Ordinateur contaminé - besoin d'aide
flodrum
Messages postés
3
Statut
Membre
-
philae83 Messages postés 12854 Statut Contributeur sécurité -
philae83 Messages postés 12854 Statut Contributeur sécurité -
je vous transmest le log de hijackthis, mon ordinateur bug sans arret : fenetre de boite email s'ouvre, message de scan par logiciel, lenteur incroyable, merci de votre aide.
Flodrum
Logfile of HijackThis v1.99.1
Scan saved at 19:56:07, on 30/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\mui\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\23exym50_2.5.exe
C:\Program Files\QuickZip4\QuickZip.exe
C:\Documents and Settings\Flo\Bureau\virus\HijackThis.exe
C:\PROGRA~1\MOZILL~1\THUNDE~1.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {215EBF16-0EF7-732D-F4ED-05D58C75BBEF} - C:\WINDOWS\system32\qcqcyl.dll (file missing)
R3 - URLSearchHook: (no name) - {A89B22E0-CA5E-9CFB-7871-CA891B28609C} - C:\WINDOWS\system32\mgsiomta.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {215EBF16-0EF7-732D-F4ED-05D58C75BBEF} - C:\WINDOWS\system32\qcqcyl.dll (file missing)
O2 - BHO: (no name) - {A89B22E0-CA5E-9CFB-7871-CA891B28609C} - C:\WINDOWS\system32\mgsiomta.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nxla2d40] RUNDLL32.EXE w01ce32a.dll,n 001a2d3f0000000a01ce32a
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [virus] C:\WINDOWS\system32\virus1.exe
O4 - HKCU\..\Run: [Rwtt] "C:\PROGRA~1\CROSOF~1\tracert.exe" -vt yazr
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: (no name) - {12345678-1234-1234-1234-1234567890AB} - (no file)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EDBA988-607A-497A-A8B6-E3DFE494AB10}: NameServer = 212.27.32.176,212.27.32.177
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\j8l40i3qe8.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DirectX Service (DirectQybb) - Unknown owner - C:\WINDOWS\system32\directx.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Configuration: Windows XP
Internet Explorer 6.0
Flodrum
Logfile of HijackThis v1.99.1
Scan saved at 19:56:07, on 30/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\WINDOWS\mui\explorer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wuauclt.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\23exym50_2.5.exe
C:\Program Files\QuickZip4\QuickZip.exe
C:\Documents and Settings\Flo\Bureau\virus\HijackThis.exe
C:\PROGRA~1\MOZILL~1\THUNDE~1.EXE
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {215EBF16-0EF7-732D-F4ED-05D58C75BBEF} - C:\WINDOWS\system32\qcqcyl.dll (file missing)
R3 - URLSearchHook: (no name) - {A89B22E0-CA5E-9CFB-7871-CA891B28609C} - C:\WINDOWS\system32\mgsiomta.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {215EBF16-0EF7-732D-F4ED-05D58C75BBEF} - C:\WINDOWS\system32\qcqcyl.dll (file missing)
O2 - BHO: (no name) - {A89B22E0-CA5E-9CFB-7871-CA891B28609C} - C:\WINDOWS\system32\mgsiomta.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nxla2d40] RUNDLL32.EXE w01ce32a.dll,n 001a2d3f0000000a01ce32a
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [.nvsvc] C:\WINDOWS\system\smss.exe /w
O4 - HKLM\..\Run: [virus] C:\WINDOWS\system32\virus1.exe
O4 - HKCU\..\Run: [Rwtt] "C:\PROGRA~1\CROSOF~1\tracert.exe" -vt yazr
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: (no name) - {12345678-1234-1234-1234-1234567890AB} - (no file)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/default.aspx
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EDBA988-607A-497A-A8B6-E3DFE494AB10}: NameServer = 212.27.32.176,212.27.32.177
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\j8l40i3qe8.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: DirectX Service (DirectQybb) - Unknown owner - C:\WINDOWS\system32\directx.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
Configuration: Windows XP
Internet Explorer 6.0
A voir également:
- Ordinateur contaminé - besoin d'aide
- Ordinateur qui rame - Guide
- Réinitialiser ordinateur - Guide
- Clavier de l'ordinateur - Guide
- # Sur ordinateur - Guide
- Pad ordinateur bloqué - Guide
9 réponses
bonsoir,
* Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
* Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
* Redémarre ton ordinateur en mode sans échec
* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,
avec un nouveau log Hijackthis
* Télécharge SDFix sur ton bureau
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
* Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau.
* Redémarre ton ordinateur en mode sans échec
* Ouvre le dossier SDFix qui vient d'être créé sur le Bureau et double clique sur RunThis.bat pour lancer le script.
* Appuie sur Y pour commencer le processus de nettoyage.
Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
* Appuie sur une touche pour redémarrer le PC.
Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
* Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum,
avec un nouveau log Hijackthis
ok, on continue, je regarde tes rapports, réponse dans qq minutes
je voudrais vérifier autre chose
* Télécharge Blacklight
https://europe.f-secure.com/exclude/blacklight/index.shtml
(de F-Secure)
(le premier de la page)
Enregistre le sur ton Bureau.
Double-clique blbeta.exe
Clique sur "I ACCEPT" .
clique Scan puis Next<*gras>
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
sur ton Bureau, nommé <gras>fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse.
NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport,
car des fichiers légitimes peuvent être présents, tel wbemtest.exe
je voudrais vérifier autre chose
* Télécharge Blacklight
https://europe.f-secure.com/exclude/blacklight/index.shtml
(de F-Secure)
(le premier de la page)
Enregistre le sur ton Bureau.
Double-clique blbeta.exe
Clique sur "I ACCEPT" .
clique Scan puis Next<*gras>
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
sur ton Bureau, nommé <gras>fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse.
NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport,
car des fichiers légitimes peuvent être présents, tel wbemtest.exe
essaye en mode sans échec stp
http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924
http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924
bon on va procéder autrement,
lance hijackthis "do a system scan only" puis coche ces lignes :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) - {215EBF16-0EF7-732D-F4ED-05D58C75BBEF} - C:\WINDOWS\system32\qcqcyl.dll (file missing)
R3 - URLSearchHook: (no name) - {A89B22E0-CA5E-9CFB-7871-CA891B28609C} - C:\WINDOWS\system32\mgsiomta.dll (file missing)
O2 - BHO: (no name) - {215EBF16-0EF7-732D-F4ED-05D58C75BBEF} - C:\WINDOWS\system32\qcqcyl.dll (file missing)
O2 - BHO: (no name) - {A89B22E0-CA5E-9CFB-7871-CA891B28609C} - C:\WINDOWS\system32\mgsiomta.dll (file missing)
O4 - HKLM\..\Run: [nxla2d40] RUNDLL32.EXE w01ce32a.dll,n 001a2d3f0000000a01ce32a
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [virus] C:\WINDOWS\system32\virus1.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Rwtt] "C:\PROGRA~1\CROSOF~1\tracert.exe" -vt yazr
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: (no name) - {12345678-1234-1234-1234-1234567890AB} - (no file)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\j8l40i3qe8.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
* ferme toutes les applications ouvertes y compris Internet Explorer et clique sur "fixer objet"
Assure toi d'avoir accès à tous les fichiers
-démarrer
-poste de travail ou autre dossier
-menu outils
-options de dossier
-onglet affichage
puis
- activer la case : Afficher les fichiers et dossiers cachés
- désactiver la case : Masquer les extensions des fichiers dont le type est connu
- désactiver la case : Masquer les fichier protégés du système d'exploitation
Puis - Appliquer
* et Supprime le(s) fichier(s) ci dessous si il(s) est (sont) présent(s) :
C:\WINDOWS\system32\virus1.exe
C:\PROGRA~1\CROSOF~1
* Dans l'Explorateur Windows recache les fichiers système afin de ne pas faire d'erreur à l'avenir. Retourne à la fenêtre Paramètres de dossiers et sélectionne Ne pas afficher les fichiers cachés ou les fichiers système
puis
fait un scan antivirus en ligne et poste le rapport ici ensuite
https://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.
tuto en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
lance hijackthis "do a system scan only" puis coche ces lignes :
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R3 - URLSearchHook: (no name) - {215EBF16-0EF7-732D-F4ED-05D58C75BBEF} - C:\WINDOWS\system32\qcqcyl.dll (file missing)
R3 - URLSearchHook: (no name) - {A89B22E0-CA5E-9CFB-7871-CA891B28609C} - C:\WINDOWS\system32\mgsiomta.dll (file missing)
O2 - BHO: (no name) - {215EBF16-0EF7-732D-F4ED-05D58C75BBEF} - C:\WINDOWS\system32\qcqcyl.dll (file missing)
O2 - BHO: (no name) - {A89B22E0-CA5E-9CFB-7871-CA891B28609C} - C:\WINDOWS\system32\mgsiomta.dll (file missing)
O4 - HKLM\..\Run: [nxla2d40] RUNDLL32.EXE w01ce32a.dll,n 001a2d3f0000000a01ce32a
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [virus] C:\WINDOWS\system32\virus1.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Rwtt] "C:\PROGRA~1\CROSOF~1\tracert.exe" -vt yazr
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: (no name) - {12345678-1234-1234-1234-1234567890AB} - (no file)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\j8l40i3qe8.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
* ferme toutes les applications ouvertes y compris Internet Explorer et clique sur "fixer objet"
Assure toi d'avoir accès à tous les fichiers
-démarrer
-poste de travail ou autre dossier
-menu outils
-options de dossier
-onglet affichage
puis
- activer la case : Afficher les fichiers et dossiers cachés
- désactiver la case : Masquer les extensions des fichiers dont le type est connu
- désactiver la case : Masquer les fichier protégés du système d'exploitation
Puis - Appliquer
* et Supprime le(s) fichier(s) ci dessous si il(s) est (sont) présent(s) :
C:\WINDOWS\system32\virus1.exe
C:\PROGRA~1\CROSOF~1
* Dans l'Explorateur Windows recache les fichiers système afin de ne pas faire d'erreur à l'avenir. Retourne à la fenêtre Paramètres de dossiers et sélectionne Ne pas afficher les fichiers cachés ou les fichiers système
puis
fait un scan antivirus en ligne et poste le rapport ici ensuite
https://www.bitdefender.fr/
et copie colle le résultat ici
* En bas, à gauche de la fenêtre, clique sur BitDefender SCAN ONLINE
* Dans la nouvelle fenêtre, clique sur I agree
* La fenêtre change encore, clique sur Click here to scan
* Les signatures se chargent, etc.
tuto en image
http://pageperso.aol.fr/rginformatique/mapage/defender.htm
J'ai suivi toute tes recommandations et voici le scan fait avec bit defender.
