Je n'arrive pas à suppromer tr/bho.czo
christian Nt
-
Christian Nt -
Christian Nt -
Bonjour,
J'ai un énorme problème. Cela a commencé il y a environ deux semaines. Mon PC en s'allumant m'a affiché un message d'erreur ERREUR RPC je sais pas quoi ARRET SYSTEM VOTRE ORDINATEUR VA ETRE REDEMARRER bla bla avec un décompte de 60 secondes. En plus de cela certains de mes programmes à chaque lancement soit ne se lance plus, soit se retrouve modifier tel que Mozilla firefox ou internet explorer. Je ne sais plus quoi faire. J'ai beau utiliser SPYBOT, ANTIVIR, A-SQUARRED rien à faire alors qu'ils détectent tous des problèmes et les suppriment. Le message d'erreur apparait toujours dès que je lance l'internet et les autres problèmes tel que la modification de mes fichiers suit. En scannant avec ANTIVIR je trouve toujours le même virus que je retue toujours à chaque redémarrage de PC tr/bho.czo!!!!! Aidez-moi s'il vous plait, comment faire pour récupérer un PC saint!
J'ai un énorme problème. Cela a commencé il y a environ deux semaines. Mon PC en s'allumant m'a affiché un message d'erreur ERREUR RPC je sais pas quoi ARRET SYSTEM VOTRE ORDINATEUR VA ETRE REDEMARRER bla bla avec un décompte de 60 secondes. En plus de cela certains de mes programmes à chaque lancement soit ne se lance plus, soit se retrouve modifier tel que Mozilla firefox ou internet explorer. Je ne sais plus quoi faire. J'ai beau utiliser SPYBOT, ANTIVIR, A-SQUARRED rien à faire alors qu'ils détectent tous des problèmes et les suppriment. Le message d'erreur apparait toujours dès que je lance l'internet et les autres problèmes tel que la modification de mes fichiers suit. En scannant avec ANTIVIR je trouve toujours le même virus que je retue toujours à chaque redémarrage de PC tr/bho.czo!!!!! Aidez-moi s'il vous plait, comment faire pour récupérer un PC saint!
A voir également:
- Je n'arrive pas à suppromer tr/bho.czo
- Sennheiser tr 120 mode d'emploi - Forum TV & Vidéo
- Sennheiser tr 4200 problème - Forum TV & Vidéo
- Tr signification ✓ - Forum Loisirs / Divertissements
- Sennheiser RS 120 II - Forum Casque et écouteurs
- Wap tr - Télécharger - Divers TV & Vidéo
23 réponses
Salut,
On va regarder ça.
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
On va regarder ça.
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
Destrio5,
Étant donné que cette infection est récente (14/07/2008) vous pouvez probablement la supprimer (fichiers et valeur registre) à partir de ceci :
http://www.avira.com/fr/threats/section/fulldetails/id_vir/4237/tr_psw.onlin.aklo.2.html
Étant donné que cette infection est récente (14/07/2008) vous pouvez probablement la supprimer (fichiers et valeur registre) à partir de ceci :
http://www.avira.com/fr/threats/section/fulldetails/id_vir/4237/tr_psw.onlin.aklo.2.html
Destrio5,
Oups.. se serait plutôt avec le lien suivant : http://www.avira.com/fr/threats/section/fulldetails/id_vir/4260/tr_bho.czo.html
Oups.. se serait plutôt avec le lien suivant : http://www.avira.com/fr/threats/section/fulldetails/id_vir/4260/tr_bho.czo.html
Bonjour,
Voici le résultat de mon scan HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:24, on 11/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\lclock.exe
D:\PROGRA~1\MSNMES~1\msnmsgr.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Documents and Settings\Hedge\Torrent\bittorrent.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Ares\Ares.exe
D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\krys\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {E845745E-AB33-4446-852A-3633EE3B05E2} - D:\WINDOWS\system32\cmsetAC.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [JMB36X Configure] D:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD08] D:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "D:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\Documents and Settings\Hedge\Torrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [LClock] lclock.exe (User '?')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-1844823847-839522115-1003\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Télécharger avec FlashGet - D:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - D:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
Voici le résultat de mon scan HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:24, on 11/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\lclock.exe
D:\PROGRA~1\MSNMES~1\msnmsgr.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Documents and Settings\Hedge\Torrent\bittorrent.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Ares\Ares.exe
D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\krys\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {E845745E-AB33-4446-852A-3633EE3B05E2} - D:\WINDOWS\system32\cmsetAC.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [JMB36X Configure] D:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD08] D:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "D:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\Documents and Settings\Hedge\Torrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [LClock] lclock.exe (User '?')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-1844823847-839522115-1003\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Télécharger avec FlashGet - D:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - D:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
T'as deux antivirus, c'est pas bon.
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Voici le rapport que j'ai obtenu avec malwarebyte's:
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Executable location: D:\Program Files\Malwarebytes' Anti-Malware
Database location: D:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
Username: krys
Windows folder: D:\WINDOWS
System folder: D:\WINDOWS\system32
Root drive: D:
Program Files: D:\Program Files
Common Files: D:\Program Files\Fichiers communs
Desktop: D:\Documents and Settings\Administrateur\Bureau
Desktop: D:\Documents and Settings\All Users\Bureau
Desktop: D:\Documents and Settings\Dani\Bureau
Desktop: D:\Documents and Settings\Default User\Bureau
Desktop: D:\Documents and Settings\Eddy\Bureau
Desktop: D:\Documents and Settings\Hedge\Bureau
Desktop: D:\Documents and Settings\kevin\Bureau
Desktop: D:\Documents and Settings\krys\Bureau
Start Menu: D:\Documents and Settings\Administrateur\Menu Démarrer
Start Menu: D:\Documents and Settings\All Users\Menu Démarrer
Start Menu: D:\Documents and Settings\Dani\Menu Démarrer
Start Menu: D:\Documents and Settings\Default User\Menu Démarrer
Start Menu: D:\Documents and Settings\Eddy\Menu Démarrer
Start Menu: D:\Documents and Settings\Hedge\Menu Démarrer
Start Menu: D:\Documents and Settings\kevin\Menu Démarrer
Start Menu: D:\Documents and Settings\krys\Menu Démarrer
Start Menu: D:\Documents and Settings\All Users\Menu Démarrer
User Root: D:\Documents and Settings\Administrateur
User Root: D:\Documents and Settings\All Users
User Root: D:\Documents and Settings\Dani
User Root: D:\Documents and Settings\Default User
User Root: D:\Documents and Settings\Eddy
User Root: D:\Documents and Settings\Hedge
User Root: D:\Documents and Settings\kevin
User Root: D:\Documents and Settings\krys
User Root: D:\Documents and Settings\LocalService
User Root: D:\Documents and Settings\NetworkService
Favorite: D:\Documents and Settings\Administrateur\Favoris
Favorite: D:\Documents and Settings\All Users\Favoris
Favorite: D:\Documents and Settings\Dani\Favoris
Favorite: D:\Documents and Settings\Default User\Favoris
Favorite: D:\Documents and Settings\Eddy\Favoris
Favorite: D:\Documents and Settings\Hedge\Favoris
Favorite: D:\Documents and Settings\kevin\Favoris
Favorite: D:\Documents and Settings\krys\Favoris
Application Data: D:\Documents and Settings\Administrateur\Application Data
Application Data: D:\Documents and Settings\All Users\Application Data
Application Data: D:\Documents and Settings\Dani\Application Data
Application Data: D:\Documents and Settings\Default User\Application Data
Application Data: D:\Documents and Settings\Eddy\Application Data
Application Data: D:\Documents and Settings\Hedge\Application Data
Application Data: D:\Documents and Settings\kevin\Application Data
Application Data: D:\Documents and Settings\krys\Application Data
Application Data: D:\Documents and Settings\LocalService\Application Data
