faire quoi ?
      0
    3. sherred Messages postés 8605 Statut Membre 351
       
      c'est un rogue
      0
    4. Alex51260
       
      ok
      0
  13. sherred Messages postés 8605 Statut Membre 351
     
    si tu a une imprimante imprime ceci ce sera plus facile
    démarrer en mode sans échec ' avec prise en charge reseau'
    Télécharge et installe RegRun Reanimator https://www.commentcamarche.net/telecharger/securite/19201-regrun-reanimator/

    Clic sur scan for viruses.
    Clic sur scan windows startup.
    Coche la case "Use deep level scanning once".

    L'ordinateur redémarrera et le programme analysera avant d'arriver sur le bureau,
    Clic sur "Reboot" et confirme.

    Laisse le redémarrer en mode normal.

    Clic sur la flèche verte "Fix problems".

    Si il propose Regguard,répond simplement Non,
    Clic-droit sur le nom du premier item trouvé (dans le milieu de la fenètre) et "Save to file" pour sauvegarder le premier résultat dans un fichier nommé 1.txt (Par défaut dans "Mes Documents")

    Clic sur la flèche verte (en haut a droite) pour l'item suivant

    Clic-droit sur le nom du deuxième item trouvé (dans le milieu de la fenètre) et "Save to file" pour sauvegarder le deuxième résultat dans un fichier nommé 2.txt

    Ainsi de suite jusqu'au dernier ensuite,choisit "Reboot" quand il te le sera proposé pour redémarrer en mode sans échec.

    Et poste les résultats contenus dans tous les fichiers 1.txt 2.txt 3.txt..
    0
  14. Alex51260
     