Dans l'attente de te lire,
Merci
Flodrum
//-----------------------------------------------------------------
//
// Product: BitDefender 9 Professional Plus
// Version: 9.5
//
// Created on: 31/03/2007 23:28:28
//
//-----------------------------------------------------------------
Virus Statistics
Scan path : C:\WINDOWS\system32\
Folders : 177
Files : 5827
Archives : 29
Packed files : 274
Identified viruses : 4
Infected files : 3
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 1
Copied files : 0
Moved files : 3
Renamed files : 0
I/O errors : 13
Scan time : 00:16:32
Scan speed (files/sec) : 5
Spyware Statistics
Memory processes scanned : 16
Memory processes infected : 0
Registry keys scanned : 2151
Registry keys infected : 1
Cookies scanned : 138
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 1
Virus definitions : 441268
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5
Virus scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Virus scan options
[X] Enable warnings
[X] Enable heuristics
[X] Show all files in log
[X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1175376508.log
Spyware scan options
[X] Memory Processes
[X] Registry keys
[X] Cookies
Summary:
<System>=>HKEY_CLASSES_ROOT\MEZZIACODEC.CHL Detected: Trojan.Nebuler-G
<System>=>HKEY_CLASSES_ROOT\MEZZIACODEC.CHL Deleted
<System> Update failed
C:\WINDOWS\system32\cmesys.exe Detected: Application.VTesttool.A
C:\WINDOWS\system32\cmesys.exe Disinfection failed
C:\WINDOWS\system32\cmesys.exe Move failed: Quarantine full
C:\WINDOWS\system32\spool\drivers\setup.exe Infected: Trojan.Downloader.Horst.J
C:\WINDOWS\system32\spool\drivers\setup.exe Disinfection failed
C:\WINDOWS\system32\spool\drivers\setup.exe Moved
C:\WINDOWS\system32\temp\NSIS_Install_IGB.exe Detected: Adware.Navipromo.BC
C:\WINDOWS\system32\temp\NSIS_Install_IGB.exe Disinfection failed
C:\WINDOWS\system32\temp\NSIS_Install_IGB.exe Moved
Scanned files
<System> OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AC97INTC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\AC97INTC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ACPI\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AEC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AGP440\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ALERTER\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\ALRSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ALERTER\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ALG\ImagePath=>C:\WINDOWS\SYSTEM32\ALG.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\APPMGMT\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\APPMGMTS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\APPMGMT\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ASWUPDSV\ImagePath=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ASYNCMAC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ATAPI\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ATMARPC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AUDIOSRV\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\AUDIOSRV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AUDIOSRV\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AUDSTUB\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AVAST! ANTIVIRUS\ImagePath=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AVAST! MAIL SCANNER\ImagePath=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AVAST! WEB SCANNER\ImagePath=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BATTC\MofImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\BATTC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BDSS\ImagePath=>C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\QMGR.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BOONTY GAMES\ImagePath=>C:\PROGRAM FILES\FICHIERS COMMUNS\BOONTY SHARED\SERVICE\BOONTY.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BROWSER\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\BROWSER.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BROWSER\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\C-DILLACDAC11BA\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDROM\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CISVC\ImagePath=>C:\WINDOWS\SYSTEM32\CISVC.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CLIPSRV\ImagePath=>C:\WINDOWS\SYSTEM32\CLIPSRV.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CMBATT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\CMBATT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CNXTDIAG\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\CNXTDIAG.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\COMPBATT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\COMPBATT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\COMSYSAPP\ImagePath=>C:\WINDOWS\SYSTEM32\DLLHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CONTENTFILTER\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\QUERY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CONTENTINDEX\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\QUERY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CRYPTSVC\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\CRYPTSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CRYPTSVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CRYPTSVC\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DCOMLAUNCH\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\RPCSS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DHCP\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\DHCPCSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DHCP\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DISK\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMADMIN\ImagePath=>C:\WINDOWS\SYSTEM32\DMADMIN.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMBOOT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMIO\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMLOAD\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMSERVER\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\DMSERVER.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMSERVER\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMUSIC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DNSCACHE\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\DNSRSLVR.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DNSCACHE\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DRMKAUD\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EL90XBC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ERSVC\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\ERSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ERSVC\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\ANTIVIRUS\AVAST!\CategoryMessageFile=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\ANTIVIRUS\AVAST!\EventMessageFile=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\ANTIVIRUS\File=>C:\WINDOWS\SYSTEM32\CONFIG\ANTIVIRUS.EVT OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\APPHELP\EventMessageFile=>C:\WINDOWS\SYSTEM32\APPHELP.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\APPLICATION\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\EVENTLOG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\APPLICATION HANG\EventMessageFile=>C:\WINDOWS\SYSTEM32\FAULTREP.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\APPLICATION MANAGEMENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\APPMGMTS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\APPLICATION MANAGEMENT\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\AUTOCHK\EventMessageFile=>C:\WINDOWS\SYSTEM32\WINLOGON.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\AUTOENROLLMENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\PAUTOENR.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CHKDSK\EventMessageFile=>C:\WINDOWS\SYSTEM32\ULIB.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CI\EventMessageFile=>C:\WINDOWS\SYSTEM32\QUERY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CI\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\QUERY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\COM\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\COM+\EventMessageFile=>C:\WINDOWS\SYSTEM32\COMRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\COM+\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\COMRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\COM+\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\COMRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CRYPT32\EventMessageFile=>C:\WINDOWS\SYSTEM32\CRYPT32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\DISKQUOTA\EventMessageFile=>C:\WINDOWS\SYSTEM32\DSKQUOTA.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\DRWATSON\EventMessageFile=>C:\WINDOWS\SYSTEM32\DRWTSN32.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\EAPOL\EventMessageFile=>C:\WINDOWS\SYSTEM32\WzCSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ESENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\ESENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ESENT\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\ESENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\EVENTSYSTEM\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\COMRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\EVENTSYSTEM\EventMessageFile=>C:\WINDOWS\SYSTEM32\COMRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\FILE DEPLOYMENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\FDEPLOY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\FILE DEPLOYMENT\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\FOLDER REDIRECTION\EventMessageFile=>C:\WINDOWS\SYSTEM32\FDEPLOY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\FOLDER REDIRECTION\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\HELPSVC\EventMessageFile=>C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HCAPPRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\JAVA VM\EventMessageFile=>C:\WINDOWS\SYSTEM32\VMHELPER.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\LOADPERF\EventMessageFile=>C:\WINDOWS\SYSTEM32\LOADPERF.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MICROSOFT H.323 TELEPHONY SERVICE PROVIDER\EventMessageFile=>C:\WINDOWS\SYSTEM32\H323.TSP OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MNMSRVC\EventMessageFile=>C:\WINDOWS\SYSTEM32\NMEVTMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MSDTC\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\COMRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MSDTC CLIENT\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\COMRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MSIINSTALLER\EventMessageFile=>C:\WINDOWS\SYSTEM32\MSI.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MSSQLSERVER/MSDE\EventMessageFile=>C:\WINDOWS\SYSTEM32\XPSP2RES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\NTBACKUP\EventMessageFile=>C:\WINDOWS\SYSTEM32\NTBACKUP.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\OAKLEY\EventMessageFile=>C:\WINDOWS\SYSTEM32\OAKLEY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\OFFLINE FILES\EventMessageFile=>C:\WINDOWS\SYSTEM32\CSCUI.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFCTRS\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFCTRS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFDISK\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFDISK.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFLIB\EventMessageFile=>C:\WINDOWS\SYSTEM32\PRFLBMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFMON\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFMON.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFNET\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFNET.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFOS\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFOS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFPROC\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFPROC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\REMOTE ASSISTANCE\EventMessageFile=>C:\WINDOWS\SYSTEM32\XPSP2RES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SAFRDMS\EventMessageFile=>C:\WINDOWS\SYSTEM32\SAFRDM.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SAFRSLV\EventMessageFile=>C:\WINDOWS\SYSTEM32\SAFRSLV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SCECLI\EventMessageFile=>C:\WINDOWS\SYSTEM32\SCECLI.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SCESRV\EventMessageFile=>C:\WINDOWS\SYSTEM32\SCESRV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SCLGNTFY\EventMessageFile=>C:\WINDOWS\SYSTEM32\SCLGNTFY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SECURITYCENTER\EventMessageFile=>C:\WINDOWS\SYSTEM32\XPSP2RES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SOFTWARE INSTALLATION\EventMessageFile=>C:\WINDOWS\SYSTEM32\APPMGR.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SOFTWARE RESTRICTION POLICIES\EventMessageFile=>C:\WINDOWS\SYSTEM32\NTDLL.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SPOOLERCTRS\EventMessageFile=>C:\WINDOWS\SYSTEM32\WINSPOOL.DRV OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SYSMONLOG\EventMessageFile=>C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\UPLOADM\EventMessageFile=>C:\WINDOWS\PCHEALTH\UPLOADLB\BINARIES\UPLOADM.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\USERINIT\EventMessageFile=>C:\WINDOWS\SYSTEM32\USERINIT.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\VBRUNTIME\EventMessageFile=>C:\WINDOWS\SYSTEM32\MSVBVM60.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\VSS\EventMessageFile=>C:\WINDOWS\SYSTEM32\VSSVC.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WEBCLIENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WINDOWS 3.1 MIGRATION\EventMessageFile=>C:\WINDOWS\SYSTEM32\ADVAPI32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WINDOWS PRODUCT ACTIVATION\EventMessageFile=>C:\WINDOWS\SYSTEM32\DPCDLL.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WINLOGON\EventMessageFile=>C:\WINDOWS\SYSTEM32\WINLOGON.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WMDMPMSN\EventMessageFile=>C:\WINDOWS\SYSTEM32\MSPMSNSV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WMIADAPTER\EventMessageFile=>C:\WINDOWS\SYSTEM32\WBEM\WMIAPRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WSH\EventMessageFile=>C:\WINDOWS\SYSTEM32\WSHEXT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\DisplayNameFile=>C:\WINDOWS\SYSTEM32\ELS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\File=>C:\WINDOWS\SYSTEM32\CONFIG\APPEVENT.EVT OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\=>C:\WINDOWS\SYSTEM32\MNMSRVC.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\DS\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\LSA\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\NETDDE OBJECT\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SC MANAGER\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SECURITY\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\MSAUDITE.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SECURITY\GuidMessageFile=>C:\WINDOWS\SYSTEM32\NTMARTA.