Application Data: D:\Documents and Settings\NetworkService\Application Data
Application Data: D:\Documents and Settings\All Users\Application Data
Quick Launch: D:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Dani\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Eddy\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Hedge\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\kevin\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\krys\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Quick Launch
Temporary Folder: D:\Documents and Settings\Administrateur\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Dani\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Default User\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Eddy\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Hedge\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\kevin\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\krys\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\LocalService\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\NetworkService\Local Settings\Temp
Temporary Folder: D:\WINDOWS\Temp
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Executable location: D:\Program Files\Malwarebytes' Anti-Malware
Database location: D:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
Username: krys
Windows folder: D:\WINDOWS
System folder: D:\WINDOWS\system32
Root drive: D:
Program Files: D:\Program Files
Common Files: D:\Program Files\Fichiers communs
Desktop: D:\Documents and Settings\Administrateur\Bureau
Desktop: D:\Documents and Settings\All Users\Bureau
Desktop: D:\Documents and Settings\Dani\Bureau
Desktop: D:\Documents and Settings\Default User\Bureau
Desktop: D:\Documents and Settings\Eddy\Bureau
Desktop: D:\Documents and Settings\Hedge\Bureau
Desktop: D:\Documents and Settings\kevin\Bureau
Desktop: D:\Documents and Settings\krys\Bureau
Start Menu: D:\Documents and Settings\Administrateur\Menu Démarrer
Start Menu: D:\Documents and Settings\All Users\Menu Démarrer
Start Menu: D:\Documents and Settings\Dani\Menu Démarrer
Start Menu: D:\Documents and Settings\Default User\Menu Démarrer
Start Menu: D:\Documents and Settings\Eddy\Menu Démarrer
Start Menu: D:\Documents and Settings\Hedge\Menu Démarrer
Start Menu: D:\Documents and Settings\kevin\Menu Démarrer
Start Menu: D:\Documents and Settings\krys\Menu Démarrer
Start Menu: D:\Documents and Settings\All Users\Menu Démarrer
User Root: D:\Documents and Settings\Administrateur
User Root: D:\Documents and Settings\All Users
User Root: D:\Documents and Settings\Dani
User Root: D:\Documents and Settings\Default User
User Root: D:\Documents and Settings\Eddy
User Root: D:\Documents and Settings\Hedge
User Root: D:\Documents and Settings\kevin
User Root: D:\Documents and Settings\krys
User Root: D:\Documents and Settings\LocalService
User Root: D:\Documents and Settings\NetworkService
Favorite: D:\Documents and Settings\Administrateur\Favoris
Favorite: D:\Documents and Settings\All Users\Favoris
Favorite: D:\Documents and Settings\Dani\Favoris
Favorite: D:\Documents and Settings\Default User\Favoris
Favorite: D:\Documents and Settings\Eddy\Favoris
Favorite: D:\Documents and Settings\Hedge\Favoris
Favorite: D:\Documents and Settings\kevin\Favoris
Favorite: D:\Documents and Settings\krys\Favoris
Application Data: D:\Documents and Settings\Administrateur\Application Data
Application Data: D:\Documents and Settings\All Users\Application Data
Application Data: D:\Documents and Settings\Dani\Application Data
Application Data: D:\Documents and Settings\Default User\Application Data
Application Data: D:\Documents and Settings\Eddy\Application Data
Application Data: D:\Documents and Settings\Hedge\Application Data
Application Data: D:\Documents and Settings\kevin\Application Data
Application Data: D:\Documents and Settings\krys\Application Data
Application Data: D:\Documents and Settings\LocalService\Application Data
Application Data: D:\Documents and Settings\NetworkService\Application Data
Application Data: D:\Documents and Settings\All Users\Application Data
Quick Launch: D:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Dani\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Eddy\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Hedge\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\kevin\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\krys\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Quick Launch
Temporary Folder: D:\Documents and Settings\Administrateur\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Dani\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Default User\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Eddy\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Hedge\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\kevin\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\krys\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\LocalService\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\NetworkService\Local Settings\Temp
Temporary Folder: D:\WINDOWS\Temp
Voici mon rapport, je pense que cette fois il s'agit du bon:
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Windows 5.1.2600 Service Pack 2
08:03:54 14/08/2008
mbam-log-8-14-2008 (08-03-35).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|H:\|J:\|)
Eléments examinés: 309802
Temps écoulé: 2 hour(s), 53 minute(s), 44 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adsst) -> Noare.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssearchassistant (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe (Adware.EGDAccess) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{9869efa6-18e9-11d3-a837-00104b9e30b5} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9869efb4-18e9-11d3-a837-00104b9e30b5} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
D:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\system32\myss_sb_uninstall.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\system32\adssite-remove.exe (Adware.Agent) -> No action taken.
D:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\system32\dcads_sidebar_uninstall.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\Fonts\death_font_ver1_0.zip (Trojan.Downloader) -> No action taken.
D:\Documents and Settings\Dani\Local Settings\Temp\CmdLineExt03.dll (Trojan.Agent) -> No action taken.
D:\Documents and Settings\krys\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Documents and Settings\kevin\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Documents and Settings\Hedge\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Documents and Settings\Dani\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (Trojan.BHO) -> No action taken.
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Windows 5.1.2600 Service Pack 2
08:03:54 14/08/2008
mbam-log-8-14-2008 (08-03-35).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|H:\|J:\|)
Eléments examinés: 309802
Temps écoulé: 2 hour(s), 53 minute(s), 44 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adsst) -> Noare.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssearchassistant (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe (Adware.EGDAccess) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{9869efa6-18e9-11d3-a837-00104b9e30b5} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9869efb4-18e9-11d3-a837-00104b9e30b5} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
D:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\system32\myss_sb_uninstall.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\system32\adssite-remove.exe (Adware.Agent) -> No action taken.
D:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\system32\dcads_sidebar_uninstall.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\Fonts\death_font_ver1_0.zip (Trojan.Downloader) -> No action taken.
D:\Documents and Settings\Dani\Local Settings\Temp\CmdLineExt03.dll (Trojan.Agent) -> No action taken.
D:\Documents and Settings\krys\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Documents and Settings\kevin\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Documents and Settings\Hedge\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Documents and Settings\Dani\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (Trojan.BHO) -> No action taken.