    RegRun Reanimator - Scan for Viruses... Start check 05/10/2010 at:19:49:59
    Prohibited:1 Suspicious:18 Warnings:0
    Prohibited:Services detected by Partizan
    catchme=\??\C:\ComboFix\catchme.sys
    Driver Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
    ******************************
    Suspicious:URLSearchHook
    {08C06D61-F1F3-4799-86F8-BE1A89362C85}=C:\PROGRAM FILES\ORANGE\SEARCHURLHOOK\SEARCHPAGEURL.DLL
    ******************************
    Suspicious:Print Monitors
    EPSON V5 2KMonitor=C:\WINDOWS\system32\EBPMON2.DLL
    EPSON Bidirectional Monitor SEIKO EPSON CORPORATION EPSON Bidirectional Printer 2, 0, 0, 0
    ******************************
    Suspicious:Auto Services
    KMWDSERVICE=C:\Program Files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe
    Internal Name: KMWDSERVICE. Status: service running. Actual File: C:\Program Files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe * Keyboard And Mouse Communication Service Keyboard And Mouse Communication Service UASSOFT.COM Keyboard And Mouse Communication Service 1, 0, 6, 0
    ******************************
    Suspicious:Services detected by Partizan
    CrystalSysInfo=\??\C:\Program Files\MediaCoder\SysInfo.sys
    Driver CrystalSysInfo Start Type: loaded manually on demand File is deleted or hidden by rootkit or could not be located.
    ******************************
    Suspicious:Services detected by Partizan
    KMWDSERVICE=C:\PROGRAM FILES\TRUST\TRUST R-SERIES MOUSE AND KEYBOARD\KMWDSRV.EXE
    Service Keyboard And Mouse Communication Service Keyboard And Mouse Communication Service Start Type: loaded automatically by Server Manager Keyboard And Mouse Communication Service UASSOFT.COM Keyboard And Mouse Communication Service 1, 0, 6, 0
    ******************************
    Suspicious:Codecs
    VIDC.I420=C:\WINDOWS\system32\I420VFW.DLL
    Helix I420 YUV Codec www.helixcommunity.org Helix I420 YUV Codec Helix I420 YUV Codec
    ******************************
    Suspicious:Codecs
    msacm.voxacm160=C:\WINDOWS\system32\VCT3216.ACM
    Voxware Audio Compression Manager Driver Voxware, Inc. Voxware Audio Compression Manager Driver 1.6.0.17
    ******************************
    Suspicious:Codecs
    msacm.scg726=C:\WINDOWS\system32\SCG726.ACM
    SHARP G.726 ACM Audio Decoder SHARP Corporation SHARP ACM Audio Decoder 1, 0, 0, 3
    ******************************
    Suspicious:Codecs
    msacm.alf2cd=C:\WINDOWS\system32\ALF2CD.ACM
    NCT ALF2CD Audio CODEC NCT Company NCT ALF2 CDAudio CODEC 2.03
    ******************************
    Suspicious:Codecs
    vidc.dvsd=C:\WINDOWS\system32\MCDVD_32.DLL
    MainConcept DV Codec MainConcept MainConcept DV Codec "2.0.4 2.0.4
    ******************************
    Suspicious:Codecs
    vidc.xvid=xvid.dll
    File is deleted or hidden by rootkit or could not be located.
    ******************************
    Suspicious:Codecs
    vidc.mpg4=C:\WINDOWS\system32\MPG4C32.DLL
    Microsoft MPEG-4 Video Codec Microsoft Corporation Microsoft MPEG-4 Video Codec 4.1.00.3927
    ******************************
    Suspicious:Codecs
    vidc.mp42=C:\WINDOWS\system32\MPG4C32.DLL
    Microsoft MPEG-4 Video Codec Microsoft Corporation Microsoft MPEG-4 Video Codec 4.1.00.3927
    ******************************
    Suspicious:Codecs
    vidc.mp43=C:\WINDOWS\system32\MPG4C32.DLL
    Microsoft MPEG-4 Video Codec Microsoft Corporation Microsoft MPEG-4 Video Codec 4.1.00.3927
    ******************************
    Suspicious:Codecs
    msacm.lhacm=C:\WINDOWS\system32\LHACM.ACM
    Lernout & Hauspie Codecs Microsoft Corporation Windows® NetMeeting® 3.01
    ******************************
    Suspicious:Detected using Heuristic Algorithm
    DiracSplitter.ax=C:\WINDOWS\SYSTEM32\DIRACSPLITTER.AX
    Dirac Splitter Gabest Dirac Splitter 1, 0, 0, 0
    ******************************
    Suspicious:Registry Run
    amd_dc_opt=C:\PROGRAM FILES\AMD\AMD_DC_OPT\AMD_DC_OPT.EXE
    sync_tsc Application sync_tsc Application 1, 0, 0, 0
    ******************************
    Suspicious:Running Processes
    KMWDSrv.exe=C:\PROGRAM FILES\TRUST\TRUST R-SERIES MOUSE AND KEYBOARD\KMWDSRV.EXE
    Keyboard And Mouse Communication Service UASSOFT.COM Keyboard And Mouse Communication Service 1, 0, 6, 0
    0
  15. gen-hackman
     
    ca sent le fabul c't'embrouille ^^
    0
    1. sherred Messages postés 8605 Statut Membre 351
       
      oui
      0
    2. gen-hackman
       
      ptdr
      0
  16. sherred Messages postés 8605 Statut Membre 351
     
    ca donne pas grand chose tous ca :(
    si tu le peu

    ressaie encore ceci
    * Télécharge ZHPDiag (de Nicolas Coolman). https://www.zebulon.fr/telechargements/securite/systeme/zhpdiag.html
    * Laisse toi guider lors de l'installation, il se lancera automatiquement à la fin.
    * Clique sur l'icône représentant une loupe (« Lancer le diagnostic »)
    * Enregistre le rapport sur ton Bureau à l'aide de l'icône représentant une disquette
    Rend toi sur Cijoint http://www.cijoint.fr/
    et indique l'emplacement du rapport à l'aide du bouton "Parcourir..." Ensuite Clique sur "Cliquez ici pour déposer le fichier"
    Un lien sera généré, copie et colle-le dans ta prochaine réponse.
    0
  17. sherred Messages postés 8605 Statut Membre 351
     
    ha on viens de m'informer

    pour les virus bloquant
    Télécharge sur le bureau RogueKiller (par tigzy)
    https://www.luanagames.com/index.fr.html
    * Quitte tous tes programmes en cours
    * Lance le.
    * Un rapport (RKreport.txt) a du se créer à côté de l'exécutable, colle son contenu dans la réponse
    0
  18. Alex51260
     
    Je ne sais pas si il faut attendre mais il n'a rien trouvé j'ai fait cliqué sur une touche comme il était écris !