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SECURITY\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SECURITY ACCOUNT MANAGER\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SPOOLER\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\DisplayNameFile=>C:\WINDOWS\SYSTEM32\ELS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\File=>C:\WINDOWS\SYSTEM32\CONFIG\SECEVENT.EVT OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ABIOSDSK\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ABP480N5\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ADPU160M\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AHA154X\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AIC78U2\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AIC78XX\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ALERTER\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AMI0NT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AMSINT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ASC\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ASC3350P\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ASC3550\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ASYNCMAC\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ATAPI\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ATDISK\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ATMARPC\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\BEEP\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\BITS\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\XPOB2RES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\BITS\EventMessageFile=>C:\WINDOWS\SYSTEM32\XPOB2RES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\BROWSER\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CBIDF2K\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CD20XRNT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CDAUDIO\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CDFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CDROM\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CHANGER\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CPQARRAY\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CRYPTSVC\EventMessageFile=>C:\WINDOWS\SYSTEM32\CRYPTSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DAC2W2K\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DAC960NT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DCOM\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DFSDRIVER\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DFSSVC\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DHCP\EventMessageFile=>C:\WINDOWS\SYSTEM32\DHCPCSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DHCP\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DISK\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DISTRIBUTED LINK TRACKING CLIENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DMBOOT\EventMessageFile=>C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DNSAPI\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DNSAPI\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DNSCACHE\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DPTI2O\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\EFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\LSASRV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\EL90XBC\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\EVENTLOG\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\FASTFAT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\FBXUSB\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\FIPS\EventMessageFile=>C:\WINDOWS\SYSTEM32\DRIVERS\FIPS.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\FS_REC\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\GESTIONNAIRE DE SESSION D'AIDE SUR LE BUREAU à DISTANCE\EventMessageFile=>C:\WINDOWS\SYSTEM32\SESSMGR.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\HPN\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\HTTP\EventMessageFile=>C:\WINDOWS\SYSTEM32\XPSP2RES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\I2OMGMT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\I2OMP\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\INI910U\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\INTERNET EXPLORER 6\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPMGM\EventMessageFile=>C:\WINDOWS\SYSTEM32\RTM.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPNATHLP\EventMessageFile=>C:\WINDOWS\SYSTEM32\IPNATHLP.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPROUTERMANAGER\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPSEC\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPXCP\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPXRIP\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPXROUTERMANAGER\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPXSAP\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\LDM\EventMessageFile=>C:\WINDOWS\SYSTEM32\DMADMIN.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\LDMS\EventMessageFile=>C:\WINDOWS\SYSTEM32\DMSERVER.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\LMHOSTS\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\LSASRV\EventMessageFile=>C:\WINDOWS\SYSTEM32\LSASRV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\LSASRV\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\LSASRV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MRAID35X\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MRXDAV\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MRXSMB\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MSADLIB\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MSFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MUP\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NDIS\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NDISWAN\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NETBIOS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NETBT\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NETDDE\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETDDE.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NETLOGON\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NETLOGON\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NLA\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NPFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NTFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NTSERVICEPACK\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NULL\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\OUTLOOK EXPRESS 6\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\PARTMGR\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\PCMCIA\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\PERC2\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\PLUGPLAYMANAGER\EventMessageFile=>C:\WINDOWS\SYSTEM32\UMPNPMGR.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\PPTPMINIPORT\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\PSCHED\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\QL1080\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\QL10WNT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\QL12160\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\QL1240\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\QL1280\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\RASAUTO\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\RASMAN\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\RDBSS\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\REMOTEACCESS\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\REMOTEACCESS\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\IASSVCS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\RSVP\EventMessageFile=>C:\WINDOWS\SYSTEM32\RSVPMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SAM\EventMessageFile=>C:\WINDOWS\SYSTEM32\SAMSRV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SAVE DUMP\EventMessageFile=>C:\WINDOWS\SYSTEM32\SAVEDUMP.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SCARDSVR\EventMessageFile=>C:\WINDOWS\SYSTEM32\SCARDSVR.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SCHANNEL\EventMessageFile=>C:\WINDOWS\SYSTEM32\LSASRV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SCHEDULE\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SCHEDULE\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SCSIPORT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SERVER\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SERVICE CONTROL MANAGER\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SERVICE CONTROL MANAGER\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SERVICE DE STOCKAGE AMOVIBLE\EventMessageFile=>C:\WINDOWS\SYSTEM32\NTMSEVT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SETUP\EventMessageFile=>C:\WINDOWS\SYSTEM32\SYSSETUP.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SFLOPPY\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SIDEBYSIDE\EventMessageFile=>C:\WINDOWS\SYSTEM32\SXS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SIMBAD\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SNDBLST\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SOFTWARE RESTRICTION POLICY\EventMessageFile=>C:\WINDOWS\SYSTEM32\NTDLL.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SPARROW\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SPTD\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SRSERVICE\EventMessageFile=>C:\WINDOWS\SYSTEM32\SRSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SRV\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\STILLIMAGE\EventMessageFile=>C:\WINDOWS\SYSTEM32\WIASERVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SYMC810\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SYMC8XX\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SYM_HI\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SYM_U3\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SYSTEM\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\EVENTLOG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SYSTEM ERROR\EventMessageFile=>C:\WINDOWS\SYSTEM32\FAULTREP.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\TCPMON\EventMessageFile=>C:\WINDOWS\SYSTEM32\TCPMON.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\TDI\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\TERMDD\EventMessageFile=>C:\WINDOWS\SYSTEM32\NTDLL.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\TERMSERVDEVICES\EventMessageFile=>C:\WINDOWS\SYSTEM32\WLNOTIFY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\UDFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ULTRA\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\UPS\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\USER32\EventMessageFile=>C:\WINDOWS\SYSTEM32\USER32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\W32TIME\EventMessageFile=>C:\WINDOWS\SYSTEM32\W32TIME.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WGANOTIFY\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WIN32K\EventMessageFile=>C:\WINDOWS\SYSTEM32\WIN32K.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWS FILE PROTECTION\EventMessageFile=>C:\WINDOWS\SYSTEM32\SFC_OS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWS INSTALLER 3.1\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWS SCRIPT HOST\EventMessageFile=>C:\WINDOWS\SYSTEM32\WSHEXT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWS UPDATE AGENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\WUAUCPL.CPL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWS UPDATE AGENT\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\WUAUCPL.CPL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWSMEDIA\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WMPNETWORKSVC\EventMessageFile=>C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WORKSTATION\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WPDCLASSINSTALLER\EventMessageFile=>C:\WINDOWS\SYSTEM32\WPD_CI.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WPDCLASSINSTALLER\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\WPD_CI.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WUDF01000\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WZCSVC\EventMessageFile=>C:\WINDOWS\SYSTEM32\WzCSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DisplayNameFile=>C:\WINDOWS\SYSTEM32\ELS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\File=>C:\WINDOWS\SYSTEM32\CONFIG\SYSEVENT.EVT OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTSYSTEM\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\ES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTSYSTEM\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FALLBACK\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FALLBACK.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FASTUSERSWITCHINGCOMPATIBILITY\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\SHSVCS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FASTUSERSWITCHINGCOMPATIBILITY\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FBXUSB\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FBXUSB32.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FDC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FLTMGR\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FSKS\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FSKSNT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FTDISK\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\GPC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HELPSVC\PARAMETERS\ServiceDll=>C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\PCHSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HELPSVC\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HIDSERV\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HIDUSB\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HPZID412\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\HPZID412.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HPZIPR12\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\HPZIPR12.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HPZIPR12\DisplayName=>C:\WINDOWS\SYSTEM32\PRINT.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HPZIUS12\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\HPZIUS12.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HTTP\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HTTPFILTER\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\W3SSL.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HTTPFILTER\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I8042PRT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ICH\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ICH.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IMAPI\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IMAPISERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\IMAPI.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INTELIDE\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IP6FW\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPFILTERDRIVER\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPINIP\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPNAT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPSEC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IRENUM\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ISAPISEARCH\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\QUERY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ISAPNP\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\K56\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\K56NT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\K56\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\K56NT.SYS=>(Rapid o) OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KBDCLASS\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KMIXER\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANSERVER\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\SRVSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANSERVER\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANWORKSTATION\NETWORKPROVIDER\ProviderPath=>C:\WINDOWS\SYSTEM32\NTLANMAN.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANWORKSTATION\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\WKSSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANWORKSTATION\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LIVESRV\ImagePath=>C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LMHOSTS\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\LMHSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LMHOSTS\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MDC8021X\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MDC8021X.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MESSENGER\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\MSGSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MESSENGER\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MNMSRVC\ImagePath=>C:\WINDOWS\SYSTEM32\MNMSRVC.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUCLASS\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUHID\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MRXDAV\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MRXSMB\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSDTC\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\MSDTCUIU.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSDTC\ImagePath=>C:\WINDOWS\SYSTEM32\MSDTC.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSISERVER\ImagePath=>C:\WINDOWS\SYSTEM32\MSIEXEC.