Je confirme j'ai bien supprimé la sélection. Suite à votre message j'ai refait un autre scan en mode sans échec puis redémarrer l'ordinateur comme demandé et voici le rapport donnée:
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Windows 5.1.2600 Service Pack 2
02:16:57 16/08/2008
mbam-log-8-16-2008 (02-16-57).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|H:\|J:\|)
Eléments examinés: 309951
Temps écoulé: 3 hour(s), 36 minute(s), 52 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Windows 5.1.2600 Service Pack 2
02:16:57 16/08/2008
mbam-log-8-16-2008 (02-16-57).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|H:\|J:\|)
Eléments examinés: 309951
Temps écoulé: 3 hour(s), 36 minute(s), 52 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Oui j'en avais deux Avast et Antivir, j'ai désinstallé avast mais est-il possible qu'il ne soit pas désinstallé correctement? Sinon actuellement j'ai antivir qui fonctionne sur mon ordinateur, A-SQUARRED gardien que j'ai installé récemment et ZONE ALARM comme pare-feu.
Il y a Norton aussi, supprime-le avec ceci :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe
C'est bizarre.. pourtant je n'ai jamais installé norton... fin à ma connaissance! Que dois-je faire ensuite? Mon problème de virus et de malware est-il réglé?
Norton est l'antivirus qui est installé d'office sur la plupart des PC de marque.
- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le bureau :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
- Double-clique sur Navilog1.exe afin de lancer l'installation
- Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le bureau
- Appuie sur F ou f puis valide par Entrée
- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options
- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix
- Patiente jusqu'au message : *** Analyse Termine le ..... ***
- Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse
- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt
N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le bureau :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
- Double-clique sur Navilog1.exe afin de lancer l'installation
- Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le bureau
- Appuie sur F ou f puis valide par Entrée
- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options
- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix
- Patiente jusqu'au message : *** Analyse Termine le ..... ***
- Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse
- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt
N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
Bonsoir,
Voici mon rapport navilog:
Search Navipromo version 3.6.4 commencé le 16/08/2008 à 23:14:36,39
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis D:\Program Files\navilog1
Session actuelle : "krys"
Mise à jour le 16.08.2008 à 22h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "D:\WINDOWS" ***
*** Recherche dossiers dans "D:\Program Files" ***
*** Recherche dossiers dans "D:\Documents and Settings\All Users\menu démarrer\programmes" ***
*** Recherche dossiers dans "D:\Documents and Settings\All Users\menu démarrer" ***
*** Recherche dossiers dans "d:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "D:\Documents and Settings\krys\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Administrateur\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Dani\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Eddy\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Hedge\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\kevin\application data" ***
*** Recherche dossiers dans "D:\Documents and Settings\krys\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Administrateur\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Dani\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Eddy\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Hedge\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\kevin\local settings\application data" ***
*** Recherche dossiers dans "D:\Documents and Settings\krys\menu dÚmarrer\programmes" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "D:\WINDOWS\system32" *
* Recherche dans "D:\Documents and Settings\krys\local settings\application data" *
* Recherche dans "D:\DOCUME~1\Administrateur\local settings\application data" *
* Recherche dans "D:\DOCUME~1\Dani\local settings\application data" *
* Recherche dans "D:\DOCUME~1\Eddy\local settings\application data" *
* Recherche dans "D:\DOCUME~1\Hedge\local settings\application data" *
* Recherche dans "D:\DOCUME~1\kevin\local settings\application data" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "D:\WINDOWS\system32" :
* Dans "D:\Documents and Settings\krys\local settings\application data" :
* Dans "D:\DOCUME~1\Administrateur\local settings\application data" :
* Dans "D:\DOCUME~1\Dani\local settings\application data" :
* Dans "D:\DOCUME~1\Eddy\local settings\application data" :
* Dans "D:\DOCUME~1\Hedge\local settings\application data" :
* Dans "D:\DOCUME~1\kevin\local settings\application data" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
D:\WINDOWS\system32\qtstv.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 16/08/2008 à 23:21:52,62 ***
Voici mon rapport navilog:
Search Navipromo version 3.6.4 commencé le 16/08/2008 à 23:14:36,39
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis D:\Program Files\navilog1
Session actuelle : "krys"
Mise à jour le 16.08.2008 à 22h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "D:\WINDOWS" ***
*** Recherche dossiers dans "D:\Program Files" ***
*** Recherche dossiers dans "D:\Documents and Settings\All Users\menu démarrer\programmes" ***
*** Recherche dossiers dans "D:\Documents and Settings\All Users\menu démarrer" ***
*** Recherche dossiers dans "d:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "D:\Documents and Settings\krys\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Administrateur\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Dani\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Eddy\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Hedge\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\kevin\application data" ***
*** Recherche dossiers dans "D:\Documents and Settings\krys\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Administrateur\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Dani\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Eddy\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Hedge\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\kevin\local settings\application data" ***
*** Recherche dossiers dans "D:\Documents and Settings\krys\menu dÚmarrer\programmes" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "D:\WINDOWS\system32" *
* Recherche dans "D:\Documents and Settings\krys\local settings\application data" *
* Recherche dans "D:\DOCUME~1\Administrateur\local settings\application data" *
* Recherche dans "D:\DOCUME~1\Dani\local settings\application data" *
* Recherche dans "D:\DOCUME~1\Eddy\local settings\application data" *
* Recherche dans "D:\DOCUME~1\Hedge\local settings\application data" *
* Recherche dans "D:\DOCUME~1\kevin\local settings\application data" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "D:\WINDOWS\system32" :
* Dans "D:\Documents and Settings\krys\local settings\application data" :
* Dans "D:\DOCUME~1\Administrateur\local settings\application data" :
* Dans "D:\DOCUME~1\Dani\local settings\application data" :
* Dans "D:\DOCUME~1\Eddy\local settings\application data" :
* Dans "D:\DOCUME~1\Hedge\local settings\application data" :
* Dans "D:\DOCUME~1\kevin\local settings\application data" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
D:\WINDOWS\system32\qtstv.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 16/08/2008 à 23:21:52,62 ***
T'es infecté par Vundo/Virtumonde.
---> Désinstalle Navilog1
---> Fais ceci :
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
---> Désinstalle Navilog1
---> Fais ceci :
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
Bonsoir,
J'ai effectué le scan avec Combofix comme demandé mais pendant le travail de l'application un message d'erreur n'arrêtait pas d'apparaitre du genre: " regt.cfexe est introuvable: blabla impossible de trouver ACLUI.dll bla bla.."