    On en est toujours au stade où je n'ai plus Anti Virus 2010 qui se lance mais toujours des logiciels bloqués

    ---------------- RogueKiller V1.1.0 by Tigzy ---------------
    ------------ contact at www.sur-la-toile.com ---------------
    ------------- mail: tigzy44<at>hotmail<dot>com -------------
    Remontées: https://www.luanagames.com/index.fr.html

    Bad processes:

    Deregistred:

    Finished
    0
  19. sherred Messages postés 8605 Statut Membre 351
     
    ok
    derniere etape
    Télécharge combofix.exe sur ton bureau
    http://download.bleepingcomputer.com/sUBs/ComboFix.exe

    double clique combofix.exe.
    touche 1 (Yes) pour démarrer le scan.
    une fois fini un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.
    Le rapport se trouve également ici : C:\Combofix.txt

    Déconnecte toi d'internet ferme les fenêtres de tous les programmes en cours.

    arrête provisoirement les anti virus et autres protections pendant l'analyse
    durant la durée de l'analyse ne te sert pas de ton pc

    une fois l'analyse terminé ,remet toutes tes protections antivirus et antispywares
    0
  20. Alex51260
     
    En esperant que tout ai marché !!

    ComboFix 10-10-07.01 - Administrateur 07/10/2010 21:01:14.4.2 - x86 NETWORK
    Microsoft Windows XP Professionnel 5.1.2600.3.1252.33.1036.18.3326.3035 [GMT 2:00]
    Lancé depuis: c:\documents and settings\Administrateur\Mes documents\Téléchargements\ComboFix.exe
    .

    ((((((((((((((((((((((((((((( Fichiers créés du 2010-09-07 au 2010-10-07 ))))))))))))))))))))))))))))))))))))
    .

    2010-10-07 15:11 . 2010-10-07 16:43 -------- d-----w- c:\program files\Pixia 4.3a FR
    2010-10-06 14:57 . 2010-10-06 15:13 -------- d-----w- c:\program files\Everest Poker.fr
    2010-10-06 14:23 . 2007-02-13 06:42 14848 ----a-w- c:\windows\system32\drivers\KMWDFilter.SYS
    2010-10-05 18:19 . 2010-10-05 18:19 -------- d-----w- c:\program files\iPod
    2010-10-05 18:19 . 2010-10-05 18:20 -------- d-----w- c:\program files\iTunes
    2010-10-05 18:17 . 2010-10-05 18:18 -------- d-----w- c:\program files\QuickTime
    2010-10-05 18:17 . 2010-10-05 18:17 -------- d-----w- c:\program files\Bonjour
    2010-10-05 18:14 . 2010-10-05 18:14 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 10.0.1.22\SetupAdmin.exe
    2010-10-05 17:46 . 2010-10-05 17:46 37600 ----a-w- c:\windows\system32\Partizan.exe
    2010-10-05 17:46 . 2010-10-05 17:46 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
    2010-10-05 17:36 . 2010-10-05 17:36 2 --shatr- c:\windows\winstart.bat
    2010-10-05 17:36 . 2010-10-05 17:36 -------- d-----w- c:\program files\Greatis
    2010-10-04 15:45 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
    2010-10-04 15:45 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
    2010-10-02 16:56 . 2010-10-02 17:01 -------- d-----w- C:\jacombo
    2010-09-30 17:25 . 2010-10-02 09:50 -------- d-----w- C:\FyK
    2010-09-29 13:24 . 2010-09-29 13:26 664 ----a-w- c:\windows\system32\d3d9caps.dat
    2010-09-29 10:36 . 2010-10-04 15:45 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
    2010-09-26 11:52 . 2010-09-30 19:29 -------- d-----w- c:\program files\Ad-Remover
    2010-09-14 20:39 . 2010-09-14 20:39 -------- d-sh--w- c:\documents and settings\Default User\IETldCache