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSKSSRV\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSPCLOCK\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSPQM\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSSMBIOS\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDISTAPI\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDISUIO\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDISWAN\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBIOS\PARAMETERS\WINSOCK\HelperDllName=>C:\WINDOWS\SYSTEM32\WSHNETBS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBIOS\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETDDE\ImagePath=>C:\WINDOWS\SYSTEM32\NETDDE.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETDDEDSDM\ImagePath=>C:\WINDOWS\SYSTEM32\NETDDE.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETLOGON\ImagePath=>C:\WINDOWS\SYSTEM32\LSASS.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETMAN\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\NETMAN.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETMAN\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NLA\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\MSWSOCK.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NLA\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NTLMSSP\ImagePath=>C:\WINDOWS\SYSTEM32\LSASS.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NTMSSVC\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\NTMSSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NTMSSVC\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NV\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NVSVC\ImagePath=>C:\WINDOWS\SYSTEM32\NVSVC32.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWLNKFLT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWLNKFWD\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\P3\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\P3.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PARPORT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCI\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCMCIA\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\PCMCIA.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PERFDISK\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\PERFDISK.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PERFNET\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\PERFNET.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PERFOS\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\PERFOS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PERFPROC\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\PERFPROC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PLUGPLAY\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PML DRIVER HPZ12\ImagePath=>C:\WINDOWS\SYSTEM32\HPZIPM12.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\POLICYAGENT\ImagePath=>C:\WINDOWS\SYSTEM32\LSASS.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\POLICYAGENT\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PPTPMINIPORT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PROTECTEDSTORAGE\ImagePath=>C:\WINDOWS\SYSTEM32\LSASS.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PSCHED\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\PSCHDPRF.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PSCHED\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PTILINK\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASACD\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASAUTO\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\RASAUTO.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASAUTO\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASL2TP\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\RASMANS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\CONTROLPROTOCOLS\BUILTIN\Path=>C:\WINDOWS\SYSTEM32\RASPPP.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\CONTROLPROTOCOLS\CHAP\Path=>C:\WINDOWS\SYSTEM32\RASCHAP.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\13\Path=>C:\WINDOWS\SYSTEM32\RASTLS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\13\ConfigUiPath=>
Dans l'attente de te lire,
Merci
Flodrum
//-----------------------------------------------------------------
//
// Product: BitDefender 9 Professional Plus
// Version: 9.5
//
// Created on: 31/03/2007 23:28:28
//
//-----------------------------------------------------------------
Virus Statistics
Scan path : C:\WINDOWS\system32\
Folders : 177
Files : 5827
Archives : 29
Packed files : 274
Identified viruses : 4
Infected files : 3
Warnings : 0
Suspect files : 0
Disinfected files : 0
Deleted files : 1
Copied files : 0
Moved files : 3
Renamed files : 0
I/O errors : 13
Scan time : 00:16:32
Scan speed (files/sec) : 5
Spyware Statistics
Memory processes scanned : 16
Memory processes infected : 0
Registry keys scanned : 2151
Registry keys infected : 1
Cookies scanned : 138
Cookies infected : 0
Spyware files infected : 0
Spyware threats detected : 1
Virus definitions : 441268
Scan plugins : 16
Archive plugins : 41
Unpack plugins : 6
Mail plugins : 6
System plugins : 5
Virus scan options
Detection
[X] Scan boot sectors
[X] Scan archives
[X] Scan packed files
[X] Scan email
File mask
[ ] Programs
[X] All files
[ ] User defined extensions:
[ ] Exclude extensions: ;
Action
Infected objects
[ ] Ignore
[X] Disinfect
[ ] Delete
[ ] Copy to quarantine
[ ] Move to quarantine
[ ] Rename
[ ] Prompt user
Second action
[ ] Ignore
[ ] Delete
[ ] Copy to quarantine
[X] Move to quarantine
[ ] Rename
[ ] Prompt user
Virus scan options
[X] Enable warnings
[X] Enable heuristics
[X] Show all files in log
[X] Report file: C:\Program Files\Softwin\BitDefender9\Logs\vscan_1175376508.log
Spyware scan options
[X] Memory Processes
[X] Registry keys
[X] Cookies
Summary:
<System>=>HKEY_CLASSES_ROOT\MEZZIACODEC.CHL Detected: Trojan.Nebuler-G
<System>=>HKEY_CLASSES_ROOT\MEZZIACODEC.CHL Deleted
<System> Update failed
C:\WINDOWS\system32\cmesys.exe Detected: Application.VTesttool.A
C:\WINDOWS\system32\cmesys.exe Disinfection failed
C:\WINDOWS\system32\cmesys.exe Move failed: Quarantine full
C:\WINDOWS\system32\spool\drivers\setup.exe Infected: Trojan.Downloader.Horst.J
C:\WINDOWS\system32\spool\drivers\setup.exe Disinfection failed
C:\WINDOWS\system32\spool\drivers\setup.exe Moved
C:\WINDOWS\system32\temp\NSIS_Install_IGB.exe Detected: Adware.Navipromo.BC
C:\WINDOWS\system32\temp\NSIS_Install_IGB.exe Disinfection failed
C:\WINDOWS\system32\temp\NSIS_Install_IGB.exe Moved
Scanned files
<System> OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AC97INTC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\AC97INTC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ACPI\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ACPI.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AEC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\AEC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AGP440\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\AGP440.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ALERTER\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\ALRSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ALERTER\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ALG\ImagePath=>C:\WINDOWS\SYSTEM32\ALG.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\APPMGMT\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\APPMGMTS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\APPMGMT\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ASWUPDSV\ImagePath=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWUPDSV.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ASYNCMAC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ASYNCMAC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ATAPI\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ATAPI.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ATMARPC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ATMARPC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AUDIOSRV\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\AUDIOSRV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AUDIOSRV\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AUDSTUB\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\AUDSTUB.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AVAST! ANTIVIRUS\ImagePath=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHSERV.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AVAST! MAIL SCANNER\ImagePath=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHMAISV.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\AVAST! WEB SCANNER\ImagePath=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASHWEBSV.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BATTC\MofImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\BATTC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BDSS\ImagePath=>C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER SCAN SERVER\BDSS.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\QMGR.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BITS\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BOONTY GAMES\ImagePath=>C:\PROGRAM FILES\FICHIERS COMMUNS\BOONTY SHARED\SERVICE\BOONTY.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BROWSER\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\BROWSER.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\BROWSER\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\C-DILLACDAC11BA\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\CDAC11BA.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CDROM\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\CDROM.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CISVC\ImagePath=>C:\WINDOWS\SYSTEM32\CISVC.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CLIPSRV\ImagePath=>C:\WINDOWS\SYSTEM32\CLIPSRV.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CMBATT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\CMBATT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CNXTDIAG\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\CNXTDIAG.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\COMPBATT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\COMPBATT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\COMSYSAPP\ImagePath=>C:\WINDOWS\SYSTEM32\DLLHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CONTENTFILTER\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\QUERY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CONTENTINDEX\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\QUERY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CRYPTSVC\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\CRYPTSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CRYPTSVC\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\CRYPTSVC\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DCOMLAUNCH\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\RPCSS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DHCP\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\DHCPCSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DHCP\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DISK\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DISK.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMADMIN\ImagePath=>C:\WINDOWS\SYSTEM32\DMADMIN.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMBOOT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMIO\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DMIO.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMLOAD\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DMLOAD.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMSERVER\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\DMSERVER.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMSERVER\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DMUSIC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DMUSIC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DNSCACHE\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\DNSRSLVR.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DNSCACHE\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\DRMKAUD\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\DRMKAUD.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EL90XBC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ERSVC\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\ERSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ERSVC\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\ANTIVIRUS\AVAST!\CategoryMessageFile=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\ANTIVIRUS\AVAST!\EventMessageFile=>C:\PROGRAM FILES\ALWIL SOFTWARE\AVAST4\ASWRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\ANTIVIRUS\File=>C:\WINDOWS\SYSTEM32\CONFIG\ANTIVIRUS.EVT OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\APPHELP\EventMessageFile=>C:\WINDOWS\SYSTEM32\APPHELP.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\APPLICATION\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\EVENTLOG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\APPLICATION HANG\EventMessageFile=>C:\WINDOWS\SYSTEM32\FAULTREP.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\APPLICATION MANAGEMENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\APPMGMTS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\APPLICATION MANAGEMENT\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\AUTOCHK\EventMessageFile=>C:\WINDOWS\SYSTEM32\WINLOGON.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\AUTOENROLLMENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\PAUTOENR.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CHKDSK\EventMessageFile=>C:\WINDOWS\SYSTEM32\ULIB.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CI\EventMessageFile=>C:\WINDOWS\SYSTEM32\QUERY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CI\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\QUERY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\COM\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\COM+\EventMessageFile=>C:\WINDOWS\SYSTEM32\COMRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\COM+\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\COMRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\COM+\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\COMRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\CRYPT32\EventMessageFile=>C:\WINDOWS\SYSTEM32\CRYPT32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\DISKQUOTA\EventMessageFile=>C:\WINDOWS\SYSTEM32\DSKQUOTA.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\DRWATSON\EventMessageFile=>C:\WINDOWS\SYSTEM32\DRWTSN32.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\EAPOL\EventMessageFile=>C:\WINDOWS\SYSTEM32\WzCSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ESENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\ESENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\ESENT\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\ESENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\EVENTSYSTEM\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\COMRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\EVENTSYSTEM\EventMessageFile=>C:\WINDOWS\SYSTEM32\COMRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\FILE DEPLOYMENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\FDEPLOY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\FILE DEPLOYMENT\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\FOLDER REDIRECTION\EventMessageFile=>C:\WINDOWS\SYSTEM32\FDEPLOY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\FOLDER REDIRECTION\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\HELPSVC\EventMessageFile=>C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\HCAPPRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\JAVA VM\EventMessageFile=>C:\WINDOWS\SYSTEM32\VMHELPER.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\LOADPERF\EventMessageFile=>C:\WINDOWS\SYSTEM32\LOADPERF.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MICROSOFT H.323 TELEPHONY SERVICE PROVIDER\EventMessageFile=>C:\WINDOWS\SYSTEM32\H323.TSP OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MNMSRVC\EventMessageFile=>C:\WINDOWS\SYSTEM32\NMEVTMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MSDTC\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\COMRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MSDTC CLIENT\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\COMRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MSIINSTALLER\EventMessageFile=>C:\WINDOWS\SYSTEM32\MSI.