Finalement j'ai réussi à terminer combofix comme demandé précédemment et voici ce qu'il m'a donné comme rapport:
ComboFix 08-08-15.04 - krys 2008-08-16 23:53:31.1 - NTFSx86
Endroit: D:\Documents and Settings\krys\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Documents and Settings\Hedge\Application Data\Adssite Advanced Toolbar
D:\Documents and Settings\Hedge\Application Data\Adssite Advanced Toolbar\selected.xml
D:\Documents and Settings\Hedge\Cookies\hedge@protectionconue[2].txt
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\#SharedObjects\SAGKEC5L\interclick.com
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\#SharedObjects\SAGKEC5L\interclick.com\ud.sol
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
D:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
D:\WINDOWS\system32\ceudalyr.ini
D:\WINDOWS\system32\dgsfklbb.ini
D:\WINDOWS\system32\ewekypwk.ini
D:\WINDOWS\system32\fjwbrunf.ini
D:\WINDOWS\system32\ftasusan.ini
D:\WINDOWS\system32\gindwovv.ini
D:\WINDOWS\system32\hiylfjvh.ini
D:\WINDOWS\system32\hmxckulr.ini
D:\WINDOWS\system32\iwtioamg.ini
D:\WINDOWS\system32\kbhdanpj.ini
D:\WINDOWS\system32\MSINET.oca
D:\WINDOWS\system32\nsg59.dll
D:\WINDOWS\system32\pyjvwvup.ini
D:\WINDOWS\system32\qtstv.bak2
D:\WINDOWS\system32\qtstv.ini
D:\WINDOWS\system32\qyfgwvou.ini
D:\WINDOWS\system32\rhxwsjko.ini
D:\WINDOWS\system32\ucxixoxl.ini
D:\WINDOWS\system32\usnspxwv.ini
D:\WINDOWS\system32\vgxyhrgs.ini
D:\WINDOWS\system32\vivseobx.ini
D:\WINDOWS\system32\xwbagloe.ini
D:\WINDOWS\system32\ymqfitju.ini
D:\WINDOWS\system32\yrkwillx.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))))))))
.
2008-08-15 02:13 . 2008-08-15 02:13 664 --a------ D:\WINDOWS\system32\d3d9caps.dat
2008-08-12 20:36 . 2008-08-12 20:36 <REP> d-------- D:\Documents and Settings\krys\Application Data\Malwarebytes
2008-08-12 02:18 . 2008-08-13 02:45 <REP> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 02:18 . 2008-08-12 02:18 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 02:18 . 2008-07-30 20:07 38,472 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-12 02:18 . 2008-07-30 20:07 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 11:51 . 2008-08-10 11:51 <REP> d-------- D:\Program Files\Zone Labs
2008-08-10 03:02 . 2008-08-10 03:02 <REP> d-------- D:\WINDOWS\system32\fr-fr
2008-08-10 02:48 . 2008-08-10 02:48 <REP> d--h----- D:\WINDOWS\system32\GroupPolicy
2008-08-09 15:19 . 2008-08-09 15:19 0 --a------ D:\WINDOWS\~VS1C.tmp
2008-08-09 11:43 . 2008-08-09 11:43 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-08-09 11:43 . 2008-08-09 11:43 1,409 --a------ D:\WINDOWS\QTFont.for
2008-08-01 00:20 . 2008-08-01 00:20 578,048 --a------ D:\WINDOWS\system32\DllCache\user32.dll
2008-08-01 00:12 . 2008-08-01 00:12 <REP> d-------- D:\WINDOWS\ERUNT
2008-07-31 00:04 . 2008-07-31 00:04 <REP> d-------- D:\Program Files\Avira
2008-07-28 22:53 . 2008-07-28 22:53 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-28 22:50 . 2008-07-28 22:53 <REP> d-------- D:\Program Files\Lavasoft
2008-07-28 22:50 . 2008-07-28 22:50 <REP> d-------- D:\Documents and Settings\krys\Application Data\Lavasoft
2008-07-25 01:56 . 2008-07-25 01:56 240 --a------ D:\WINDOWS\system32\drivers\vsconfig.xml
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 21:48 --------- d-----w D:\Program Files\Navilog1
2008-08-16 21:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-15 19:34 30,720 ----a-w D:\WINDOWS\Internet Logs\xDB2.tmp
2008-08-14 06:05 --------- d-----w D:\Program Files\MegauploadToolbar
2008-08-13 06:50 9,216 ----a-w D:\WINDOWS\Internet Logs\xDB1.tmp
2008-08-13 06:50 258,560 ----a-w D:\WINDOWS\Internet Logs\xDB77.tmp
2008-08-13 06:50 1,212,928 ----a-w D:\WINDOWS\Internet Logs\xDB78.tmp
2008-08-11 20:58 --------- d-----w D:\Documents and Settings\krys\Application Data\Skype
2008-08-11 06:12 9,728 ----a-w D:\WINDOWS\Internet Logs\xDBEA.tmp
2008-08-11 06:12 9,216 ----a-w D:\WINDOWS\Internet Logs\xDBEB.tmp
2008-08-11 06:11 80,384 ----a-w D:\WINDOWS\Internet Logs\xDBE8.tmp
2008-08-11 06:11 1,205,760 ----a-w D:\WINDOWS\Internet Logs\xDBE9.tmp
2008-08-09 12:26 --------- d-----w D:\Documents and Settings\krys\Application Data\BitTorrent
2008-08-08 21:09 --------- d-----w D:\Documents and Settings\krys\Application Data\MEGAUPLOADTOOLBAR
2008-08-06 20:42 --------- d-----w D:\Documents and Settings\Hedge\Application Data\MegauploadToolbar
2008-08-02 22:11 --------- d-----w D:\Program Files\CDBurnerXP Pro 3
2008-08-01 22:25 --------- d-----w D:\Program Files\Messenger Plus! Live
2008-08-01 20:49 --------- d-----w D:\Program Files\RPG Maker 2003
2008-08-01 20:49 --------- d-----w D:\Program Files\Pinnacle
2008-08-01 20:49 --------- d-----w D:\Program Files\FlashGet
2008-08-01 20:48 --------- d-----w D:\Program Files\DivX
2008-08-01 20:48 --------- d-----w D:\Program Files\BitTorrent++
2008-07-30 22:04 --------- d-----w D:\Documents and Settings\All Users\Application Data\Avira
2008-07-29 20:38 --------- d-----w D:\Documents and Settings\krys\Application Data\skypePM
2008-07-28 20:52 --------- d-----w D:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-18 17:26 --------- d-----w D:\Documents and Settings\Dani\Application Data\MEGAUPLOADTOOLBAR
2008-07-10 20:45 --------- d-----w D:\Documents and Settings\krys\Application Data\ArcSoft
2008-07-10 20:44 --------- d-----w D:\Program Files\Fichiers communs\Nikon
2008-07-10 20:42 --------- d-----w D:\Program Files\InstallShield Installation Information
2008-07-10 20:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-29 21:14 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2008-06-29 21:14 --------- d-----w D:\Documents and Settings\krys\Application Data\DAEMON Tools
2008-06-11 00:04 200,704 ----a-w D:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w D:\WINDOWS\system32\libdivx.dll
2002-07-26 15:02 153,088 ----a-w D:\Program Files\UNWISE.EXE
.