    .
    (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-10-07 18:25 . 2008-07-12 10:50 -------- d-----w- c:\program files\DNA
    2010-10-06 18:04 . 2008-01-12 09:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater
    2010-10-06 14:29 . 2006-03-02 12:00 80698 ----a-w- c:\windows\system32\perfc00C.dat
    2010-10-06 14:29 . 2006-03-02 12:00 500672 ----a-w- c:\windows\system32\perfh00C.dat
    2010-10-05 20:07 . 2008-08-07 22:46 -------- d-----w- c:\program files\LimeWire
    2010-10-05 18:19 . 2007-07-27 20:44 -------- d-----w- c:\program files\Fichiers communs\Apple
    2010-10-04 18:52 . 2009-12-17 20:34 37824 ---ha-w- c:\windows\system32\mlfcache.dat
    2010-10-03 14:15 . 2008-09-10 19:31 -------- d-----w- c:\program files\MSECACHE
    2010-09-30 14:41 . 2009-10-05 17:32 -------- d-----w- c:\program files\Microsoft Silverlight
    2010-09-29 12:41 . 2010-05-27 11:35 -------- d-----w- c:\program files\ZHPDiag
    2010-09-26 12:03 . 2010-05-27 17:25 256881 ----a-w- C:\UsbFix_Upload_Me_ATHLON64X2-4400.zip
    2010-09-23 18:35 . 2007-06-11 14:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
    2010-09-05 20:41 . 2010-09-05 13:44 -------- d-----w- c:\program files\Convar
    2010-09-01 13:25 . 2007-06-11 13:08 -------- d--h--w- c:\program files\InstallShield Installation Information
    2010-08-17 13:17 . 2006-03-02 12:00 58880 ----a-w- c:\windows\system32\spoolsv.exe
    2010-08-14 19:31 . 2010-08-14 19:31 -------- d-----w- c:\program files\AlerteGPS
    2010-08-13 22:59 . 2008-01-18 19:43 -------- d-----w- c:\program files\Messenger Plus! Live
    2010-07-27 16:44 . 2010-07-27 16:44 91424 ----a-w- c:\windows\system32\dnssd.dll
    2010-07-27 16:44 . 2010-07-27 16:44 107808 ----a-w- c:\windows\system32\dns-sd.exe
    2010-07-22 15:48 . 2006-03-02 12:00 590848 ----a-w- c:\windows\system32\rpcrt4.dll
    2010-07-22 06:19 . 2008-05-05 05:25 5632 ----a-w- c:\windows\system32\xpsp4res.dll
    2008-07-29 11:46 . 2008-07-29 11:46 278528 -c--a-w- c:\program files\Fichiers communs\FDEUnInstaller.exe
    .

    ((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "High Definition Audio Property Page Shortcut"="HDAShCut.exe" [2004-10-27 61952]
    "SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2005-05-20 925696]
    "amd_dc_opt"="c:\program files\AMD\amd_dc_opt\amd_dc_opt.exe" [2006-06-28 106496]
    "NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
    "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-06-20 35760]
    "Adobe ARM"="c:\program files\Fichiers communs\Adobe\ARM\1.0\AdobeARM.exe" [2010-06-09 976832]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-04-03 13670504]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-04-03 110696]
    "QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-09-08 421888]
    "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-09-24 421160]

    c:\documents and settings\All Users\Menu D'marrer\Programmes\D'marrage\
    EPSON Status Monitor 3 Environment Check(2).lnk - c:\windows\system32\spool\drivers\w32x86\3\E_SRCV02.EXE [2007-6-14 135680]
    Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
    "HonorAutoRunSetting"= 0 (0x0)

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nfriaoji]
    [BU]

    [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
    BootExecute REG_MULTI_SZ autocheck autochk *\0Partizan

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Driver]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AVG Anti-Spyware Guard]
    @=""