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\MSSQLSERVER/MSDE\EventMessageFile=>C:\WINDOWS\SYSTEM32\XPSP2RES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\NTBACKUP\EventMessageFile=>C:\WINDOWS\SYSTEM32\NTBACKUP.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\OAKLEY\EventMessageFile=>C:\WINDOWS\SYSTEM32\OAKLEY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\OFFLINE FILES\EventMessageFile=>C:\WINDOWS\SYSTEM32\CSCUI.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFCTRS\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFCTRS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFDISK\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFDISK.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFLIB\EventMessageFile=>C:\WINDOWS\SYSTEM32\PRFLBMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFMON\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFMON.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFNET\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFNET.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFOS\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFOS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\PERFPROC\EventMessageFile=>C:\WINDOWS\SYSTEM32\PERFPROC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\REMOTE ASSISTANCE\EventMessageFile=>C:\WINDOWS\SYSTEM32\XPSP2RES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SAFRDMS\EventMessageFile=>C:\WINDOWS\SYSTEM32\SAFRDM.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SAFRSLV\EventMessageFile=>C:\WINDOWS\SYSTEM32\SAFRSLV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SCECLI\EventMessageFile=>C:\WINDOWS\SYSTEM32\SCECLI.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SCESRV\EventMessageFile=>C:\WINDOWS\SYSTEM32\SCESRV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SCLGNTFY\EventMessageFile=>C:\WINDOWS\SYSTEM32\SCLGNTFY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SECURITYCENTER\EventMessageFile=>C:\WINDOWS\SYSTEM32\XPSP2RES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SOFTWARE INSTALLATION\EventMessageFile=>C:\WINDOWS\SYSTEM32\APPMGR.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SOFTWARE RESTRICTION POLICIES\EventMessageFile=>C:\WINDOWS\SYSTEM32\NTDLL.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SPOOLERCTRS\EventMessageFile=>C:\WINDOWS\SYSTEM32\WINSPOOL.DRV OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\SYSMONLOG\EventMessageFile=>C:\WINDOWS\SYSTEM32\SMLOGSVC.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\UPLOADM\EventMessageFile=>C:\WINDOWS\PCHEALTH\UPLOADLB\BINARIES\UPLOADM.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\USERINIT\EventMessageFile=>C:\WINDOWS\SYSTEM32\USERINIT.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\VBRUNTIME\EventMessageFile=>C:\WINDOWS\SYSTEM32\MSVBVM60.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\VSS\EventMessageFile=>C:\WINDOWS\SYSTEM32\VSSVC.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WEBCLIENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WINDOWS 3.1 MIGRATION\EventMessageFile=>C:\WINDOWS\SYSTEM32\ADVAPI32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WINDOWS PRODUCT ACTIVATION\EventMessageFile=>C:\WINDOWS\SYSTEM32\DPCDLL.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WINLOGON\EventMessageFile=>C:\WINDOWS\SYSTEM32\WINLOGON.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WMDMPMSN\EventMessageFile=>C:\WINDOWS\SYSTEM32\MSPMSNSV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WMIADAPTER\EventMessageFile=>C:\WINDOWS\SYSTEM32\WBEM\WMIAPRES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\WSH\EventMessageFile=>C:\WINDOWS\SYSTEM32\WSHEXT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\DisplayNameFile=>C:\WINDOWS\SYSTEM32\ELS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\File=>C:\WINDOWS\SYSTEM32\CONFIG\APPEVENT.EVT OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\APPLICATION\=>C:\WINDOWS\SYSTEM32\MNMSRVC.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\DS\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\LSA\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\NETDDE OBJECT\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SC MANAGER\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SECURITY\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\MSAUDITE.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SECURITY\GuidMessageFile=>C:\WINDOWS\SYSTEM32\NTMARTA.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SECURITY\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SECURITY ACCOUNT MANAGER\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\SPOOLER\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\MSOBJS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\DisplayNameFile=>C:\WINDOWS\SYSTEM32\ELS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SECURITY\File=>C:\WINDOWS\SYSTEM32\CONFIG\SECEVENT.EVT OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ABIOSDSK\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ABP480N5\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ADPU160M\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AHA154X\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AIC78U2\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AIC78XX\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ALERTER\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AMI0NT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\AMSINT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ASC\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ASC3350P\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ASC3550\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ASYNCMAC\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ATAPI\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ATDISK\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ATMARPC\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\BEEP\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\BITS\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\XPOB2RES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\BITS\EventMessageFile=>C:\WINDOWS\SYSTEM32\XPOB2RES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\BROWSER\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CBIDF2K\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CD20XRNT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CDAUDIO\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CDFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CDROM\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CHANGER\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CPQARRAY\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\CRYPTSVC\EventMessageFile=>C:\WINDOWS\SYSTEM32\CRYPTSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DAC2W2K\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DAC960NT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DCOM\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DFSDRIVER\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DFSSVC\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DHCP\EventMessageFile=>C:\WINDOWS\SYSTEM32\DHCPCSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DHCP\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DISK\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DISTRIBUTED LINK TRACKING CLIENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DMBOOT\EventMessageFile=>C:\WINDOWS\SYSTEM32\DRIVERS\DMBOOT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DNSAPI\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DNSAPI\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DNSCACHE\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DPTI2O\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\EFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\LSASRV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\EL90XBC\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\EVENTLOG\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\FASTFAT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\FBXUSB\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\FIPS\EventMessageFile=>C:\WINDOWS\SYSTEM32\DRIVERS\FIPS.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\FS_REC\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\GESTIONNAIRE DE SESSION D'AIDE SUR LE BUREAU à DISTANCE\EventMessageFile=>C:\WINDOWS\SYSTEM32\SESSMGR.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\HPN\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\HTTP\EventMessageFile=>C:\WINDOWS\SYSTEM32\XPSP2RES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\I2OMGMT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\I2OMP\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\INI910U\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\INTERNET EXPLORER 6\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPMGM\EventMessageFile=>C:\WINDOWS\SYSTEM32\RTM.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPNATHLP\EventMessageFile=>C:\WINDOWS\SYSTEM32\IPNATHLP.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPROUTERMANAGER\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPSEC\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPXCP\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPXRIP\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPXROUTERMANAGER\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\IPXSAP\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\LDM\EventMessageFile=>C:\WINDOWS\SYSTEM32\DMADMIN.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\LDMS\EventMessageFile=>C:\WINDOWS\SYSTEM32\DMSERVER.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\LMHOSTS\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\LSASRV\EventMessageFile=>C:\WINDOWS\SYSTEM32\LSASRV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\LSASRV\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\LSASRV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MRAID35X\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MRXDAV\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MRXSMB\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MSADLIB\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MSFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\MUP\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NDIS\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NDISWAN\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NETBIOS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NETBT\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NETDDE\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETDDE.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NETLOGON\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NETLOGON\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NLA\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NPFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NTFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NTSERVICEPACK\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\NULL\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\OUTLOOK EXPRESS 6\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\PARTMGR\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\PCMCIA\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\PERC2\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\PLUGPLAYMANAGER\EventMessageFile=>C:\WINDOWS\SYSTEM32\UMPNPMGR.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\PPTPMINIPORT\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\PSCHED\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\QL1080\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\QL10WNT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\QL12160\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\QL1240\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\QL1280\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\RASAUTO\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\RASMAN\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\RDBSS\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\REMOTEACCESS\EventMessageFile=>C:\WINDOWS\SYSTEM32\MPRMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\REMOTEACCESS\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\IASSVCS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\RSVP\EventMessageFile=>C:\WINDOWS\SYSTEM32\RSVPMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SAM\EventMessageFile=>C:\WINDOWS\SYSTEM32\SAMSRV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SAVE DUMP\EventMessageFile=>C:\WINDOWS\SYSTEM32\SAVEDUMP.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SCARDSVR\EventMessageFile=>C:\WINDOWS\SYSTEM32\SCARDSVR.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SCHANNEL\EventMessageFile=>C:\WINDOWS\SYSTEM32\LSASRV.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SCHEDULE\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SCHEDULE\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SCSIPORT\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SERVER\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SERVICE CONTROL MANAGER\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SERVICE CONTROL MANAGER\ParameterMessageFile=>C:\WINDOWS\SYSTEM32\KERNEL32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SERVICE DE STOCKAGE AMOVIBLE\EventMessageFile=>C:\WINDOWS\SYSTEM32\NTMSEVT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SETUP\EventMessageFile=>C:\WINDOWS\SYSTEM32\SYSSETUP.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SFLOPPY\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SIDEBYSIDE\EventMessageFile=>C:\WINDOWS\SYSTEM32\SXS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SIMBAD\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SNDBLST\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SOFTWARE RESTRICTION POLICY\EventMessageFile=>C:\WINDOWS\SYSTEM32\NTDLL.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SPARROW\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SPTD\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SRSERVICE\EventMessageFile=>C:\WINDOWS\SYSTEM32\SRSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SRV\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETEVENT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\STILLIMAGE\EventMessageFile=>C:\WINDOWS\SYSTEM32\WIASERVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SYMC810\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SYMC8XX\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SYM_HI\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SYM_U3\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SYSTEM\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\EVENTLOG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\SYSTEM ERROR\EventMessageFile=>C:\WINDOWS\SYSTEM32\FAULTREP.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\TCPMON\EventMessageFile=>C:\WINDOWS\SYSTEM32\TCPMON.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\TDI\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\TERMDD\EventMessageFile=>C:\WINDOWS\SYSTEM32\NTDLL.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\TERMSERVDEVICES\EventMessageFile=>C:\WINDOWS\SYSTEM32\WLNOTIFY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\UDFS\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\ULTRA\EventMessageFile=>C:\WINDOWS\SYSTEM32\IOLOGMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\UPS\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\USER32\EventMessageFile=>C:\WINDOWS\SYSTEM32\USER32.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\W32TIME\EventMessageFile=>C:\WINDOWS\SYSTEM32\W32TIME.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WGANOTIFY\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WIN32K\EventMessageFile=>C:\WINDOWS\SYSTEM32\WIN32K.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWS FILE PROTECTION\EventMessageFile=>C:\WINDOWS\SYSTEM32\SFC_OS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWS INSTALLER 3.1\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWS SCRIPT HOST\EventMessageFile=>C:\WINDOWS\SYSTEM32\WSHEXT.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWS UPDATE AGENT\EventMessageFile=>C:\WINDOWS\SYSTEM32\WUAUCPL.CPL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWS UPDATE AGENT\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\WUAUCPL.CPL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WINDOWSMEDIA\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WMPNETWORKSVC\EventMessageFile=>C:\PROGRAM FILES\WINDOWS MEDIA PLAYER\WMPNETWK.