------- Sigcheck -------
2004-12-10 23:44 359040 37e6643b1c4fb5de3a4fcef92909b4ad D:\WINDOWS\system32\drivers\tcpip.sys
2005-03-12 04:42 2322816 ef63ab857ca46064a559d32ca57ca53b D:\WINDOWS\system32\ntoskrnl.exe
2005-03-22 22:54 1477120 7709e0d27cb024bdc8589833b0845f41 D:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Belkin Wireless USB Utility.lnk - D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 11:23:10 1404928]
D‚marrage rapide du logiciel HP Image Zone.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 00:05:56 65588]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"NoActiveDesktop"= 0 (0x0)
"ForceActiveDesktopOn"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SfcDisable"=dword:ffffff9d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2006-11-16 03:35 43008 D:\Documents and Settings\Hedge\Torrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\FlashFXP\\flashfxp.exe"=
"D:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"D:\\StubInstaller.exe"=
"D:\\Documents and Settings\\Hedge\\Mes documents\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BF2.exe"=
"C:\\Documents and Settings\\Krys\\eMule\\emule.exe"=
"D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\StubInstaller.exe"=
"D:\\Documents and Settings\\Hedge\\Mes documents\\Azureus\\Azureus.exe"=
"C:\\Documents and Settings\\Hedge\\Mes documents\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Hedge\\Mes documents\\Torrent\\bittorrent.exe"=
"D:\\Documents and Settings\\Hedge\\Torrent\\bittorrent.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"D:\\Documents and Settings\\Hedge\\Mes documents\\Shareaza\\Shareaza.exe"=
"C:\\Documents and Settings\\Hedge\\Mes documents\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"D:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"D:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\Program Files\\CapCom\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{081266f1-0942-11dc-9c6e-c42a6c3110d8}]
\Shell\AutoRun\command - setupSNK.exe
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-08-16 D:\WINDOWS\Tasks\HPpromotions journeysoftware.job
- D:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]
.
- - - - ORPHANS REMOVED - - - -
BHO-{E845745E-AB33-4446-852A-3633EE3B05E2} - D:\WINDOWS\system32\cmsetAC.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\krys\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\
FF -: plugin - D:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 23:58:26
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xvyuwczd]
"ImagePath"="system32\drivers\dyfnrdyf.dat"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET CLR Data]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET CLR Networking]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET Data Provider for Oracle]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET Data Provider for SqlServer]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NETFramework]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\a2AntiMalware]
"ImagePath"="\"C:\Program Files\a-squared Anti-Malware\a2service.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Abiosdsk]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\abp480n5]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ACPIEC]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Adobe LM Service]
"ImagePath"="\"D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\adpu160m]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Aha154x]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aic78u2]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aic78xx]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AliIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AmdK8]
"ImagePath"="system32\DRIVERS\AmdK8.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\amsint]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AntiVirScheduler]
"ImagePath"="\"D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AntiVirService]
"ImagePath"="\"D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AresChatServer]
"ImagePath"="C:\Program Files\Ares\chatServer.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Arp1394]
"ImagePath"="system32\DRIVERS\arp1394.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASAPIW2K]
"ImagePath"="System32\Drivers\ASAPIW2K.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc3350p]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc3550]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET_1.1.4322]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET_2.0.50727]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Aspi32]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AspiXNT]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Atdisk]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avgio]
"ImagePath"="\??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avgntflt]
"ImagePath"="\??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avipbb]
"ImagePath"="system32\DRIVERS\avipbb.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Beep]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BITS]
"ServiceDll"="D:\WINDOWS\system32\qmgr.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BLKWGU(Belkin)]
"ImagePath"="system32\DRIVERS\BLKWGU.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CamDrL]
"ImagePath"="system32\DRIVERS\Camdrl.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\catchme]
"ImagePath"="\??\D:\DOCUME~1\krys\Local Settings\Temp\catchme.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cbidf2k]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CCDECODE]
"ImagePath"="system32\DRIVERS\CCDECODE.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ccEvtMgr]
"ImagePath"="\"D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe\" /h ccCommon"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ccSetMgr]
"ImagePath"="\"D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe\" /h ccCommon"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cd20xrnt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdaudio]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Changer]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CmdIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cmpci]
"ImagePath"="system32\drivers\cmaudio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\COMSysApp]
"ImagePath"="D:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ContentFilter]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ContentIndex]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cpqarray]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\d347bus]
"ImagePath"="system32\DRIVERS\d347bus.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\d347prt]
"ImagePath"="System32\Drivers\d347prt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dac2w2k]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dac960nt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DCamUSBEMPIA]
"ImagePath"="system32\DRIVERS\emDevice.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dpti2o]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\emAudio]
"ImagePath"="system32\drivers\emAudio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\es1371]
"ImagePath"="system32\drivers\es1371mp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\EventSystem]
"ServiceDll"="D:\WINDOWS\system32\es.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fastfat]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fdc]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FiltUSBEMPIA]
"ImagePath"="system32\DRIVERS\emFilter.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fips]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Flpydisk]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ForceWare Intelligent Application Manager (IAM)]
"ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\gameenum]
"ImagePath"="system32\DRIVERS\gameenum.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hcarrjarfbyt]
"ImagePath"="system32\drivers\hcarrjarfbyt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hpn]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i2omp]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IDriverT]
"ImagePath"="\"D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ImapiService]
"ImagePath"="D:\WINDOWS\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\inetaccs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ini910u]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Inport]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IntelIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ip6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JGOGO]
"ImagePath"="system32\DRIVERS\JGOGO.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JRAID]
"ImagePath"="system32\DRIVERS\jraid.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\KSecDD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ldap]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LicenseService]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LiveUpdate]
"ImagePath"="\"D:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LVUSBSta]
"ImagePath"="system32\drivers\lvusbsta.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MDM]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mnmdd]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mnmsrvc]
"ImagePath"="D:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Modem]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MountMgr]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mraid35x]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSDTC]