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ORAHSSSessionManager]
    2007-09-25 17:10 102400 -c--a-w- c:\program files\Orange\SessionManager\SessionManager.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystrayORAHSS]
    2007-09-25 19:08 94208 ----a-w- c:\program files\Orange\Systray\SystrayApp.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\security center]
    "AntiVirusOverride"=dword:00000001
    "FirewallOverride"=dword:00000001

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "DisableNotifications"= 1 (0x1)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Steam\\steamapps\\weawel51\\counter-strike source\\hl2.exe"=
    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=
    "d:\\World of Warcraft\\BackgroundDownloader.exe"=
    "c:\\Program Files\\DNA\\btdna.exe"=
    "c:\\Program Files\\LimeWire\\LimeWire.exe"=
    "d:\\World of Warcraft\\Repair.exe"=
    "c:\\WINDOWS\\system32\\mmc.exe"=
    "c:\\Program Files\\Orange\\Connectivity\\ConnectivityManager.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "d:\\World of Warcraft\\WoW-2.4.2-frFR-downloader.exe"=
    "d:\\World of Warcraft\\WoW-2.4.3-to-3.0.2-frFR-Win-Final-downloader.exe"=
    "d:\\World of Warcraft\\Launcher.exe"=
    "d:\\Program Files\\Steam\\Steam.exe"=
    "d:\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-frFR-downloader.exe"=
    "d:\\World of Warcraft\\WoW-3.2.0.10192-to-3.2.0.10314-frFR-downloader.exe"=
    "d:\\World of Warcraft\\WoW-3.2.0.10314-to-3.2.2.10482-frFR-downloader.exe"=
    "d:\\World of Warcraft\\WoW-3.2.2.10482-to-3.2.2.10505-frFR-downloader.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
    "d:\\World of Warcraft\\WoW-3.2.2.10505-to-3.3.0.10958-frFR-downloader.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "c:\\Program Files\\iTunes\\iTunes.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

    R3 AmdTools;AMD Special Tools Driver;c:\windows\system32\drivers\AmdTools.sys [11/06/2007 16:40 31744]
    R3 mvb35316;mvb35316;c:\windows\system32\drivers\mvb35316.sys [02/03/2006 14:00 12800]
    S2 gupdate;Service Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [27/02/2010 20:43 135664]
    S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe [28/02/2007 19:12 208896]
    S3 Partizan;Partizan;c:\windows\system32\drivers\Partizan.sys [05/10/2010 19:46 35816]
    .
    Contenu du dossier 'Tâches planifiées'

    2010-08-30 c:\windows\Tasks\AppleSoftwareUpdate.job
    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

    2010-10-07 c:\windows\Tasks\Google Software Updater.job
    - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-06-15 19:26]

    2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 18:43]

    2010-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
    - c:\program files\Google\Update\GoogleUpdate.exe [2010-02-27 18:43]

    2010-10-07 c:\windows\Tasks\OGALogon.job
    - c:\windows\system32\OGAEXEC.exe [2009-08-03 13:07]
    .
    .
    ------- Examen supplémentaire -------
    .
    mWindow Title =
    DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072}
    FF - ProfilePath - c:\documents and settings\Administrateur\Application Data\Mozilla\Firefox\Profiles\nuwynzs7.default\
    FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
    FF - plugin: c:\program files\Google\Update\1.2.183.17\npGoogleOneClick8.dll
    FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll
    FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

    ---- PARAMETRES FIREFOX ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
    "ServiceDll"="c:\windows\system32\es.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]
    "ImagePath"="system32\DRIVERS\fdc.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]
    "ImagePath"="system32\DRIVERS\flpydisk.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
    "ImagePath"="system32\drivers\fltmgr.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
    "ImagePath"="c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ForceWare Intelligent Application Manager (IAM)]
    "ImagePath"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
    "ImagePath"="system32\DRIVERS\ftdisk.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FTRTSVC]
    "ImagePath"="\"c:\progra~1\FICHIE~1\France Telecom\Shared Modules\FTRTSVC\0\FTRTSVC.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\GEARAspiWDM]
    "ImagePath"="system32\DRIVERS\GEARAspiWDM.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
    "ImagePath"="system32\DRIVERS\msgpc.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gupdate]
    "ImagePath"="\"c:\program files\Google\Update\GoogleUpdate.exe\" /svc"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\gusvc]
    "ImagePath"="\"c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HdAudAddService]
    "ImagePath"="system32\drivers\HdAudio.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
    "ImagePath"="system32\DRIVERS\HDAudBus.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
    "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
    "ServiceDll"=" %SystemRoot%\System32\hidserv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
    "ImagePath"="system32\DRIVERS\hidusb.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
    "ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
    "ImagePath"="System32\Drivers\HTTP.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
    "ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
    "ImagePath"="system32\DRIVERS\i8042prt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ICSharing]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
    "ImagePath"="\"c:\program files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
    "ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
    "ImagePath"="system32\DRIVERS\imapi.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
    "ImagePath"="%systemroot%\system32\imapi.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
    "ImagePath"="system32\drivers\ip6fw.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
    "ImagePath"="system32\DRIVERS\ipfltdrv.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
    "ImagePath"="system32\DRIVERS\ipinip.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
    "ImagePath"="system32\DRIVERS\ipnat.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\iPod Service]
    "ImagePath"="\"c:\program files\iPod\bin\iPodService.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
    "ImagePath"="system32\DRIVERS\ipsec.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
    "ImagePath"="system32\DRIVERS\irenum.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
    "ImagePath"="system32\DRIVERS\isapnp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
    "ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
    "ImagePath"="system32\DRIVERS\kbdclass.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kbdhid]
    "ImagePath"="system32\DRIVERS\kbdhid.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
    "ImagePath"="system32\drivers\kmixer.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMWDFilter]
    "ImagePath"="\??\c:\windows\System32\Drivers\KMWDFilter.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KMWDSERVICE]
    "ImagePath"="c:\program files\Trust\Trust R-series Mouse And Keyboard\KMWDSrv.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
    "ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
    "ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LightScribeService]
    "ImagePath"="\"c:\program files\Fichiers communs\LightScribe\LSSrvc.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
    "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
    "ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
    "ImagePath"="c:\windows\system32\mnmsrvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
    "ImagePath"="system32\DRIVERS\mouclass.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
    "ImagePath"="system32\DRIVERS\mouhid.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
    "ImagePath"="system32\DRIVERS\mrxdav.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
    "ImagePath"="system32\DRIVERS\mrxsmb.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
    "ImagePath"="c:\windows\system32\msdtc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
    "ImagePath"="%systemroot%\system32\msiexec.exe /V"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
    "ImagePath"="system32\drivers\MSKSSRV.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
    "ImagePath"="system32\drivers\MSPCLOCK.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
    "ImagePath"="system32\drivers\MSPQM.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
    "ImagePath"="system32\DRIVERS\mssmbios.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
    "ImagePath"="system32\drivers\MSTEE.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MTsensor]
    "ImagePath"="system32\DRIVERS\ASACPI.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mvb35316]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
    "ImagePath"="system32\DRIVERS\NABTSFEC.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
    "ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
    "ImagePath"="system32\DRIVERS\NdisIP.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
    "ImagePath"="system32\DRIVERS\ndistapi.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
    "ImagePath"="system32\DRIVERS\ndisuio.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
    "ImagePath"="system32\DRIVERS\ndiswan.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
    "ImagePath"="system32\DRIVERS\netbios.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
    "ImagePath"="system32\DRIVERS\netbt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
    "ImagePath"="%SystemRoot%\system32\netdde.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
    "ImagePath"="%SystemRoot%\system32\netdde.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
    "ServiceDll"="%SystemRoot%\System32\netman.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
    "ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
    "ServiceDll"="%SystemRoot%\System32\mswsock.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nm]
    "ImagePath"="system32\DRIVERS\NMnt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nSvcIp]
    "ImagePath"="c:\program files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
    "ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nv]
    "ImagePath"="system32\DRIVERS\nv4_mini.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvata]
    "ImagePath"="system32\DRIVERS\nvata.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVENETFD]
    "ImagePath"="system32\DRIVERS\NVENETFD.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvgts]
    "ImagePath"="system32\DRIVERS\nvgts.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\nvnetbus]
    "ImagePath"="system32\DRIVERS\nvnetbus.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NVSvc]
    "ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
    "ImagePath"="system32\DRIVERS\nwlnkflt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
    "ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ose]
    "ImagePath"="\"c:\program files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE\""

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Outlook]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\P3]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]
    "ImagePath"="system32\DRIVERS\parport.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Partizan]
    "ImagePath"="system32\drivers\Partizan.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCAMPR5]
    "ImagePath"="\??\c:\windows\system32\PCAMPR5.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCANDIS5]
    "ImagePath"="\??\c:\windows\system32\PCANDIS5.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
    "ImagePath"="system32\DRIVERS\pci.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
    "ImagePath"="system32\DRIVERS\pciide.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
    "ImagePath"="%SystemRoot%\system32\services.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PnkBstrA]
    "ImagePath"="c:\windows\system32\PnkBstrA.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
    "ImagePath"="system32\DRIVERS\raspptp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Processor]
    "ImagePath"="system32\DRIVERS\processr.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
    "ImagePath"="system32\DRIVERS\psched.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
    "ImagePath"="system32\DRIVERS\ptilink.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
    "ImagePath"="system32\DRIVERS\rasacd.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
    "ServiceDll"="%SystemRoot%\System32\rasauto.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
    "ImagePath"="system32\DRIVERS\rasl2tp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
    "ServiceDll"="%SystemRoot%\System32\rasmans.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
    "ImagePath"="system32\DRIVERS\raspppoe.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
    "ImagePath"="system32\DRIVERS\raspti.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
    "ImagePath"="system32\DRIVERS\rdbss.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
    "ImagePath"="System32\DRIVERS\RDPCDD.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
    "ImagePath"="system32\DRIVERS\rdpdr.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
    "ImagePath"="c:\windows\system32\sessmgr.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
    "ImagePath"="system32\DRIVERS\redbook.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
    "ServiceDll"="%SystemRoot%\System32\mprdim.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteRegistry]
    "ServiceDll"="%SystemRoot%\system32\regsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ROOTMODEM]
    "ImagePath"="System32\Drivers\RootMdm.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
    "ImagePath"="%SystemRoot%\system32\locator.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
    "ServiceDll"="%SystemRoot%\System32\rpcss.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
    "ImagePath"="%SystemRoot%\system32\rsvp.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
    "ImagePath"="%SystemRoot%\system32\lsass.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
    "ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
    "ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
    "ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
    "ImagePath"="system32\DRIVERS\secdrv.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
    "ServiceDll"="%SystemRoot%\System32\seclogon.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SenFiltService]
    "ImagePath"="system32\drivers\Senfilt.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
    "ServiceDll"="%SystemRoot%\system32\sens.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ser2pl]
    "ImagePath"="system32\DRIVERS\ser2pl.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\serenum]
    "ImagePath"="system32\DRIVERS\serenum.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]
    "ImagePath"="system32\DRIVERS\serial.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfdrv01]
    "ImagePath"="System32\drivers\sfdrv01.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfhlp02]
    "ImagePath"="System32\drivers\sfhlp02.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sfvfs02]
    "ImagePath"="System32\drivers\sfvfs02.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
    "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
    "ImagePath"="system32\DRIVERS\SLIP.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
    "ImagePath"="system32\drivers\splitter.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
    "ImagePath"="%SystemRoot%\system32\spoolsv.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
    "ImagePath"="system32\DRIVERS\sr.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
    "ServiceDll"="%SystemRoot%\system32\srsvc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
    "ImagePath"="system32\DRIVERS\srv.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdbus]
    "ImagePath"="system32\DRIVERS\sscdbus.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdmdfl]
    "ImagePath"="system32\DRIVERS\sscdmdfl.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sscdmdm]
    "ImagePath"="system32\DRIVERS\sscdmdm.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
    "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_bus]
    "ImagePath"="system32\DRIVERS\ssm_bus.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_mdfl]
    "ImagePath"="system32\DRIVERS\ssm_mdfl.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ssm_mdm]
    "ImagePath"="system32\DRIVERS\ssm_mdm.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\StarOpen]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
    "ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
    "ImagePath"="system32\DRIVERS\StreamIP.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
    "ImagePath"="system32\DRIVERS\swenum.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
    "ImagePath"="system32\drivers\swmidi.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
    "ImagePath"="c:\windows\system32\dllhost.exe /Processid:{88B9794E-A41B-47C3-83E2-D68338581593}"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
    "ImagePath"="system32\drivers\sysaudio.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
    "ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
    "ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
    "ImagePath"="system32\DRIVERS\tcpip.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
    "ImagePath"="system32\DRIVERS\termdd.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
    "ServiceDll"="%SystemRoot%\System32\termsrv.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
    "ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TlntSvr]
    "ImagePath"="c:\windows\system32\tlntsvr.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
    "ServiceDll"="%SystemRoot%\system32\trkwks.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
    "ImagePath"="system32\DRIVERS\update.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
    "ServiceDll"="%SystemRoot%\System32\upnphost.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
    "ImagePath"="%SystemRoot%\System32\ups.exe"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBAAPL]
    "ImagePath"="System32\Drivers\usbaapl.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
    "ImagePath"="system32\DRIVERS\usbccgp.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
    "ImagePath"="system32\DRIVERS\usbehci.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
    "ImagePath"="system32\DRIVERS\usbhub.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbohci]
    "ImagePath"="system32\DRIVERS\usbohci.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
    "ImagePath"="system32\DRIVERS\usbscan.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbstor]
    "ImagePath"="system32\DRIVERS\USBSTOR.SYS"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbvideo]
    "ImagePath"="System32\Drivers\usbvideo.sys"

    [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USB_RNDIS]
    "ImagePath"="system32\DRIVERS\usb8023.sys"
    0
  21. sherred Messages postés 8605 Statut Membre 351
     
    d'accord

    regarde si tu vois ce fichier ?winstart.bat
    qui est dans c:\windows\winstart.bat

    tu fait un clic droit dessus , et tu choisi "modifier" ou " ouvrir avec" , et tu choisis un editeur , comme le bloc note

    ensuite tu me fait un copié / collé de ce qui est ecrit dedans , dans ta prochaine reponse

    *****************************************
    encore un truc

    je vois sans doute une infect usb

    donc
    Télécharge UsbFix (de Chiquitine29) sur ton bureau
    http://pagesperso-orange.fr/NosTools/Chiquitine29/UsbFix.exe

    Branche tes sources de données externes à ton PC, (clé USB, disque dur externe, etc...) susceptibles d avoir été infectés sans les ouvrir

    --> Double clic sur UsbFix

    clic sur le bouton Recherche

    et ne touche plus a rien pendant le scan

    Une fois l'analyse terminée, un rapport de scan est proposé... appuie sur une touche pour ouvrir ce rapport.
    copier/coller ce rapport dans ta prochaine réponse
    Note : le rapport UsbFix.txt est sauvegardé à la racine du disque
    0
    1. gen-hackman
       
      salut sherred winstart.bat appartient à regrun
      0
    2. sherred Messages postés 8605 Statut Membre 351
       
      j'ai lu quelque part qu'il pouvait etre utilisé pour effacer des fichiers ou autres actions , au demarrage de xp ,
      0
    3. gen-hackman
       
      au meme emplacement ?

      en fait tout ca est de regrun

      c:\windows\system32\Partizan.exe
      2010-10-05 17:46 . 2010-10-05 17:46 35816 ----a-w- c:\windows\system32\drivers\Partizan.sys
      2010-10-05 17:36 . 2010-10-05 17:36 2 --shatr- c:\windows\winstart.bat
      2010-10-05 17:36 . 2010-10-05 17:36 -------- d-----w- c:\program files\Greatis
      0
    4. sherred Messages postés 8605 Statut Membre 351
       
      oui j'avai vu le partizan

      bah on verra
      par contre ca [HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
      tu sais ce que c'est ?
      0
    5. sherred Messages postés 8605 Statut Membre 351
       
      et il y a \WINDOWS\prefetch\WINUPGRO.EXE-2D513C93.pf
      0