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WORKSTATION\EventMessageFile=>C:\WINDOWS\SYSTEM32\NETMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WPDCLASSINSTALLER\EventMessageFile=>C:\WINDOWS\SYSTEM32\WPD_CI.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WPDCLASSINSTALLER\CategoryMessageFile=>C:\WINDOWS\SYSTEM32\WPD_CI.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WUDF01000\EventMessageFile=>C:\WINDOWS\SYSTEM32\SPMSG.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\WZCSVC\EventMessageFile=>C:\WINDOWS\SYSTEM32\WzCSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\DisplayNameFile=>C:\WINDOWS\SYSTEM32\ELS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\SYSTEM\File=>C:\WINDOWS\SYSTEM32\CONFIG\SYSEVENT.EVT OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTLOG\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTSYSTEM\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\ES.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\EVENTSYSTEM\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FALLBACK\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FALLBACK.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FASTUSERSWITCHINGCOMPATIBILITY\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\SHSVCS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FASTUSERSWITCHINGCOMPATIBILITY\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FBXUSB\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FBXUSB32.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FDC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FDC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FLTMGR\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FLTMGR.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FSKS\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FSKSNT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\FTDISK\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\FTDISK.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\GPC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MSGPC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HELPSVC\PARAMETERS\ServiceDll=>C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\PCHSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HELPSVC\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HIDSERV\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HIDUSB\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\HIDUSB.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HPZID412\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\HPZID412.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HPZIPR12\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\HPZIPR12.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HPZIPR12\DisplayName=>C:\WINDOWS\SYSTEM32\PRINT.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HPZIUS12\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\HPZIUS12.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HTTP\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\HTTP.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HTTPFILTER\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\W3SSL.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\HTTPFILTER\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\I8042PRT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\I8042PRT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ICH\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ICH.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IMAPI\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IMAPI.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IMAPISERVICE\ImagePath=>C:\WINDOWS\SYSTEM32\IMAPI.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\INTELIDE\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\INTELIDE.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IP6FW\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IP6FW.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPFILTERDRIVER\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IPFLTDRV.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPINIP\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IPINIP.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPNAT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IPNAT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IPSEC\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IPSEC.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\IRENUM\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\IRENUM.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ISAPISEARCH\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\QUERY.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\ISAPNP\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\ISAPNP.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\K56\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\K56NT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\K56\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\K56NT.SYS=>(Rapid o) OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KBDCLASS\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\KBDCLASS.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\KMIXER\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\KMIXER.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANSERVER\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\SRVSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANSERVER\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANWORKSTATION\NETWORKPROVIDER\ProviderPath=>C:\WINDOWS\SYSTEM32\NTLANMAN.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANWORKSTATION\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\WKSSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LANMANWORKSTATION\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LIVESRV\ImagePath=>C:\PROGRAM FILES\FICHIERS COMMUNS\SOFTWIN\BITDEFENDER UPDATE SERVICE\LIVESRV.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LMHOSTS\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\LMHSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\LMHOSTS\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MDC8021X\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MDC8021X.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MESSENGER\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\MSGSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MESSENGER\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MNMSRVC\ImagePath=>C:\WINDOWS\SYSTEM32\MNMSRVC.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUCLASS\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MOUCLASS.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MOUHID\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MOUHID.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MRXDAV\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MRXDAV.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MRXSMB\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MRXSMB.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSDTC\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\MSDTCUIU.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSDTC\ImagePath=>C:\WINDOWS\SYSTEM32\MSDTC.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSISERVER\ImagePath=>C:\WINDOWS\SYSTEM32\MSIEXEC.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSKSSRV\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MSKSSRV.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSPCLOCK\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MSPCLOCK.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSPQM\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MSPQM.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\MSSMBIOS\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\MSSMBIOS.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDISTAPI\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NDISTAPI.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDISUIO\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NDISUIO.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NDISWAN\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NDISWAN.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBIOS\PARAMETERS\WINSOCK\HelperDllName=>C:\WINDOWS\SYSTEM32\WSHNETBS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBIOS\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NETBIOS.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETBT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NETBT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETDDE\ImagePath=>C:\WINDOWS\SYSTEM32\NETDDE.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETDDEDSDM\ImagePath=>C:\WINDOWS\SYSTEM32\NETDDE.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETLOGON\ImagePath=>C:\WINDOWS\SYSTEM32\LSASS.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETMAN\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\NETMAN.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NETMAN\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NLA\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\MSWSOCK.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NLA\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NTLMSSP\ImagePath=>C:\WINDOWS\SYSTEM32\LSASS.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NTMSSVC\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\NTMSSVC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NTMSSVC\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NV\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NV4_MINI.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NVSVC\ImagePath=>C:\WINDOWS\SYSTEM32\NVSVC32.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWLNKFLT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFLT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\NWLNKFWD\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\NWLNKFWD.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\P3\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\P3.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PARPORT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\PARPORT.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCI\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\PCI.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PCMCIA\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\PCMCIA.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PERFDISK\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\PERFDISK.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PERFNET\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\PERFNET.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PERFOS\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\PERFOS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PERFPROC\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\PERFPROC.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PLUGPLAY\ImagePath=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PML DRIVER HPZ12\ImagePath=>C:\WINDOWS\SYSTEM32\HPZIPM12.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\POLICYAGENT\ImagePath=>C:\WINDOWS\SYSTEM32\LSASS.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\POLICYAGENT\DisplayName=>C:\WINDOWS\SYSTEM32\SERVICES.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PPTPMINIPORT\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\RASPPTP.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PROTECTEDSTORAGE\ImagePath=>C:\WINDOWS\SYSTEM32\LSASS.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PSCHED\PERFORMANCE\Library=>C:\WINDOWS\SYSTEM32\PSCHDPRF.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PSCHED\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\PSCHED.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\PTILINK\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASACD\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\RASACD.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASAUTO\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\RASAUTO.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASAUTO\ImagePath=>C:\WINDOWS\SYSTEM32\SVCHOST.EXE OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASL2TP\ImagePath=>C:\WINDOWS\SYSTEM32\DRIVERS\RASL2TP.SYS OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PARAMETERS\ServiceDll=>C:\WINDOWS\SYSTEM32\RASMANS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\CONTROLPROTOCOLS\BUILTIN\Path=>C:\WINDOWS\SYSTEM32\RASPPP.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\CONTROLPROTOCOLS\CHAP\Path=>C:\WINDOWS\SYSTEM32\RASCHAP.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\13\Path=>C:\WINDOWS\SYSTEM32\RASTLS.DLL OK
<System>=>HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\RASMAN\PPP\EAP\13\ConfigUiPath=>
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
ok,
reposte un nouveau rapport hijackthis maintenant stp
reposte un nouveau rapport hijackthis maintenant stp
VOILA
Logfile of HijackThis v1.99.1
Scan saved at 00:15:31, on 01/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\KeyGen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\keygen.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\KeyGen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\KeyGen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\KeyGen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\KeyGen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\KeyGen.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\keygen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\keygen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\keygen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\keygen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\keygen.exe
C:\Program Files\QuickZip4\QuickZip.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EDBA988-607A-497A-A8B6-E3DFE494AB10}: NameServer = 212.27.32.176,212.27.32.177
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
Logfile of HijackThis v1.99.1
Scan saved at 00:15:31, on 01/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\KeyGen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\keygen.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Softwin\BitDefender9\bdnagent.exe
C:\Program Files\Softwin\BitDefender9\bdswitch.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\KeyGen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\KeyGen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\KeyGen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\KeyGen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\KeyGen.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\keygen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\keygen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\keygen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\keygen.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\keygen.exe
C:\Program Files\QuickZip4\QuickZip.exe
C:\DOCUME~1\Flo\LOCALS~1\Temp\QZTEMP\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EDBA988-607A-497A-A8B6-E3DFE494AB10}: NameServer = 212.27.32.176,212.27.32.177
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
et tu ne l'as pas mis sur ton pc ?
* Télécharge CCleaner.
https://www.pcastuces.com/logitheque/ccleaner.htm
Installe le dans un répertoire dédié.
Décoche pendant l'installation
--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour
--- Ajouter la Barre d'Outils Yahoo! CCleaner
* Lance Ccleaner pour un nettoyage complet.
------
* télécharge AVG Anti-Spyware (ewido)
https://www.avg.com/en-ww/free-antivirus-download
* tu l'installes
* lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente
puis
redémarre en mode sans échec
http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924
Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
puis fait dans l'ordre stp. Tu sauvegardes le rapport APRES avoir mis les actions.
Puis sur l'onglet Paramètres,
sous : "Comment réagir "clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option 3
"Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport".
Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
redémarre normalement et
Poste le.
ainsi qu'un nouveau rapport hijackthis stp
* Télécharge CCleaner.
https://www.pcastuces.com/logitheque/ccleaner.htm
Installe le dans un répertoire dédié.