"ImagePath"="D:\WINDOWS\system32\msdtc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Msfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSIServer]
"ImagePath"="D:\WINDOWS\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MTsensor]
"ImagePath"="system32\DRIVERS\ASACPI.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Mup]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NDIS]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NDProxy]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Npfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nSvcIp]
"ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nSvcLog]
"ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ntfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Null]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NULLPROTO]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nvata]
"ImagePath"="system32\DRIVERS\nvata.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVENETFD]
"ImagePath"="system32\DRIVERS\NVENETFD.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nvnetbus]
"ImagePath"="system32\DRIVERS\nvnetbus.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVTCP]
"ImagePath"="System32\DRIVERS\NVTcp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PartMgr]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ParVdm]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCASp50]
"ImagePath"="System32\Drivers\PCASp50.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCIDump]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCLEPCI]
"ImagePath"="\??\D:\WINDOWS\system32\drivers\pclepci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDRELI]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\perc2]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\perc2hib]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfNet]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfOS]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfProc]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PfModNT]
"ImagePath"="\??\D:\WINDOWS\system32\PfModNT.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\pfsvgae]
"ImagePath"="\??\D:\DOCUME~1\Dani\Local Settings\Temp\pfsvgae.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Pml Driver HPZ12]
"ImagePath"="D:\WINDOWS\system32\HPZipm12.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PnkBstrA]
"ImagePath"="D:\WINDOWS\system32\PnkBstrA.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PnkBstrB]
"ImagePath"="D:\WINDOWS\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PxHelp20]
"ImagePath"="system32\DRIVERS\PxHelp20.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1080]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql12160]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1240]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1280]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPDD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPNP]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPWD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDSessMgr]
"ImagePath"="D:\WINDOWS\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ROOTMODEM]
"ImagePath"="System32\Drivers\RootMdm.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASDIFSV]
"ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASENUM]
"ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASKUTIL]
"ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ScanUSBEMPIA]
"ImagePath"="system32\DRIVERS\emScan.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SCardDrv]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SDTHOOK]
"ImagePath"="System32\DRIVERS\SDTHOOK.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Simbad]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\smp_lpt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Sparrow]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\srescan]
"ImagePath"="system32\ZoneLabs\srescan.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\srservice]
"ServiceDll"="D:\WINDOWS\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdbus]
"ImagePath"="system32\DRIVERS\sscdbus.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdmdfl]
"ImagePath"="system32\DRIVERS\sscdmdfl.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdmdm]
"ImagePath"="system32\DRIVERS\sscdmdm.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ssmdrv]
"ImagePath"="system32\DRIVERS\ssmdrv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\StarOpen]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SwPrv]
"ImagePath"="D:\WINDOWS\system32\dllhost.exe /Processid:{6635FEB7-5681-4234-8082-47CE48AD5412}"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\symc810]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\symc8xx]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sym_hi]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sym_u3]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDTCP]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TlntSvr]
"ImagePath"="D:\WINDOWS\system32\tlntsvr.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TosIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TSDDD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Udfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ultra]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\uploadmgr]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usnjsvc]
"ImagePath"="\"D:\Program Files\MSN Messenger\usnsvc.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usprserv]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ViaIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Vofsmpumt-d9]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VolSnap]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\vsdatant]
"ImagePath"="System32\vsdatant.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\vsmon]
"ImagePath"="D:\WINDOWS\system32\ZoneLabs\vsmon.exe -service"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VxD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\W32Time]
"ServiceDll"="D:\WINDOWS\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\W3SVC]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WDICA]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Winsock]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WinSock2]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WinTrust]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmdmPmSN]
"ServiceDll"="D:\WINDOWS\system32\MsPMSNSv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmiApRpl]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmiApSrv]
"ImagePath"="D:\WINDOWS\system32\wbem\wmiapsrv.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WMPNetworkSvc]
"ImagePath"="\"D:\Program Files\Windows Media Player\WMPNetwk.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wuauserv]
"ServiceDll"="D:\WINDOWS\system32\wuauserv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xvyuwczd]
"ImagePath"="system32\drivers\dyfnrdyf.dat"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ZDPSp50]
"ImagePath"="System32\Drivers\ZDPSp50.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{01C11E6A-09DB-4C74-8A8F-4AF588705488}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{213DC0AE-334E-493A-B328-FFE24A608305}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{736A8DC2-D924-40CB-8DA8-493ABA0920C6}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{7D2177A5-2ACD-4A0B-A914-5A9F1AE8E34A}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{856AE575-12A9-418C-86BD-0F05D34E8680}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{F1EB8025-376C-4AB5-A5D8-5049338D9EC3}]
.
Temps d'accomplissement: 2008-08-17 0:08:52
ComboFix-quarantined-files.txt 2008-08-16 22:08:48
Pre-Run: 3,805,642,752 octets libres
Post-Run: 8,481,525,760 octets libres
848
J'ai effectué le scan avec Combofix comme demandé mais pendant le travail de l'application un message d'erreur n'arrêtait pas d'apparaitre du genre: " regt.cfexe est introuvable: blabla impossible de trouver ACLUI.dll bla bla.."
Finalement j'ai réussi à terminer combofix comme demandé précédemment et voici ce qu'il m'a donné comme rapport:
ComboFix 08-08-15.04 - krys 2008-08-16 23:53:31.1 - NTFSx86
Endroit: D:\Documents and Settings\krys\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Documents and Settings\Hedge\Application Data\Adssite Advanced Toolbar
D:\Documents and Settings\Hedge\Application Data\Adssite Advanced Toolbar\selected.xml
D:\Documents and Settings\Hedge\Cookies\hedge@protectionconue[2].txt
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\#SharedObjects\SAGKEC5L\interclick.com
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\#SharedObjects\SAGKEC5L\interclick.com\ud.sol
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
D:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
D:\WINDOWS\system32\ceudalyr.ini
D:\WINDOWS\system32\dgsfklbb.ini
D:\WINDOWS\system32\ewekypwk.ini
D:\WINDOWS\system32\fjwbrunf.ini
D:\WINDOWS\system32\ftasusan.ini
D:\WINDOWS\system32\gindwovv.ini
D:\WINDOWS\system32\hiylfjvh.ini
D:\WINDOWS\system32\hmxckulr.ini
D:\WINDOWS\system32\iwtioamg.ini
D:\WINDOWS\system32\kbhdanpj.ini
D:\WINDOWS\system32\MSINET.oca
D:\WINDOWS\system32\nsg59.dll
D:\WINDOWS\system32\pyjvwvup.ini
D:\WINDOWS\system32\qtstv.bak2
D:\WINDOWS\system32\qtstv.ini
D:\WINDOWS\system32\qyfgwvou.ini
D:\WINDOWS\system32\rhxwsjko.ini
D:\WINDOWS\system32\ucxixoxl.ini
D:\WINDOWS\system32\usnspxwv.ini
D:\WINDOWS\system32\vgxyhrgs.ini
D:\WINDOWS\system32\vivseobx.ini
D:\WINDOWS\system32\xwbagloe.ini
D:\WINDOWS\system32\ymqfitju.ini
D:\WINDOWS\system32\yrkwillx.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))))))))
.
2008-08-15 02:13 . 2008-08-15 02:13 664 --a------ D:\WINDOWS\system32\d3d9caps.dat
2008-08-12 20:36 . 2008-08-12 20:36 <REP> d-------- D:\Documents and Settings\krys\Application Data\Malwarebytes
2008-08-12 02:18 . 2008-08-13 02:45 <REP> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 02:18 . 2008-08-12 02:18 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 02:18 . 2008-07-30 20:07 38,472 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-12 02:18 . 2008-07-30 20:07 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 11:51 . 2008-08-10 11:51 <REP> d-------- D:\Program Files\Zone Labs
2008-08-10 03:02 . 2008-08-10 03:02 <REP> d-------- D:\WINDOWS\system32\fr-fr
2008-08-10 02:48 . 2008-08-10 02:48 <REP> d--h----- D:\WINDOWS\system32\GroupPolicy
2008-08-09 15:19 . 2008-08-09 15:19 0 --a------ D:\WINDOWS\~VS1C.tmp
2008-08-09 11:43 . 2008-08-09 11:43 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-08-09 11:43 . 2008-08-09 11:43 1,409 --a------ D:\WINDOWS\QTFont.for
2008-08-01 00:20 . 2008-08-01 00:20 578,048 --a------ D:\WINDOWS\system32\DllCache\user32.dll
2008-08-01 00:12 . 2008-08-01 00:12 <REP> d-------- D:\WINDOWS\ERUNT
2008-07-31 00:04 . 2008-07-31 00:04 <REP> d-------- D:\Program Files\Avira
2008-07-28 22:53 . 2008-07-28 22:53 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-28 22:50 . 2008-07-28 22:53 <REP> d-------- D:\Program Files\Lavasoft
2008-07-28 22:50 . 2008-07-28 22:50 <REP> d-------- D:\Documents and Settings\krys\Application Data\Lavasoft
2008-07-25 01:56 . 2008-07-25 01:56 240 --a------ D:\WINDOWS\system32\drivers\vsconfig.xml
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 21:48 --------- d-----w D:\Program Files\Navilog1
2008-08-16 21:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-15 19:34 30,720 ----a-w D:\WINDOWS\Internet Logs\xDB2.tmp
2008-08-14 06:05 --------- d-----w D:\Program Files\MegauploadToolbar
2008-08-13 06:50 9,216 ----a-w D:\WINDOWS\Internet Logs\xDB1.tmp
2008-08-13 06:50 258,560 ----a-w D:\WINDOWS\Internet Logs\xDB77.tmp
2008-08-13 06:50 1,212,928 ----a-w D:\WINDOWS\Internet Logs\xDB78.tmp
2008-08-11 20:58 --------- d-----w D:\Documents and Settings\krys\Application Data\Skype
2008-08-11 06:12 9,728 ----a-w D:\WINDOWS\Internet Logs\xDBEA.tmp
2008-08-11 06:12 9,216 ----a-w D:\WINDOWS\Internet Logs\xDBEB.tmp
2008-08-11 06:11 80,384 ----a-w D:\WINDOWS\Internet Logs\xDBE8.tmp
2008-08-11 06:11 1,205,760 ----a-w D:\WINDOWS\Internet Logs\xDBE9.tmp
2008-08-09 12:26 --------- d-----w D:\Documents and Settings\krys\Application Data\BitTorrent
2008-08-08 21:09 --------- d-----w D:\Documents and Settings\krys\Application Data\MEGAUPLOADTOOLBAR
2008-08-06 20:42 --------- d-----w D:\Documents and Settings\Hedge\Application Data\MegauploadToolbar
2008-08-02 22:11 --------- d-----w D:\Program Files\CDBurnerXP Pro 3
2008-08-01 22:25 --------- d-----w D:\Program Files\Messenger Plus! Live
2008-08-01 20:49 --------- d-----w D:\Program Files\RPG Maker 2003
2008-08-01 20:49 --------- d-----w D:\Program Files\Pinnacle
2008-08-01 20:49 --------- d-----w D:\Program Files\FlashGet
2008-08-01 20:48 --------- d-----w D:\Program Files\DivX
2008-08-01 20:48 --------- d-----w D:\Program Files\BitTorrent++
2008-07-30 22:04 --------- d-----w D:\Documents and Settings\All Users\Application Data\Avira
2008-07-29 20:38 --------- d-----w D:\Documents and Settings\krys\Application Data\skypePM
2008-07-28 20:52 --------- d-----w D:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-18 17:26 --------- d-----w D:\Documents and Settings\Dani\Application Data\MEGAUPLOADTOOLBAR
2008-07-10 20:45 --------- d-----w D:\Documents and Settings\krys\Application Data\ArcSoft
2008-07-10 20:44 --------- d-----w D:\Program Files\Fichiers communs\Nikon
2008-07-10 20:42 --------- d-----w D:\Program Files\InstallShield Installation Information
2008-07-10 20:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-29 21:14 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2008-06-29 21:14 --------- d-----w D:\Documents and Settings\krys\Application Data\DAEMON Tools
2008-06-11 00:04 200,704 ----a-w D:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w D:\WINDOWS\system32\libdivx.dll
2002-07-26 15:02 153,088 ----a-w D:\Program Files\UNWISE.EXE
.
------- Sigcheck -------
2004-12-10 23:44 359040 37e6643b1c4fb5de3a4fcef92909b4ad D:\WINDOWS\system32\drivers\tcpip.sys
2005-03-12 04:42 2322816 ef63ab857ca46064a559d32ca57ca53b D:\WINDOWS\system32\ntoskrnl.exe
2005-03-22 22:54 1477120 7709e0d27cb024bdc8589833b0845f41 D:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Belkin Wireless USB Utility.lnk - D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 11:23:10 1404928]
D‚marrage rapide du logiciel HP Image Zone.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 00:05:56 65588]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"NoActiveDesktop"= 0 (0x0)
"ForceActiveDesktopOn"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SfcDisable"=dword:ffffff9d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2006-11-16 03:35 43008 D:\Documents and Settings\Hedge\Torrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\FlashFXP\\flashfxp.exe"=
"D:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"D:\\StubInstaller.exe"=
"D:\\Documents and Settings\\Hedge\\Mes documents\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BF2.exe"=
"C:\\Documents and Settings\\Krys\\eMule\\emule.exe"=
"D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\StubInstaller.exe"=
"D:\\Documents and Settings\\Hedge\\Mes documents\\Azureus\\Azureus.exe"=
"C:\\Documents and Settings\\Hedge\\Mes documents\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Hedge\\Mes documents\\Torrent\\bittorrent.exe"=
"D:\\Documents and Settings\\Hedge\\Torrent\\bittorrent.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"D:\\Documents and Settings\\Hedge\\Mes documents\\Shareaza\\Shareaza.exe"=
"C:\\Documents and Settings\\Hedge\\Mes documents\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"D:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"D:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\Program Files\\CapCom\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{081266f1-0942-11dc-9c6e-c42a6c3110d8}]
\Shell\AutoRun\command - setupSNK.exe
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-08-16 D:\WINDOWS\Tasks\HPpromotions journeysoftware.job
- D:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]
.
- - - - ORPHANS REMOVED - - - -
BHO-{E845745E-AB33-4446-852A-3633EE3B05E2} - D:\WINDOWS\system32\cmsetAC.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\krys\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\
FF -: plugin - D:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 23:58:26
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xvyuwczd]
"ImagePath"="system32\drivers\dyfnrdyf.dat"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET CLR Data]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET CLR Networking]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET Data Provider for Oracle]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET Data Provider for SqlServer]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NETFramework]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\a2AntiMalware]
"ImagePath"="\"C:\Program Files\a-squared Anti-Malware\a2service.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Abiosdsk]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\abp480n5]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ACPIEC]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Adobe LM Service]
"ImagePath"="\"D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\adpu160m]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Aha154x]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aic78u2]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aic78xx]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AliIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AmdK8]
"ImagePath"="system32\DRIVERS\AmdK8.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\amsint]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AntiVirScheduler]
"ImagePath"="\"D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AntiVirService]
"ImagePath"="\"D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AresChatServer]
"ImagePath"="C:\Program Files\Ares\chatServer.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Arp1394]
"ImagePath"="system32\DRIVERS\arp1394.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASAPIW2K]
"ImagePath"="System32\Drivers\ASAPIW2K.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc3350p]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc3550]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET_1.1.4322]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET_2.0.50727]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Aspi32]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AspiXNT]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Atdisk]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avgio]
"ImagePath"="\??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avgntflt]
"ImagePath"="\??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avipbb]
"ImagePath"="system32\DRIVERS\avipbb.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Beep]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BITS]
"ServiceDll"="D:\WINDOWS\system32\qmgr.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BLKWGU(Belkin)]
"ImagePath"="system32\DRIVERS\BLKWGU.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CamDrL]
"ImagePath"="system32\DRIVERS\Camdrl.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\catchme]
"ImagePath"="\??\D:\DOCUME~1\krys\Local Settings\Temp\catchme.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cbidf2k]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CCDECODE]
"ImagePath"="system32\DRIVERS\CCDECODE.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ccEvtMgr]
"ImagePath"="\"D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe\" /h ccCommon"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ccSetMgr]
"ImagePath"="\"D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe\" /h ccCommon"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cd20xrnt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdaudio]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Changer]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CmdIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cmpci]
"ImagePath"="system32\drivers\cmaudio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\COMSysApp]
"ImagePath"="D:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ContentFilter]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ContentIndex]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cpqarray]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\d347bus]
"ImagePath"="system32\DRIVERS\d347bus.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\d347prt]
"ImagePath"="System32\Drivers\d347prt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dac2w2k]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dac960nt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DCamUSBEMPIA]
"ImagePath"="system32\DRIVERS\emDevice.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dpti2o]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\emAudio]
"ImagePath"="system32\drivers\emAudio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\es1371]
"ImagePath"="system32\drivers\es1371mp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\EventSystem]
"ServiceDll"="D:\WINDOWS\system32\es.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fastfat]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fdc]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FiltUSBEMPIA]
"ImagePath"="system32\DRIVERS\emFilter.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fips]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Flpydisk]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ForceWare Intelligent Application Manager (IAM)]
"ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\gameenum]
"ImagePath"="system32\DRIVERS\gameenum.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hcarrjarfbyt]
"ImagePath"="system32\drivers\hcarrjarfbyt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hpn]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i2omp]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IDriverT]
"ImagePath"="\"D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ImapiService]
"ImagePath"="D:\WINDOWS\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\inetaccs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ini910u]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Inport]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IntelIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ip6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JGOGO]
"ImagePath"="system32\DRIVERS\JGOGO.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JRAID]
"ImagePath"="system32\DRIVERS\jraid.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\KSecDD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ldap]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LicenseService]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LiveUpdate]
"ImagePath"="\"D:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LVUSBSta]
"ImagePath"="system32\drivers\lvusbsta.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MDM]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mnmdd]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mnmsrvc]
"ImagePath"="D:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Modem]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MountMgr]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mraid35x]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSDTC]
"ImagePath"="D:\WINDOWS\system32\msdtc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Msfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSIServer]
"ImagePath"="D:\WINDOWS\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MTsensor]
"ImagePath"="system32\DRIVERS\ASACPI.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Mup]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NDIS]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NDProxy]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Npfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nSvcIp]
"ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nSvcLog]
"ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ntfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Null]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NULLPROTO]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nvata]
"ImagePath"="system32\DRIVERS\nvata.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVENETFD]
"ImagePath"="system32\DRIVERS\NVENETFD.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nvnetbus]
"ImagePath"="system32\DRIVERS\nvnetbus.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVTCP]
"ImagePath"="System32\DRIVERS\NVTcp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PartMgr]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ParVdm]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCASp50]
"ImagePath"="System32\Drivers\PCASp50.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCIDump]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCLEPCI]
"ImagePath"="\??\D:\WINDOWS\system32\drivers\pclepci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDRELI]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\perc2]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\perc2hib]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfNet]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfOS]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfProc]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PfModNT]
"ImagePath"="\??\D:\WINDOWS\system32\PfModNT.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\pfsvgae]
"ImagePath"="\??\D:\DOCUME~1\Dani\Local Settings\Temp\pfsvgae.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Pml Driver HPZ12]
"ImagePath"="D:\WINDOWS\system32\HPZipm12.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PnkBstrA]
"ImagePath"="D:\WINDOWS\system32\PnkBstrA.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PnkBstrB]
"ImagePath"="D:\WINDOWS\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PxHelp20]
"ImagePath"="system32\DRIVERS\PxHelp20.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1080]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql12160]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1240]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1280]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPDD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPNP]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPWD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDSessMgr]
"ImagePath"="D:\WINDOWS\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ROOTMODEM]
"ImagePath"="System32\Drivers\RootMdm.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASDIFSV]
"ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASENUM]
"ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASKUTIL]
"ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ScanUSBEMPIA]
"ImagePath"="system32\DRIVERS\emScan.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SCardDrv]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SDTHOOK]
"ImagePath"="System32\DRIVERS\SDTHOOK.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Simbad]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\smp_lpt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Sparrow]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\srescan]
"ImagePath"="system32\ZoneLabs\srescan.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\srservice]
"ServiceDll"="D:\WINDOWS\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdbus]
"ImagePath"="system32\DRIVERS\sscdbus.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdmdfl]
"ImagePath"="system32\DRIVERS\sscdmdfl.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdmdm]
"ImagePath"="system32\DRIVERS\sscdmdm.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ssmdrv]
"ImagePath"="system32\DRIVERS\ssmdrv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\StarOpen]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SwPrv]
"ImagePath"="D:\WINDOWS\system32\dllhost.exe /Processid:{6635FEB7-5681-4234-8082-47CE48AD5412}"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\symc810]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\symc8xx]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sym_hi]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sym_u3]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDTCP]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TlntSvr]
"ImagePath"="D:\WINDOWS\system32\tlntsvr.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TosIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TSDDD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Udfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ultra]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\uploadmgr]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usnjsvc]
"ImagePath"="\"D:\Program Files\MSN Messenger\usnsvc.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usprserv]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ViaIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Vofsmpumt-d9]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VolSnap]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\vsdatant]
"ImagePath"="System32\vsdatant.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\vsmon]
"ImagePath"="D:\WINDOWS\system32\ZoneLabs\vsmon.exe -service"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VxD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\W32Time]
"ServiceDll"="D:\WINDOWS\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\W3SVC]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WDICA]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Winsock]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WinSock2]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WinTrust]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmdmPmSN]
"ServiceDll"="D:\WINDOWS\system32\MsPMSNSv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmiApRpl]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmiApSrv]
"ImagePath"="D:\WINDOWS\system32\wbem\wmiapsrv.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WMPNetworkSvc]
"ImagePath"="\"D:\Program Files\Windows Media Player\WMPNetwk.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wuauserv]
"ServiceDll"="D:\WINDOWS\system32\wuauserv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xvyuwczd]
"ImagePath"="system32\drivers\dyfnrdyf.dat"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ZDPSp50]
"ImagePath"="System32\Drivers\ZDPSp50.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{01C11E6A-09DB-4C74-8A8F-4AF588705488}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{213DC0AE-334E-493A-B328-FFE24A608305}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{736A8DC2-D924-40CB-8DA8-493ABA0920C6}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{7D2177A5-2ACD-4A0B-A914-5A9F1AE8E34A}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{856AE575-12A9-418C-86BD-0F05D34E8680}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{F1EB8025-376C-4AB5-A5D8-5049338D9EC3}]
.
Temps d'accomplissement: 2008-08-17 0:08:52
ComboFix-quarantined-files.txt 2008-08-16 22:08:48
Pre-Run: 3,805,642,752 octets libres
Post-Run: 8,481,525,760 octets libres
848