Décoche pendant l'installation
--- les deux cases "Ajouter l'option ... "
--- Contrôler les mises à jour
--- Ajouter la Barre d'Outils Yahoo! CCleaner
* Lance Ccleaner pour un nettoyage complet.
------
* télécharge AVG Anti-Spyware (ewido)
https://www.avg.com/en-ww/free-antivirus-download
* tu l'installes
* lance AVG Anti-Spyware et clique sur le bouton Mise à jour. Patiente
puis
redémarre en mode sans échec
http://service1.symantec.com/support/inter/tsgeninfointl.nsf/fr_docid/20020905112131924
Lance AVG Anti-Spyware
Clique sur le bouton Analyse (de la barre d'outils)
puis fait dans l'ordre stp. Tu sauvegardes le rapport APRES avoir mis les actions.
Puis sur l'onglet Paramètres,
sous : "Comment réagir "clique sur Actions recommandées. Sélectionne Quarantaine.
Reviens à l'onglet Analyse. Clique sur Analyse complète du système.
A la fin du scan, choisis l'option 3
"Appliquer toutes les actions " en bas.
Clique sur "Enregistrer le rapport".
Ceci génère un rapport en fichier texte qui se trouve dans le dossier Reports du dossier d'AVG Anti-Spyware.
redémarre normalement et
Poste le.
ainsi qu'un nouveau rapport hijackthis stp
ok j'ai tout fait.
voici le rapport AVG, puis le hujackthis
merci
dans l'attente
flodrum
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 10:28:12 01/04/2007
+ Résultat de l'analyse:
C:\Program Files\InternetGameBox\uninst.exe -> Adware.NaviPromo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Toolbar888 -> Adware.ToolBar888 : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\10exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\19exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\32exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\40exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\41exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\45exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\49exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\72exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\80exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc341.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc345.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc363.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc387.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc395.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc400.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc423.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc425.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc436.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc440.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc454.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc461.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc463.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc476.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc482.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc495.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc501.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc504.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc508.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc512.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc518.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc527.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc537.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc542.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc555.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc570.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc585.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc600.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc603.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc605.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc611.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Mes documents\Install\RegFreeze[1].v5.3.WinALL-CHiCNCREAM.ZIP/RegFreeze.v5.3.WinALL-CHiCNCREAM/eng-patch.exe -> Logger.Agent.nbq : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Mes documents\Install\dafraf3a.zip/fr-patch.exe -> Logger.Agent.nbq : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP288\A0087502.exe -> Logger.Agent.nbq : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc445.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc449.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc455.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc465.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc467.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc472.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc484.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc489.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc505.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc510.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc515.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc519.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc524.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc534.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc539.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc544.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc552.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc567.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc571.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc575.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc577.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc579.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc583.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc607.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc612.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc623.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc626.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc752.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093190.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093191.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093192.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093193.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093194.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093195.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093196.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093197.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093198.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093199.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093200.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093201.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093202.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093203.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093204.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093205.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093206.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093207.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093208.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\13exgmail50g1.0.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\24exgmail50g1.0.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\4exgmail50g1.0.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\6exgmail50g1.0.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\7exgmail50g1.0.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\85exgmail50g1.0.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\95exgmail50g1.0.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\97exgmail50g1.0.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc336.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc337.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc343.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc344.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc346.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc347.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc352.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc353.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc355.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc356.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc359.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc362.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc365.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc366.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc370.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc371.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc375.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc376.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc381.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc385.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc391.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc392.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc393.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc394.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc399.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc404.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc405.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc408.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc411.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc412.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc416.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc418.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc428.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc430.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc434.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc438.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc439.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc451.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc452.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc457.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc458.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc468.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc471.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc474.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc477.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc479.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc481.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc483.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc486.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc487.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc491.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc492.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc494.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc498.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc503.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc507.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc511.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc517.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc522.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc526.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc530.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc531.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc536.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc541.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc547.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc548.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc549.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc554.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc558.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc559.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc562.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc563.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc566.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc569.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc573.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc574.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc578.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc580.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc582.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc584.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc593.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc594.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc597.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc598.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc599.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc601.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc602.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc606.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc608.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc609.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc615.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc617.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc620.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc622.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc627.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc753.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc755.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc757.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc760.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Bureau\virus\sdfix\SDFix\backups\backups.zip/backups/setup.exe -> Proxy.Horst.wx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP307\A0093231.exe -> Proxy.Horst.wx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP307\A0093249.exe -> Proxy.Horst.wx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP308\A0093265.exe -> Proxy.Horst.wx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP308\A0093356.exe -> Proxy.Horst.wx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP309\A0093493.exe -> Proxy.Horst.wx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP309\A0093599.exe -> Proxy.Horst.wx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP311\A0093764.exe -> Proxy.Horst.wx : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc714.exe -> Proxy.Horst.wz : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP304\A0093085.exe -> Proxy.Horst.wz : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP305\A0093129.exe -> Proxy.Horst.wz : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP305\A0093145.exe -> Proxy.Horst.wz : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP305\A0093160.exe -> Proxy.Horst.wz : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093188.exe -> Proxy.Horst.wz : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc340.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc364.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc374.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc407.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc442.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc456.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc460.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc499.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc506.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc521.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc523.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc561.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc756.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc758.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Rmxvcmlhbg\lAUSwA51v0.vbs -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\winttr.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
Logfile of HijackThis v1.99.1
Scan saved at 11:10:44, on 01/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Flo\Bureau\virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EDBA988-607A-497A-A8B6-E3DFE494AB10}: NameServer = 212.27.32.176,212.27.32.177
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
voici le rapport AVG, puis le hujackthis
merci
dans l'attente
flodrum
---------------------------------------------------------
AVG Anti-Spyware - Rapport d'analyse
---------------------------------------------------------
+ Créé à: 10:28:12 01/04/2007
+ Résultat de l'analyse:
C:\Program Files\InternetGameBox\uninst.exe -> Adware.NaviPromo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\DAEMON Tools\SetupDTSB.exe -> Adware.SaveNow : Nettoyé et sauvegardé (mise en quarantaine).
C:\Program Files\Toolbar888 -> Adware.ToolBar888 : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\10exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\19exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\32exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\40exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\41exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\45exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\49exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\72exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\80exgmail50p.0.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc341.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc345.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc363.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc387.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc395.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc400.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc423.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc425.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc436.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc440.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc454.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc461.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc463.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc476.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc482.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc495.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc501.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc504.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc508.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc512.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc518.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc527.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc537.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc542.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc555.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc570.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc585.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc600.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc603.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc605.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc611.exe -> Backdoor.Medbot.ho : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Mes documents\Install\RegFreeze[1].v5.3.WinALL-CHiCNCREAM.ZIP/RegFreeze.v5.3.WinALL-CHiCNCREAM/eng-patch.exe -> Logger.Agent.nbq : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Mes documents\Install\dafraf3a.zip/fr-patch.exe -> Logger.Agent.nbq : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP288\A0087502.exe -> Logger.Agent.nbq : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\CONFLICT.1\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Downloaded Program Files\USDR6V_0001_D18M3107NetInstaller.exe -> Not-A-Virus.Downloader.Win32.WinFixer.l : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc445.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc449.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc455.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc465.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc467.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc472.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc484.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc489.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc505.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc510.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc515.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc519.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc524.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc534.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc539.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc544.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc552.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc567.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc571.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc575.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc577.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc579.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc583.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc607.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc612.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc623.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc626.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc752.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093190.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093191.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093192.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093193.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093194.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093195.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093196.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093197.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093198.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093199.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093200.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093201.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093202.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093203.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093204.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093205.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093206.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093207.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093208.exe -> Proxy.Horst.pu : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\13exgmail50g1.0.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\24exgmail50g1.0.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\4exgmail50g1.0.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\6exgmail50g1.0.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\7exgmail50g1.0.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\85exgmail50g1.0.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\95exgmail50g1.0.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Local Settings\Temp\97exgmail50g1.0.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc336.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc337.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc343.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc344.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc346.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc347.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc352.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc353.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc355.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc356.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc359.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc362.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc365.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc366.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc370.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc371.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc375.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc376.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc381.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc385.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc391.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc392.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc393.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc394.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc399.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc404.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc405.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc408.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc411.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc412.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc416.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc418.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc428.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc430.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc434.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc438.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc439.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc451.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc452.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc457.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc458.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc468.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc471.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc474.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc477.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc479.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc481.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc483.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc486.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc487.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc491.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc492.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc494.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc498.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc503.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc507.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc511.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc517.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc522.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc526.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc530.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc531.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc536.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc541.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc547.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc548.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc549.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc554.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc558.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc559.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc562.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc563.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc566.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc569.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc573.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc574.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc578.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc580.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc582.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc584.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc593.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc594.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc597.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc598.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc599.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc601.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc602.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc606.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc608.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc609.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc615.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc617.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc620.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc622.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc627.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc753.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc755.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc757.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc760.exe -> Proxy.Horst.wo : Nettoyé et sauvegardé (mise en quarantaine).
C:\Documents and Settings\Flo\Bureau\virus\sdfix\SDFix\backups\backups.zip/backups/setup.exe -> Proxy.Horst.wx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP307\A0093231.exe -> Proxy.Horst.wx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP307\A0093249.exe -> Proxy.Horst.wx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP308\A0093265.exe -> Proxy.Horst.wx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP308\A0093356.exe -> Proxy.Horst.wx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP309\A0093493.exe -> Proxy.Horst.wx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP309\A0093599.exe -> Proxy.Horst.wx : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP311\A0093764.exe -> Proxy.Horst.wx : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc714.exe -> Proxy.Horst.wz : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP304\A0093085.exe -> Proxy.Horst.wz : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP305\A0093129.exe -> Proxy.Horst.wz : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP305\A0093145.exe -> Proxy.Horst.wz : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP305\A0093160.exe -> Proxy.Horst.wz : Nettoyé et sauvegardé (mise en quarantaine).
C:\System Volume Information\_restore{C5756FFC-9BE6-4F4D-97EA-9BAF5DED9B3D}\RP306\A0093188.exe -> Proxy.Horst.wz : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc340.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc364.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc374.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc407.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc442.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc456.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc460.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc499.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc506.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc521.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc523.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc561.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc756.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc758.exe -> Trojan.Horst : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\Rmxvcmlhbg\lAUSwA51v0.vbs -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
C:\WINDOWS\system32\winttr.exe -> Trojan.Small : Nettoyé et sauvegardé (mise en quarantaine).
Fin du rapport
Logfile of HijackThis v1.99.1
Scan saved at 11:10:44, on 01/04/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe
C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Softwin\BitDefender9\vsserv.exe
C:\Program Files\Softwin\BitDefender9\bdmcon.exe
C:\Program Files\Softwin\BitDefender9\bdoesrv.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdnagent.exe
C:\PROGRA~1\Softwin\BITDEF~1\bdswitch.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\TClock\TClock.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\Documents and Settings\Flo\Bureau\virus\HijackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [BDMCon] "C:\Program Files\Softwin\BitDefender9\bdmcon.exe"
O4 - HKLM\..\Run: [BDOESRV] "C:\Program Files\Softwin\BitDefender9\bdoesrv.exe"
O4 - HKLM\..\Run: [BDNewsAgent] "C:\Program Files\Softwin\BitDefender9\bdnagent.exe"
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\Program Files\Softwin\BitDefender9\bdswitch.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [TClock.exe] C:\Program Files\TClock\tclock_install.exe
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - %windir%\bdoscandel.exe (file missing)
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EDBA988-607A-497A-A8B6-E3DFE494AB10}: NameServer = 212.27.32.176,212.27.32.177
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BitDefender Scan Server (bdss) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Scan Server\bdss.exe" /service (file missing)
O23 - Service: Boonty Games - BOONTY - C:\Program Files\Fichiers communs\BOONTY Shared\Service\Boonty.exe
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: BitDefender Desktop Update Service (LIVESRV) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Update Service\livesrv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: BitDefender Virus Shield (VSSERV) - Unknown owner - C:\Program Files\Softwin\BitDefender9\vsserv.exe" /service (file missing)
O23 - Service: BitDefender Communicator (XCOMM) - Unknown owner - C:\Program Files\Fichiers communs\Softwin\BitDefender Communicator\xcommsvr.exe" /service (file missing)
bonsoir,
on pourrait peut être regarder qq chose
* Télécharge Blacklight
https://europe.f-secure.com/exclude/blacklight/index.shtml
(de F-Secure)
(le premier de la page)
Enregistre le sur ton Bureau.
Double-clique blbeta.exe
Clique sur "I ACCEPT" .
clique Scan puis Next<*gras>
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
sur ton Bureau, nommé <gras>fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse.
NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport,
car des fichiers légitimes peuvent être présents, tel wbemtest.exe
on pourrait peut être regarder qq chose
* Télécharge Blacklight
https://europe.f-secure.com/exclude/blacklight/index.shtml
(de F-Secure)
(le premier de la page)
Enregistre le sur ton Bureau.
Double-clique blbeta.exe
Clique sur "I ACCEPT" .
clique Scan puis Next<*gras>
Tu verras une liste de fichiers détectés apparaître. Tu verras également un rapport,
sur ton Bureau, nommé <gras>fsbl.xxxxxxx.log (les xxxxxxx sont des chiffres).
Copie et colle le contenu de ce rapport dans ta prochaine réponse.
NE PAS choisir l'option "Rename" de suite : nous devons analyser le rapport,
car des fichiers légitimes peuvent être présents, tel wbemtest.exe
suite à ta demande ci-dessous le contenu du fichier Report.txt, puis en dessous le nouveau log Hijackthis .
Dans l'attente de te lire
Flodrum
----------------------
SDFix: Version 1.75
Run by Flo - 31/03/2007 - 0:22:48,10
Microsoft Windows XP [version 5.1.2600]
Running From: C:\Documents and Settings\Flo\Bureau\sdfix\SDFix
Safe Mode:
Checking Services:
Name:
DirectQybb
ImagePath:
C:\WINDOWS\system32\directx.exe
DirectQybb Deleted
Restoring Windows Registry Entries
Restoring Default Hosts File
Rebooting...
Normal Mode:
Checking Files:
Below files will be copied to Backups folder then removed:
C:\DOCUME~1\Flo\LOCALS~1\Temp\autorun.inf - Deleted
C:\DOCUME~1\Flo\LOCALS~1\Temp\setup.exe - Deleted
C:\WINDOWS\system\smss.exe - Deleted
C:\WINDOWS\system32\directx.exe - Deleted
C:\WINDOWS\system32\system32.exe - Deleted
ADS Check:
C:\WINDOWS\system32
No streams found.
Final Check:
Remaining Services:
------------------
Authorized Application Key Export:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\eMule\\emule.exe"="C:\\Program Files\\eMule\\emule.exe:*:Enabled:eMule"
"C:\\Program Files\\PeerTV\\PeerCast.exe"="C:\\Program Files\\PeerTV\\PeerCast.exe:*:Enabled:PeerCast"
"C:\\Program Files\\VideoLAN\\VLC\\vlc.exe"="C:\\Program Files\\VideoLAN\\VLC\\vlc.exe:*:Enabled:VLC media player"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\WINDOWS\\system32\\svchost.exe"="C:\\WINDOWS\\system32\\svchost.exe:*:Enabled:Microsoft Update"
"C:\\WINDOWS\\mui\\explorer.exe"="C:\\WINDOWS\\mui\\explorer.exe:*:Enabled:Explorer"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\WINDOWS\\mui\\explorer.exe"="C:\\WINDOWS\\mui\\explorer.exe:*:Enabled:Explorer"
Remaining Files:
---------------
Backups Folder: - C:\DOCUME~1\Flo\Bureau\sdfix\SDFix\backups\backups.zip
Checking For Files with Hidden Attributes :
C:\WINDOWS\system32\wodfamoh.dll
C:\WINDOWS\system32\wxmmin.dll
C:\Documents and Settings\All Users\DRM\Cache\Indiv01.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\FOR11.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\FOR12.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\FOR13.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\FOR14.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\FOR15.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\FOR16.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\FOR17.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\FOR18.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\FOR19.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\FOR1A.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\FOR1B.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\FOR1C.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\ZTR10.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\ZTR11.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\ZTR12.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\ZTR13.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\ZTR14.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\ZTR15.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\ZTR16.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\ZTR17.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\ZTR18.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\ZTR19.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\ZTR1A.tmp
C:\Documents and Settings\Flo\Local Settings\Temp\ZTR1B.tmp
C:\Documents and Settings\Flo\Mes documents\H‚lŠne\~WRL0001.tmp
C:\Program Files\Microsoft Office\Office\Gestionnaire Office\Off3.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc662.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc663.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc664.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc665.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc666.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc667.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc668.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc669.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc670.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc671.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc672.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc673.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc674.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc738.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc739.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc740.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc741.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc742.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc743.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc744.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc745.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc746.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc747.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc748.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc749.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc750.tmp
C:\RECYCLER\S-1-5-21-2052111302-492894223-1060284298-1003\Dc764.tmp
C:\WINDOWS\system32\vxabc.tmp
Finished
--------------------------------------------
Logfile of HijackThis v1.99.1
Scan saved at 00:46:23, on 31/03/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\System32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\notepad.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Microsoft Office\Office\OSA.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe
C:\Program Files\Hewlett-Packard\Digital Imaging\bin\hpoevm08.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Hewlett-Packard\Digital Imaging\Bin\hpoSTS08.exe
C:\Documents and Settings\Flo\Bureau\virus\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.google.fr/?gws_rd=ssl
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = about:blank
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: (no name) - {215EBF16-0EF7-732D-F4ED-05D58C75BBEF} - C:\WINDOWS\system32\qcqcyl.dll (file missing)
R3 - URLSearchHook: (no name) - {A89B22E0-CA5E-9CFB-7871-CA891B28609C} - C:\WINDOWS\system32\mgsiomta.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {215EBF16-0EF7-732D-F4ED-05D58C75BBEF} - C:\WINDOWS\system32\qcqcyl.dll (file missing)
O2 - BHO: (no name) - {A89B22E0-CA5E-9CFB-7871-CA891B28609C} - C:\WINDOWS\system32\mgsiomta.dll (file missing)
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\System32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [nxla2d40] RUNDLL32.EXE w01ce32a.dll,n 001a2d3f0000000a01ce32a
O4 - HKLM\..\Run: [nwiz] nwiz.exe /installquiet
O4 - HKLM\..\Run: [virus] C:\WINDOWS\system32\virus1.exe
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O4 - HKCU\..\Run: [Rwtt] "C:\PROGRA~1\CROSOF~1\tracert.exe" -vt yazr
O4 - Global Startup: Démarrage d'Office.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE
O4 - Global Startup: hp psc 1000 series.lnk = ?
O4 - Global Startup: hpoddt01.exe.lnk = ?
O4 - Global Startup: Microsoft Recherche accélérée.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE
O9 - Extra button: (no name) - {12345678-1234-1234-1234-1234567890AB} - (no file)
O16 - DPF: {09C21411-B9A2-4DE6-8416-4E3B58577BE0} (France Telecom MDM ActiveX Control) - http://minitelweb.minitel.com/imin_data/ocx/MDM.cab
O16 - DPF: {09F1ADAC-76D8-4D0F-99A5-5C907DADB988} - http://fr.systemdoctor.com/download/2006/cab/SystemDoctor2006FreeInstall_fr.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O17 - HKLM\System\CCS\Services\Tcpip\..\{8EDBA988-607A-497A-A8B6-E3DFE494AB10}: NameServer = 212.27.32.176,212.27.32.177
O20 - Winlogon Notify: policies - C:\WINDOWS\system32\j8l40i3qe8.dll (file missing)
O20 - Winlogon Notify: Telephony - C:\WINDOWS\system32\guard.tmp (file missing)
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winjrs32 - winjrs32.dll (file missing)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe