A voir également:
- Je n'arrive pas à suppromer tr/bho.czo
- We tr - Télécharger - Téléchargement & Transfert
- Tr mail - Forum Messagerie
- Google tr - Télécharger - Traduction
- Sennheiser tr 4200 problème - Forum Casque / Micro / kit
- WeTransfer gratuit : envoyer des fichiers via Internet - Guide
23 réponses
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
11 août 2008 à 02:51
11 août 2008 à 02:51
Salut,
On va regarder ça.
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
On va regarder ça.
- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe
- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation
- Clique sur Install ensuite sur I Accept
- Clique sur Do a scan system and save log file
- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.
Destrio5,
Étant donné que cette infection est récente (14/07/2008) vous pouvez probablement la supprimer (fichiers et valeur registre) à partir de ceci :
http://www.avira.com/fr/threats/section/fulldetails/id_vir/4237/tr_psw.onlin.aklo.2.html
Étant donné que cette infection est récente (14/07/2008) vous pouvez probablement la supprimer (fichiers et valeur registre) à partir de ceci :
http://www.avira.com/fr/threats/section/fulldetails/id_vir/4237/tr_psw.onlin.aklo.2.html
Destrio5,
Oups.. se serait plutôt avec le lien suivant : http://www.avira.com/fr/threats/section/fulldetails/id_vir/4260/tr_bho.czo.html
Oups.. se serait plutôt avec le lien suivant : http://www.avira.com/fr/threats/section/fulldetails/id_vir/4260/tr_bho.czo.html
Bonjour,
Voici le résultat de mon scan HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:24, on 11/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\lclock.exe
D:\PROGRA~1\MSNMES~1\msnmsgr.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Documents and Settings\Hedge\Torrent\bittorrent.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Ares\Ares.exe
D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\krys\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {E845745E-AB33-4446-852A-3633EE3B05E2} - D:\WINDOWS\system32\cmsetAC.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [JMB36X Configure] D:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD08] D:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "D:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\Documents and Settings\Hedge\Torrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [LClock] lclock.exe (User '?')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-1844823847-839522115-1003\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Télécharger avec FlashGet - D:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - D:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
Voici le résultat de mon scan HIJACKTHIS:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:24, on 11/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal
Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
D:\WINDOWS\system32\nvsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\lclock.exe
D:\PROGRA~1\MSNMES~1\msnmsgr.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Documents and Settings\Hedge\Torrent\bittorrent.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Ares\Ares.exe
D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\krys\Bureau\HiJackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {E845745E-AB33-4446-852A-3633EE3B05E2} - D:\WINDOWS\system32\cmsetAC.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [JMB36X Configure] D:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD08] D:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "D:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\Documents and Settings\Hedge\Torrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [LClock] lclock.exe (User '?')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-1844823847-839522115-1003\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Télécharger avec FlashGet - D:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - D:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
12 août 2008 à 01:27
12 août 2008 à 01:27
T'as deux antivirus, c'est pas bon.
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm
- Mets-le à jour
- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/
- Choisis ta session habituelle
- Fais un scan complet avec MalwareByte's Anti-Malware
- Supprime tout ce que le logiciel trouve, enregistre le rapport
- Redémarre en mode normal et poste le rapport ici
Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/
Voici le rapport que j'ai obtenu avec malwarebyte's:
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Executable location: D:\Program Files\Malwarebytes' Anti-Malware
Database location: D:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
Username: krys
Windows folder: D:\WINDOWS
System folder: D:\WINDOWS\system32
Root drive: D:
Program Files: D:\Program Files
Common Files: D:\Program Files\Fichiers communs
Desktop: D:\Documents and Settings\Administrateur\Bureau
Desktop: D:\Documents and Settings\All Users\Bureau
Desktop: D:\Documents and Settings\Dani\Bureau
Desktop: D:\Documents and Settings\Default User\Bureau
Desktop: D:\Documents and Settings\Eddy\Bureau
Desktop: D:\Documents and Settings\Hedge\Bureau
Desktop: D:\Documents and Settings\kevin\Bureau
Desktop: D:\Documents and Settings\krys\Bureau
Start Menu: D:\Documents and Settings\Administrateur\Menu Démarrer
Start Menu: D:\Documents and Settings\All Users\Menu Démarrer
Start Menu: D:\Documents and Settings\Dani\Menu Démarrer
Start Menu: D:\Documents and Settings\Default User\Menu Démarrer
Start Menu: D:\Documents and Settings\Eddy\Menu Démarrer
Start Menu: D:\Documents and Settings\Hedge\Menu Démarrer
Start Menu: D:\Documents and Settings\kevin\Menu Démarrer
Start Menu: D:\Documents and Settings\krys\Menu Démarrer
Start Menu: D:\Documents and Settings\All Users\Menu Démarrer
User Root: D:\Documents and Settings\Administrateur
User Root: D:\Documents and Settings\All Users
User Root: D:\Documents and Settings\Dani
User Root: D:\Documents and Settings\Default User
User Root: D:\Documents and Settings\Eddy
User Root: D:\Documents and Settings\Hedge
User Root: D:\Documents and Settings\kevin
User Root: D:\Documents and Settings\krys
User Root: D:\Documents and Settings\LocalService
User Root: D:\Documents and Settings\NetworkService
Favorite: D:\Documents and Settings\Administrateur\Favoris
Favorite: D:\Documents and Settings\All Users\Favoris
Favorite: D:\Documents and Settings\Dani\Favoris
Favorite: D:\Documents and Settings\Default User\Favoris
Favorite: D:\Documents and Settings\Eddy\Favoris
Favorite: D:\Documents and Settings\Hedge\Favoris
Favorite: D:\Documents and Settings\kevin\Favoris
Favorite: D:\Documents and Settings\krys\Favoris
Application Data: D:\Documents and Settings\Administrateur\Application Data
Application Data: D:\Documents and Settings\All Users\Application Data
Application Data: D:\Documents and Settings\Dani\Application Data
Application Data: D:\Documents and Settings\Default User\Application Data
Application Data: D:\Documents and Settings\Eddy\Application Data
Application Data: D:\Documents and Settings\Hedge\Application Data
Application Data: D:\Documents and Settings\kevin\Application Data
Application Data: D:\Documents and Settings\krys\Application Data
Application Data: D:\Documents and Settings\LocalService\Application Data
Application Data: D:\Documents and Settings\NetworkService\Application Data
Application Data: D:\Documents and Settings\All Users\Application Data
Quick Launch: D:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Dani\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Eddy\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Hedge\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\kevin\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\krys\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Quick Launch
Temporary Folder: D:\Documents and Settings\Administrateur\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Dani\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Default User\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Eddy\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Hedge\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\kevin\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\krys\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\LocalService\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\NetworkService\Local Settings\Temp
Temporary Folder: D:\WINDOWS\Temp
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Executable location: D:\Program Files\Malwarebytes' Anti-Malware
Database location: D:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref
Username: krys
Windows folder: D:\WINDOWS
System folder: D:\WINDOWS\system32
Root drive: D:
Program Files: D:\Program Files
Common Files: D:\Program Files\Fichiers communs
Desktop: D:\Documents and Settings\Administrateur\Bureau
Desktop: D:\Documents and Settings\All Users\Bureau
Desktop: D:\Documents and Settings\Dani\Bureau
Desktop: D:\Documents and Settings\Default User\Bureau
Desktop: D:\Documents and Settings\Eddy\Bureau
Desktop: D:\Documents and Settings\Hedge\Bureau
Desktop: D:\Documents and Settings\kevin\Bureau
Desktop: D:\Documents and Settings\krys\Bureau
Start Menu: D:\Documents and Settings\Administrateur\Menu Démarrer
Start Menu: D:\Documents and Settings\All Users\Menu Démarrer
Start Menu: D:\Documents and Settings\Dani\Menu Démarrer
Start Menu: D:\Documents and Settings\Default User\Menu Démarrer
Start Menu: D:\Documents and Settings\Eddy\Menu Démarrer
Start Menu: D:\Documents and Settings\Hedge\Menu Démarrer
Start Menu: D:\Documents and Settings\kevin\Menu Démarrer
Start Menu: D:\Documents and Settings\krys\Menu Démarrer
Start Menu: D:\Documents and Settings\All Users\Menu Démarrer
User Root: D:\Documents and Settings\Administrateur
User Root: D:\Documents and Settings\All Users
User Root: D:\Documents and Settings\Dani
User Root: D:\Documents and Settings\Default User
User Root: D:\Documents and Settings\Eddy
User Root: D:\Documents and Settings\Hedge
User Root: D:\Documents and Settings\kevin
User Root: D:\Documents and Settings\krys
User Root: D:\Documents and Settings\LocalService
User Root: D:\Documents and Settings\NetworkService
Favorite: D:\Documents and Settings\Administrateur\Favoris
Favorite: D:\Documents and Settings\All Users\Favoris
Favorite: D:\Documents and Settings\Dani\Favoris
Favorite: D:\Documents and Settings\Default User\Favoris
Favorite: D:\Documents and Settings\Eddy\Favoris
Favorite: D:\Documents and Settings\Hedge\Favoris
Favorite: D:\Documents and Settings\kevin\Favoris
Favorite: D:\Documents and Settings\krys\Favoris
Application Data: D:\Documents and Settings\Administrateur\Application Data
Application Data: D:\Documents and Settings\All Users\Application Data
Application Data: D:\Documents and Settings\Dani\Application Data
Application Data: D:\Documents and Settings\Default User\Application Data
Application Data: D:\Documents and Settings\Eddy\Application Data
Application Data: D:\Documents and Settings\Hedge\Application Data
Application Data: D:\Documents and Settings\kevin\Application Data
Application Data: D:\Documents and Settings\krys\Application Data
Application Data: D:\Documents and Settings\LocalService\Application Data
Application Data: D:\Documents and Settings\NetworkService\Application Data
Application Data: D:\Documents and Settings\All Users\Application Data
Quick Launch: D:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Dani\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Eddy\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Hedge\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\kevin\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\krys\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Quick Launch
Temporary Folder: D:\Documents and Settings\Administrateur\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Dani\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Default User\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Eddy\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Hedge\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\kevin\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\krys\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\LocalService\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\NetworkService\Local Settings\Temp
Temporary Folder: D:\WINDOWS\Temp
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
13 août 2008 à 03:13
13 août 2008 à 03:13
Ce n'est pas le bon rapport.
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
13 août 2008 à 15:55
13 août 2008 à 15:55
Ok.
Voici mon rapport, je pense que cette fois il s'agit du bon:
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Windows 5.1.2600 Service Pack 2
08:03:54 14/08/2008
mbam-log-8-14-2008 (08-03-35).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|H:\|J:\|)
Eléments examinés: 309802
Temps écoulé: 2 hour(s), 53 minute(s), 44 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adsst) -> Noare.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssearchassistant (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe (Adware.EGDAccess) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{9869efa6-18e9-11d3-a837-00104b9e30b5} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9869efb4-18e9-11d3-a837-00104b9e30b5} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
D:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\system32\myss_sb_uninstall.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\system32\adssite-remove.exe (Adware.Agent) -> No action taken.
D:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\system32\dcads_sidebar_uninstall.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\Fonts\death_font_ver1_0.zip (Trojan.Downloader) -> No action taken.
D:\Documents and Settings\Dani\Local Settings\Temp\CmdLineExt03.dll (Trojan.Agent) -> No action taken.
D:\Documents and Settings\krys\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Documents and Settings\kevin\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Documents and Settings\Hedge\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Documents and Settings\Dani\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (Trojan.BHO) -> No action taken.
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Windows 5.1.2600 Service Pack 2
08:03:54 14/08/2008
mbam-log-8-14-2008 (08-03-35).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|H:\|J:\|)
Eléments examinés: 309802
Temps écoulé: 2 hour(s), 53 minute(s), 44 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adsst) -> Noare.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssearchassistant (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe (Adware.EGDAccess) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{9869efa6-18e9-11d3-a837-00104b9e30b5} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9869efb4-18e9-11d3-a837-00104b9e30b5} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> No action taken.
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
D:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\system32\myss_sb_uninstall.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\system32\adssite-remove.exe (Adware.Agent) -> No action taken.
D:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\system32\dcads_sidebar_uninstall.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\Fonts\death_font_ver1_0.zip (Trojan.Downloader) -> No action taken.
D:\Documents and Settings\Dani\Local Settings\Temp\CmdLineExt03.dll (Trojan.Agent) -> No action taken.
D:\Documents and Settings\krys\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Documents and Settings\kevin\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Documents and Settings\Hedge\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Documents and Settings\Dani\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (Trojan.BHO) -> No action taken.
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
14 août 2008 à 16:18
14 août 2008 à 16:18
Tu as bien cliqué sur Supprimer la sélection ?
Je confirme j'ai bien supprimé la sélection. Suite à votre message j'ai refait un autre scan en mode sans échec puis redémarrer l'ordinateur comme demandé et voici le rapport donnée:
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Windows 5.1.2600 Service Pack 2
02:16:57 16/08/2008
mbam-log-8-16-2008 (02-16-57).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|H:\|J:\|)
Eléments examinés: 309951
Temps écoulé: 3 hour(s), 36 minute(s), 52 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Windows 5.1.2600 Service Pack 2
02:16:57 16/08/2008
mbam-log-8-16-2008 (02-16-57).txt
Type de recherche: Examen complet (C:\|D:\|E:\|F:\|H:\|J:\|)
Eléments examinés: 309951
Temps écoulé: 3 hour(s), 36 minute(s), 52 second(s)
Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0
Processus mémoire infecté(s):
(Aucun élément nuisible détecté)
Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)
Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)
Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.
Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)
Dossier(s) infecté(s):
(Aucun élément nuisible détecté)
Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 août 2008 à 02:34
16 août 2008 à 02:34
Tu as deux antivirus, il faut en retirer un.
Oui j'en avais deux Avast et Antivir, j'ai désinstallé avast mais est-il possible qu'il ne soit pas désinstallé correctement? Sinon actuellement j'ai antivir qui fonctionne sur mon ordinateur, A-SQUARRED gardien que j'ai installé récemment et ZONE ALARM comme pare-feu.
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 août 2008 à 02:49
16 août 2008 à 02:49
Il y a Norton aussi, supprime-le avec ceci :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe
C'est bizarre.. pourtant je n'ai jamais installé norton... fin à ma connaissance! Que dois-je faire ensuite? Mon problème de virus et de malware est-il réglé?
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 août 2008 à 03:42
16 août 2008 à 03:42
Norton est l'antivirus qui est installé d'office sur la plupart des PC de marque.
- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le bureau :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
- Double-clique sur Navilog1.exe afin de lancer l'installation
- Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le bureau
- Appuie sur F ou f puis valide par Entrée
- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options
- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix
- Patiente jusqu'au message : *** Analyse Termine le ..... ***
- Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse
- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt
N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le bureau :
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe
- Double-clique sur Navilog1.exe afin de lancer l'installation
- Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le bureau
- Appuie sur F ou f puis valide par Entrée
- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options
- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix
- Patiente jusqu'au message : *** Analyse Termine le ..... ***
- Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse
- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt
N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.
Bonsoir,
Voici mon rapport navilog:
Search Navipromo version 3.6.4 commencé le 16/08/2008 à 23:14:36,39
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis D:\Program Files\navilog1
Session actuelle : "krys"
Mise à jour le 16.08.2008 à 22h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "D:\WINDOWS" ***
*** Recherche dossiers dans "D:\Program Files" ***
*** Recherche dossiers dans "D:\Documents and Settings\All Users\menu démarrer\programmes" ***
*** Recherche dossiers dans "D:\Documents and Settings\All Users\menu démarrer" ***
*** Recherche dossiers dans "d:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "D:\Documents and Settings\krys\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Administrateur\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Dani\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Eddy\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Hedge\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\kevin\application data" ***
*** Recherche dossiers dans "D:\Documents and Settings\krys\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Administrateur\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Dani\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Eddy\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Hedge\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\kevin\local settings\application data" ***
*** Recherche dossiers dans "D:\Documents and Settings\krys\menu dÚmarrer\programmes" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "D:\WINDOWS\system32" *
* Recherche dans "D:\Documents and Settings\krys\local settings\application data" *
* Recherche dans "D:\DOCUME~1\Administrateur\local settings\application data" *
* Recherche dans "D:\DOCUME~1\Dani\local settings\application data" *
* Recherche dans "D:\DOCUME~1\Eddy\local settings\application data" *
* Recherche dans "D:\DOCUME~1\Hedge\local settings\application data" *
* Recherche dans "D:\DOCUME~1\kevin\local settings\application data" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "D:\WINDOWS\system32" :
* Dans "D:\Documents and Settings\krys\local settings\application data" :
* Dans "D:\DOCUME~1\Administrateur\local settings\application data" :
* Dans "D:\DOCUME~1\Dani\local settings\application data" :
* Dans "D:\DOCUME~1\Eddy\local settings\application data" :
* Dans "D:\DOCUME~1\Hedge\local settings\application data" :
* Dans "D:\DOCUME~1\kevin\local settings\application data" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
D:\WINDOWS\system32\qtstv.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 16/08/2008 à 23:21:52,62 ***
Voici mon rapport navilog:
Search Navipromo version 3.6.4 commencé le 16/08/2008 à 23:14:36,39
!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!
Outil exécuté depuis D:\Program Files\navilog1
Session actuelle : "krys"
Mise à jour le 16.08.2008 à 22h00 par IL-MAFIOSO
Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13
Système de fichiers : NTFS
Recherche executé en mode normal
*** Recherche Programmes installés ***
*** Recherche dossiers dans "D:\WINDOWS" ***
*** Recherche dossiers dans "D:\Program Files" ***
*** Recherche dossiers dans "D:\Documents and Settings\All Users\menu démarrer\programmes" ***
*** Recherche dossiers dans "D:\Documents and Settings\All Users\menu démarrer" ***
*** Recherche dossiers dans "d:\docume~1\alluse~1\applic~1" ***
*** Recherche dossiers dans "D:\Documents and Settings\krys\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Administrateur\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Dani\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Eddy\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Hedge\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\kevin\application data" ***
*** Recherche dossiers dans "D:\Documents and Settings\krys\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Administrateur\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Dani\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Eddy\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\Hedge\local settings\application data" ***
*** Recherche dossiers dans "D:\DOCUME~1\kevin\local settings\application data" ***
*** Recherche dossiers dans "D:\Documents and Settings\krys\menu dÚmarrer\programmes" ***
*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net
*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!
* Recherche dans "D:\WINDOWS\system32" *
* Recherche dans "D:\Documents and Settings\krys\local settings\application data" *
* Recherche dans "D:\DOCUME~1\Administrateur\local settings\application data" *
* Recherche dans "D:\DOCUME~1\Dani\local settings\application data" *
* Recherche dans "D:\DOCUME~1\Eddy\local settings\application data" *
* Recherche dans "D:\DOCUME~1\Hedge\local settings\application data" *
* Recherche dans "D:\DOCUME~1\kevin\local settings\application data" *
*** Recherche fichiers ***
*** Recherche clés spécifiques dans le Registre ***
*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)
1)Recherche nouveaux fichiers Instant Access :
2)Recherche Heuristique :
* Dans "D:\WINDOWS\system32" :
* Dans "D:\Documents and Settings\krys\local settings\application data" :
* Dans "D:\DOCUME~1\Administrateur\local settings\application data" :
* Dans "D:\DOCUME~1\Dani\local settings\application data" :
* Dans "D:\DOCUME~1\Eddy\local settings\application data" :
* Dans "D:\DOCUME~1\Hedge\local settings\application data" :
* Dans "D:\DOCUME~1\kevin\local settings\application data" :
3)Recherche Certificats :
Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !
4)Recherche fichiers connus :
D:\WINDOWS\system32\qtstv.bak2 trouvé ! infection Vundo possible non traitée par cet outil !
*** Analyse terminée le 16/08/2008 à 23:21:52,62 ***
Destrio5
Messages postés
85926
Date d'inscription
dimanche 11 juillet 2010
Statut
Modérateur
Dernière intervention
17 février 2023
10 297
16 août 2008 à 23:32
16 août 2008 à 23:32
T'es infecté par Vundo/Virtumonde.
---> Désinstalle Navilog1
---> Fais ceci :
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
---> Désinstalle Navilog1
---> Fais ceci :
---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe
/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\
---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"
---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.
/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\
En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.
Une fois le scan achevé, un rapport va s'afficher : Poste son contenu
/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\
Note : Le rapport se trouve également là : C:\ComboFix.txt
Bonsoir,
J'ai effectué le scan avec Combofix comme demandé mais pendant le travail de l'application un message d'erreur n'arrêtait pas d'apparaitre du genre: " regt.cfexe est introuvable: blabla impossible de trouver ACLUI.dll bla bla.."
Finalement j'ai réussi à terminer combofix comme demandé précédemment et voici ce qu'il m'a donné comme rapport:
ComboFix 08-08-15.04 - krys 2008-08-16 23:53:31.1 - NTFSx86
Endroit: D:\Documents and Settings\krys\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Documents and Settings\Hedge\Application Data\Adssite Advanced Toolbar
D:\Documents and Settings\Hedge\Application Data\Adssite Advanced Toolbar\selected.xml
D:\Documents and Settings\Hedge\Cookies\hedge@protectionconue[2].txt
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\#SharedObjects\SAGKEC5L\interclick.com
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\#SharedObjects\SAGKEC5L\interclick.com\ud.sol
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
D:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
D:\WINDOWS\system32\ceudalyr.ini
D:\WINDOWS\system32\dgsfklbb.ini
D:\WINDOWS\system32\ewekypwk.ini
D:\WINDOWS\system32\fjwbrunf.ini
D:\WINDOWS\system32\ftasusan.ini
D:\WINDOWS\system32\gindwovv.ini
D:\WINDOWS\system32\hiylfjvh.ini
D:\WINDOWS\system32\hmxckulr.ini
D:\WINDOWS\system32\iwtioamg.ini
D:\WINDOWS\system32\kbhdanpj.ini
D:\WINDOWS\system32\MSINET.oca
D:\WINDOWS\system32\nsg59.dll
D:\WINDOWS\system32\pyjvwvup.ini
D:\WINDOWS\system32\qtstv.bak2
D:\WINDOWS\system32\qtstv.ini
D:\WINDOWS\system32\qyfgwvou.ini
D:\WINDOWS\system32\rhxwsjko.ini
D:\WINDOWS\system32\ucxixoxl.ini
D:\WINDOWS\system32\usnspxwv.ini
D:\WINDOWS\system32\vgxyhrgs.ini
D:\WINDOWS\system32\vivseobx.ini
D:\WINDOWS\system32\xwbagloe.ini
D:\WINDOWS\system32\ymqfitju.ini
D:\WINDOWS\system32\yrkwillx.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))))))))
.
2008-08-15 02:13 . 2008-08-15 02:13 664 --a------ D:\WINDOWS\system32\d3d9caps.dat
2008-08-12 20:36 . 2008-08-12 20:36 <REP> d-------- D:\Documents and Settings\krys\Application Data\Malwarebytes
2008-08-12 02:18 . 2008-08-13 02:45 <REP> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 02:18 . 2008-08-12 02:18 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 02:18 . 2008-07-30 20:07 38,472 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-12 02:18 . 2008-07-30 20:07 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 11:51 . 2008-08-10 11:51 <REP> d-------- D:\Program Files\Zone Labs
2008-08-10 03:02 . 2008-08-10 03:02 <REP> d-------- D:\WINDOWS\system32\fr-fr
2008-08-10 02:48 . 2008-08-10 02:48 <REP> d--h----- D:\WINDOWS\system32\GroupPolicy
2008-08-09 15:19 . 2008-08-09 15:19 0 --a------ D:\WINDOWS\~VS1C.tmp
2008-08-09 11:43 . 2008-08-09 11:43 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-08-09 11:43 . 2008-08-09 11:43 1,409 --a------ D:\WINDOWS\QTFont.for
2008-08-01 00:20 . 2008-08-01 00:20 578,048 --a------ D:\WINDOWS\system32\DllCache\user32.dll
2008-08-01 00:12 . 2008-08-01 00:12 <REP> d-------- D:\WINDOWS\ERUNT
2008-07-31 00:04 . 2008-07-31 00:04 <REP> d-------- D:\Program Files\Avira
2008-07-28 22:53 . 2008-07-28 22:53 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-28 22:50 . 2008-07-28 22:53 <REP> d-------- D:\Program Files\Lavasoft
2008-07-28 22:50 . 2008-07-28 22:50 <REP> d-------- D:\Documents and Settings\krys\Application Data\Lavasoft
2008-07-25 01:56 . 2008-07-25 01:56 240 --a------ D:\WINDOWS\system32\drivers\vsconfig.xml
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 21:48 --------- d-----w D:\Program Files\Navilog1
2008-08-16 21:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-15 19:34 30,720 ----a-w D:\WINDOWS\Internet Logs\xDB2.tmp
2008-08-14 06:05 --------- d-----w D:\Program Files\MegauploadToolbar
2008-08-13 06:50 9,216 ----a-w D:\WINDOWS\Internet Logs\xDB1.tmp
2008-08-13 06:50 258,560 ----a-w D:\WINDOWS\Internet Logs\xDB77.tmp
2008-08-13 06:50 1,212,928 ----a-w D:\WINDOWS\Internet Logs\xDB78.tmp
2008-08-11 20:58 --------- d-----w D:\Documents and Settings\krys\Application Data\Skype
2008-08-11 06:12 9,728 ----a-w D:\WINDOWS\Internet Logs\xDBEA.tmp
2008-08-11 06:12 9,216 ----a-w D:\WINDOWS\Internet Logs\xDBEB.tmp
2008-08-11 06:11 80,384 ----a-w D:\WINDOWS\Internet Logs\xDBE8.tmp
2008-08-11 06:11 1,205,760 ----a-w D:\WINDOWS\Internet Logs\xDBE9.tmp
2008-08-09 12:26 --------- d-----w D:\Documents and Settings\krys\Application Data\BitTorrent
2008-08-08 21:09 --------- d-----w D:\Documents and Settings\krys\Application Data\MEGAUPLOADTOOLBAR
2008-08-06 20:42 --------- d-----w D:\Documents and Settings\Hedge\Application Data\MegauploadToolbar
2008-08-02 22:11 --------- d-----w D:\Program Files\CDBurnerXP Pro 3
2008-08-01 22:25 --------- d-----w D:\Program Files\Messenger Plus! Live
2008-08-01 20:49 --------- d-----w D:\Program Files\RPG Maker 2003
2008-08-01 20:49 --------- d-----w D:\Program Files\Pinnacle
2008-08-01 20:49 --------- d-----w D:\Program Files\FlashGet
2008-08-01 20:48 --------- d-----w D:\Program Files\DivX
2008-08-01 20:48 --------- d-----w D:\Program Files\BitTorrent++
2008-07-30 22:04 --------- d-----w D:\Documents and Settings\All Users\Application Data\Avira
2008-07-29 20:38 --------- d-----w D:\Documents and Settings\krys\Application Data\skypePM
2008-07-28 20:52 --------- d-----w D:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-18 17:26 --------- d-----w D:\Documents and Settings\Dani\Application Data\MEGAUPLOADTOOLBAR
2008-07-10 20:45 --------- d-----w D:\Documents and Settings\krys\Application Data\ArcSoft
2008-07-10 20:44 --------- d-----w D:\Program Files\Fichiers communs\Nikon
2008-07-10 20:42 --------- d-----w D:\Program Files\InstallShield Installation Information
2008-07-10 20:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-29 21:14 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2008-06-29 21:14 --------- d-----w D:\Documents and Settings\krys\Application Data\DAEMON Tools
2008-06-11 00:04 200,704 ----a-w D:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w D:\WINDOWS\system32\libdivx.dll
2002-07-26 15:02 153,088 ----a-w D:\Program Files\UNWISE.EXE
.
------- Sigcheck -------
2004-12-10 23:44 359040 37e6643b1c4fb5de3a4fcef92909b4ad D:\WINDOWS\system32\drivers\tcpip.sys
2005-03-12 04:42 2322816 ef63ab857ca46064a559d32ca57ca53b D:\WINDOWS\system32\ntoskrnl.exe
2005-03-22 22:54 1477120 7709e0d27cb024bdc8589833b0845f41 D:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Belkin Wireless USB Utility.lnk - D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 11:23:10 1404928]
D‚marrage rapide du logiciel HP Image Zone.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 00:05:56 65588]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"NoActiveDesktop"= 0 (0x0)
"ForceActiveDesktopOn"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SfcDisable"=dword:ffffff9d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2006-11-16 03:35 43008 D:\Documents and Settings\Hedge\Torrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\FlashFXP\\flashfxp.exe"=
"D:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"D:\\StubInstaller.exe"=
"D:\\Documents and Settings\\Hedge\\Mes documents\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BF2.exe"=
"C:\\Documents and Settings\\Krys\\eMule\\emule.exe"=
"D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\StubInstaller.exe"=
"D:\\Documents and Settings\\Hedge\\Mes documents\\Azureus\\Azureus.exe"=
"C:\\Documents and Settings\\Hedge\\Mes documents\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Hedge\\Mes documents\\Torrent\\bittorrent.exe"=
"D:\\Documents and Settings\\Hedge\\Torrent\\bittorrent.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"D:\\Documents and Settings\\Hedge\\Mes documents\\Shareaza\\Shareaza.exe"=
"C:\\Documents and Settings\\Hedge\\Mes documents\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"D:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"D:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\Program Files\\CapCom\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{081266f1-0942-11dc-9c6e-c42a6c3110d8}]
\Shell\AutoRun\command - setupSNK.exe
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-08-16 D:\WINDOWS\Tasks\HPpromotions journeysoftware.job
- D:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]
.
- - - - ORPHANS REMOVED - - - -
BHO-{E845745E-AB33-4446-852A-3633EE3B05E2} - D:\WINDOWS\system32\cmsetAC.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\krys\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\
FF -: plugin - D:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 23:58:26
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xvyuwczd]
"ImagePath"="system32\drivers\dyfnrdyf.dat"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET CLR Data]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET CLR Networking]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET Data Provider for Oracle]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET Data Provider for SqlServer]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NETFramework]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\a2AntiMalware]
"ImagePath"="\"C:\Program Files\a-squared Anti-Malware\a2service.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Abiosdsk]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\abp480n5]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ACPIEC]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Adobe LM Service]
"ImagePath"="\"D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\adpu160m]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Aha154x]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aic78u2]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aic78xx]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AliIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AmdK8]
"ImagePath"="system32\DRIVERS\AmdK8.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\amsint]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AntiVirScheduler]
"ImagePath"="\"D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AntiVirService]
"ImagePath"="\"D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AresChatServer]
"ImagePath"="C:\Program Files\Ares\chatServer.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Arp1394]
"ImagePath"="system32\DRIVERS\arp1394.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASAPIW2K]
"ImagePath"="System32\Drivers\ASAPIW2K.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc3350p]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc3550]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET_1.1.4322]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET_2.0.50727]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Aspi32]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AspiXNT]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Atdisk]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avgio]
"ImagePath"="\??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avgntflt]
"ImagePath"="\??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avipbb]
"ImagePath"="system32\DRIVERS\avipbb.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Beep]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BITS]
"ServiceDll"="D:\WINDOWS\system32\qmgr.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BLKWGU(Belkin)]
"ImagePath"="system32\DRIVERS\BLKWGU.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CamDrL]
"ImagePath"="system32\DRIVERS\Camdrl.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\catchme]
"ImagePath"="\??\D:\DOCUME~1\krys\Local Settings\Temp\catchme.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cbidf2k]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CCDECODE]
"ImagePath"="system32\DRIVERS\CCDECODE.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ccEvtMgr]
"ImagePath"="\"D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe\" /h ccCommon"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ccSetMgr]
"ImagePath"="\"D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe\" /h ccCommon"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cd20xrnt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdaudio]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Changer]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CmdIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cmpci]
"ImagePath"="system32\drivers\cmaudio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\COMSysApp]
"ImagePath"="D:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ContentFilter]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ContentIndex]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cpqarray]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\d347bus]
"ImagePath"="system32\DRIVERS\d347bus.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\d347prt]
"ImagePath"="System32\Drivers\d347prt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dac2w2k]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dac960nt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DCamUSBEMPIA]
"ImagePath"="system32\DRIVERS\emDevice.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dpti2o]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\emAudio]
"ImagePath"="system32\drivers\emAudio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\es1371]
"ImagePath"="system32\drivers\es1371mp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\EventSystem]
"ServiceDll"="D:\WINDOWS\system32\es.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fastfat]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fdc]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FiltUSBEMPIA]
"ImagePath"="system32\DRIVERS\emFilter.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fips]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Flpydisk]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ForceWare Intelligent Application Manager (IAM)]
"ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\gameenum]
"ImagePath"="system32\DRIVERS\gameenum.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hcarrjarfbyt]
"ImagePath"="system32\drivers\hcarrjarfbyt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hpn]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i2omp]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IDriverT]
"ImagePath"="\"D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ImapiService]
"ImagePath"="D:\WINDOWS\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\inetaccs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ini910u]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Inport]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IntelIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ip6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JGOGO]
"ImagePath"="system32\DRIVERS\JGOGO.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JRAID]
"ImagePath"="system32\DRIVERS\jraid.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\KSecDD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ldap]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LicenseService]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LiveUpdate]
"ImagePath"="\"D:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LVUSBSta]
"ImagePath"="system32\drivers\lvusbsta.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MDM]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mnmdd]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mnmsrvc]
"ImagePath"="D:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Modem]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MountMgr]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mraid35x]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSDTC]
"ImagePath"="D:\WINDOWS\system32\msdtc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Msfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSIServer]
"ImagePath"="D:\WINDOWS\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MTsensor]
"ImagePath"="system32\DRIVERS\ASACPI.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Mup]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NDIS]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NDProxy]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Npfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nSvcIp]
"ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nSvcLog]
"ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ntfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Null]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NULLPROTO]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nvata]
"ImagePath"="system32\DRIVERS\nvata.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVENETFD]
"ImagePath"="system32\DRIVERS\NVENETFD.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nvnetbus]
"ImagePath"="system32\DRIVERS\nvnetbus.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVTCP]
"ImagePath"="System32\DRIVERS\NVTcp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PartMgr]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ParVdm]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCASp50]
"ImagePath"="System32\Drivers\PCASp50.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCIDump]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCLEPCI]
"ImagePath"="\??\D:\WINDOWS\system32\drivers\pclepci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDRELI]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\perc2]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\perc2hib]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfNet]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfOS]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfProc]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PfModNT]
"ImagePath"="\??\D:\WINDOWS\system32\PfModNT.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\pfsvgae]
"ImagePath"="\??\D:\DOCUME~1\Dani\Local Settings\Temp\pfsvgae.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Pml Driver HPZ12]
"ImagePath"="D:\WINDOWS\system32\HPZipm12.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PnkBstrA]
"ImagePath"="D:\WINDOWS\system32\PnkBstrA.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PnkBstrB]
"ImagePath"="D:\WINDOWS\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PxHelp20]
"ImagePath"="system32\DRIVERS\PxHelp20.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1080]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql12160]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1240]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1280]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPDD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPNP]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPWD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDSessMgr]
"ImagePath"="D:\WINDOWS\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ROOTMODEM]
"ImagePath"="System32\Drivers\RootMdm.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASDIFSV]
"ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASENUM]
"ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASKUTIL]
"ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ScanUSBEMPIA]
"ImagePath"="system32\DRIVERS\emScan.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SCardDrv]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SDTHOOK]
"ImagePath"="System32\DRIVERS\SDTHOOK.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Simbad]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\smp_lpt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Sparrow]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\srescan]
"ImagePath"="system32\ZoneLabs\srescan.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\srservice]
"ServiceDll"="D:\WINDOWS\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdbus]
"ImagePath"="system32\DRIVERS\sscdbus.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdmdfl]
"ImagePath"="system32\DRIVERS\sscdmdfl.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdmdm]
"ImagePath"="system32\DRIVERS\sscdmdm.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ssmdrv]
"ImagePath"="system32\DRIVERS\ssmdrv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\StarOpen]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SwPrv]
"ImagePath"="D:\WINDOWS\system32\dllhost.exe /Processid:{6635FEB7-5681-4234-8082-47CE48AD5412}"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\symc810]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\symc8xx]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sym_hi]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sym_u3]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDTCP]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TlntSvr]
"ImagePath"="D:\WINDOWS\system32\tlntsvr.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TosIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TSDDD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Udfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ultra]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\uploadmgr]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usnjsvc]
"ImagePath"="\"D:\Program Files\MSN Messenger\usnsvc.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usprserv]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ViaIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Vofsmpumt-d9]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VolSnap]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\vsdatant]
"ImagePath"="System32\vsdatant.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\vsmon]
"ImagePath"="D:\WINDOWS\system32\ZoneLabs\vsmon.exe -service"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VxD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\W32Time]
"ServiceDll"="D:\WINDOWS\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\W3SVC]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WDICA]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Winsock]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WinSock2]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WinTrust]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmdmPmSN]
"ServiceDll"="D:\WINDOWS\system32\MsPMSNSv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmiApRpl]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmiApSrv]
"ImagePath"="D:\WINDOWS\system32\wbem\wmiapsrv.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WMPNetworkSvc]
"ImagePath"="\"D:\Program Files\Windows Media Player\WMPNetwk.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wuauserv]
"ServiceDll"="D:\WINDOWS\system32\wuauserv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xvyuwczd]
"ImagePath"="system32\drivers\dyfnrdyf.dat"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ZDPSp50]
"ImagePath"="System32\Drivers\ZDPSp50.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{01C11E6A-09DB-4C74-8A8F-4AF588705488}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{213DC0AE-334E-493A-B328-FFE24A608305}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{736A8DC2-D924-40CB-8DA8-493ABA0920C6}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{7D2177A5-2ACD-4A0B-A914-5A9F1AE8E34A}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{856AE575-12A9-418C-86BD-0F05D34E8680}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{F1EB8025-376C-4AB5-A5D8-5049338D9EC3}]
.
Temps d'accomplissement: 2008-08-17 0:08:52
ComboFix-quarantined-files.txt 2008-08-16 22:08:48
Pre-Run: 3,805,642,752 octets libres
Post-Run: 8,481,525,760 octets libres
848
J'ai effectué le scan avec Combofix comme demandé mais pendant le travail de l'application un message d'erreur n'arrêtait pas d'apparaitre du genre: " regt.cfexe est introuvable: blabla impossible de trouver ACLUI.dll bla bla.."
Finalement j'ai réussi à terminer combofix comme demandé précédemment et voici ce qu'il m'a donné comme rapport:
ComboFix 08-08-15.04 - krys 2008-08-16 23:53:31.1 - NTFSx86
Endroit: D:\Documents and Settings\krys\Bureau\ComboFix.exe
[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.
(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.
D:\Documents and Settings\Hedge\Application Data\Adssite Advanced Toolbar
D:\Documents and Settings\Hedge\Application Data\Adssite Advanced Toolbar\selected.xml
D:\Documents and Settings\Hedge\Cookies\hedge@protectionconue[2].txt
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\#SharedObjects\SAGKEC5L\interclick.com
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\#SharedObjects\SAGKEC5L\interclick.com\ud.sol
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
D:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
D:\WINDOWS\system32\ceudalyr.ini
D:\WINDOWS\system32\dgsfklbb.ini
D:\WINDOWS\system32\ewekypwk.ini
D:\WINDOWS\system32\fjwbrunf.ini
D:\WINDOWS\system32\ftasusan.ini
D:\WINDOWS\system32\gindwovv.ini
D:\WINDOWS\system32\hiylfjvh.ini
D:\WINDOWS\system32\hmxckulr.ini
D:\WINDOWS\system32\iwtioamg.ini
D:\WINDOWS\system32\kbhdanpj.ini
D:\WINDOWS\system32\MSINET.oca
D:\WINDOWS\system32\nsg59.dll
D:\WINDOWS\system32\pyjvwvup.ini
D:\WINDOWS\system32\qtstv.bak2
D:\WINDOWS\system32\qtstv.ini
D:\WINDOWS\system32\qyfgwvou.ini
D:\WINDOWS\system32\rhxwsjko.ini
D:\WINDOWS\system32\ucxixoxl.ini
D:\WINDOWS\system32\usnspxwv.ini
D:\WINDOWS\system32\vgxyhrgs.ini
D:\WINDOWS\system32\vivseobx.ini
D:\WINDOWS\system32\xwbagloe.ini
D:\WINDOWS\system32\ymqfitju.ini
D:\WINDOWS\system32\yrkwillx.ini
.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))))))))
.
2008-08-15 02:13 . 2008-08-15 02:13 664 --a------ D:\WINDOWS\system32\d3d9caps.dat
2008-08-12 20:36 . 2008-08-12 20:36 <REP> d-------- D:\Documents and Settings\krys\Application Data\Malwarebytes
2008-08-12 02:18 . 2008-08-13 02:45 <REP> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 02:18 . 2008-08-12 02:18 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 02:18 . 2008-07-30 20:07 38,472 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-12 02:18 . 2008-07-30 20:07 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 11:51 . 2008-08-10 11:51 <REP> d-------- D:\Program Files\Zone Labs
2008-08-10 03:02 . 2008-08-10 03:02 <REP> d-------- D:\WINDOWS\system32\fr-fr
2008-08-10 02:48 . 2008-08-10 02:48 <REP> d--h----- D:\WINDOWS\system32\GroupPolicy
2008-08-09 15:19 . 2008-08-09 15:19 0 --a------ D:\WINDOWS\~VS1C.tmp
2008-08-09 11:43 . 2008-08-09 11:43 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-08-09 11:43 . 2008-08-09 11:43 1,409 --a------ D:\WINDOWS\QTFont.for
2008-08-01 00:20 . 2008-08-01 00:20 578,048 --a------ D:\WINDOWS\system32\DllCache\user32.dll
2008-08-01 00:12 . 2008-08-01 00:12 <REP> d-------- D:\WINDOWS\ERUNT
2008-07-31 00:04 . 2008-07-31 00:04 <REP> d-------- D:\Program Files\Avira
2008-07-28 22:53 . 2008-07-28 22:53 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-28 22:50 . 2008-07-28 22:53 <REP> d-------- D:\Program Files\Lavasoft
2008-07-28 22:50 . 2008-07-28 22:50 <REP> d-------- D:\Documents and Settings\krys\Application Data\Lavasoft
2008-07-25 01:56 . 2008-07-25 01:56 240 --a------ D:\WINDOWS\system32\drivers\vsconfig.xml
.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 21:48 --------- d-----w D:\Program Files\Navilog1
2008-08-16 21:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-15 19:34 30,720 ----a-w D:\WINDOWS\Internet Logs\xDB2.tmp
2008-08-14 06:05 --------- d-----w D:\Program Files\MegauploadToolbar
2008-08-13 06:50 9,216 ----a-w D:\WINDOWS\Internet Logs\xDB1.tmp
2008-08-13 06:50 258,560 ----a-w D:\WINDOWS\Internet Logs\xDB77.tmp
2008-08-13 06:50 1,212,928 ----a-w D:\WINDOWS\Internet Logs\xDB78.tmp
2008-08-11 20:58 --------- d-----w D:\Documents and Settings\krys\Application Data\Skype
2008-08-11 06:12 9,728 ----a-w D:\WINDOWS\Internet Logs\xDBEA.tmp
2008-08-11 06:12 9,216 ----a-w D:\WINDOWS\Internet Logs\xDBEB.tmp
2008-08-11 06:11 80,384 ----a-w D:\WINDOWS\Internet Logs\xDBE8.tmp
2008-08-11 06:11 1,205,760 ----a-w D:\WINDOWS\Internet Logs\xDBE9.tmp
2008-08-09 12:26 --------- d-----w D:\Documents and Settings\krys\Application Data\BitTorrent
2008-08-08 21:09 --------- d-----w D:\Documents and Settings\krys\Application Data\MEGAUPLOADTOOLBAR
2008-08-06 20:42 --------- d-----w D:\Documents and Settings\Hedge\Application Data\MegauploadToolbar
2008-08-02 22:11 --------- d-----w D:\Program Files\CDBurnerXP Pro 3
2008-08-01 22:25 --------- d-----w D:\Program Files\Messenger Plus! Live
2008-08-01 20:49 --------- d-----w D:\Program Files\RPG Maker 2003
2008-08-01 20:49 --------- d-----w D:\Program Files\Pinnacle
2008-08-01 20:49 --------- d-----w D:\Program Files\FlashGet
2008-08-01 20:48 --------- d-----w D:\Program Files\DivX
2008-08-01 20:48 --------- d-----w D:\Program Files\BitTorrent++
2008-07-30 22:04 --------- d-----w D:\Documents and Settings\All Users\Application Data\Avira
2008-07-29 20:38 --------- d-----w D:\Documents and Settings\krys\Application Data\skypePM
2008-07-28 20:52 --------- d-----w D:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-18 17:26 --------- d-----w D:\Documents and Settings\Dani\Application Data\MEGAUPLOADTOOLBAR
2008-07-10 20:45 --------- d-----w D:\Documents and Settings\krys\Application Data\ArcSoft
2008-07-10 20:44 --------- d-----w D:\Program Files\Fichiers communs\Nikon
2008-07-10 20:42 --------- d-----w D:\Program Files\InstallShield Installation Information
2008-07-10 20:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-29 21:14 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2008-06-29 21:14 --------- d-----w D:\Documents and Settings\krys\Application Data\DAEMON Tools
2008-06-11 00:04 200,704 ----a-w D:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w D:\WINDOWS\system32\libdivx.dll
2002-07-26 15:02 153,088 ----a-w D:\Program Files\UNWISE.EXE
.
------- Sigcheck -------
2004-12-10 23:44 359040 37e6643b1c4fb5de3a4fcef92909b4ad D:\WINDOWS\system32\drivers\tcpip.sys
2005-03-12 04:42 2322816 ef63ab857ca46064a559d32ca57ca53b D:\WINDOWS\system32\ntoskrnl.exe
2005-03-22 22:54 1477120 7709e0d27cb024bdc8589833b0845f41 D:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Belkin Wireless USB Utility.lnk - D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 11:23:10 1404928]
D‚marrage rapide du logiciel HP Image Zone.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 00:05:56 65588]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"NoActiveDesktop"= 0 (0x0)
"ForceActiveDesktopOn"= 0 (0x0)
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SfcDisable"=dword:ffffff9d
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2006-11-16 03:35 43008 D:\Documents and Settings\Hedge\Torrent\bittorrent.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\FlashFXP\\flashfxp.exe"=
"D:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"D:\\StubInstaller.exe"=
"D:\\Documents and Settings\\Hedge\\Mes documents\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BF2.exe"=
"C:\\Documents and Settings\\Krys\\eMule\\emule.exe"=
"D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\StubInstaller.exe"=
"D:\\Documents and Settings\\Hedge\\Mes documents\\Azureus\\Azureus.exe"=
"C:\\Documents and Settings\\Hedge\\Mes documents\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Hedge\\Mes documents\\Torrent\\bittorrent.exe"=
"D:\\Documents and Settings\\Hedge\\Torrent\\bittorrent.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"D:\\Documents and Settings\\Hedge\\Mes documents\\Shareaza\\Shareaza.exe"=
"C:\\Documents and Settings\\Hedge\\Mes documents\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"D:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"D:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\Program Files\\CapCom\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - setupSNK.exe
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{081266f1-0942-11dc-9c6e-c42a6c3110d8}]
\Shell\AutoRun\command - setupSNK.exe
*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'
2008-08-16 D:\WINDOWS\Tasks\HPpromotions journeysoftware.job
- D:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]
.
- - - - ORPHANS REMOVED - - - -
BHO-{E845745E-AB33-4446-852A-3633EE3B05E2} - D:\WINDOWS\system32\cmsetAC.dll
.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\krys\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\
FF -: plugin - D:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 23:58:26
Windows 5.1.2600 Service Pack 2 NTFS
Balayage processus cachés ...
Balayage caché autostart entries ...
Balayage des fichiers cachés ...
Scan terminé avec succès
Les fichiers cachés: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xvyuwczd]
"ImagePath"="system32\drivers\dyfnrdyf.dat"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET CLR Data]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET CLR Networking]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET Data Provider for Oracle]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET Data Provider for SqlServer]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NETFramework]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\a2AntiMalware]
"ImagePath"="\"C:\Program Files\a-squared Anti-Malware\a2service.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Abiosdsk]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\abp480n5]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ACPIEC]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Adobe LM Service]
"ImagePath"="\"D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\adpu160m]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aec]
"ImagePath"="system32\drivers\aec.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Aha154x]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aic78u2]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aic78xx]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AliIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AmdK8]
"ImagePath"="system32\DRIVERS\AmdK8.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\amsint]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AntiVirScheduler]
"ImagePath"="\"D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AntiVirService]
"ImagePath"="\"D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AresChatServer]
"ImagePath"="C:\Program Files\Ares\chatServer.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Arp1394]
"ImagePath"="system32\DRIVERS\arp1394.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASAPIW2K]
"ImagePath"="System32\Drivers\ASAPIW2K.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc3350p]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc3550]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET_1.1.4322]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET_2.0.50727]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Aspi32]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AspiXNT]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Atdisk]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avgio]
"ImagePath"="\??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avgntflt]
"ImagePath"="\??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avipbb]
"ImagePath"="system32\DRIVERS\avipbb.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Beep]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BITS]
"ServiceDll"="D:\WINDOWS\system32\qmgr.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BLKWGU(Belkin)]
"ImagePath"="system32\DRIVERS\BLKWGU.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CamDrL]
"ImagePath"="system32\DRIVERS\Camdrl.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\catchme]
"ImagePath"="\??\D:\DOCUME~1\krys\Local Settings\Temp\catchme.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cbidf2k]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CCDECODE]
"ImagePath"="system32\DRIVERS\CCDECODE.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ccEvtMgr]
"ImagePath"="\"D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe\" /h ccCommon"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ccSetMgr]
"ImagePath"="\"D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe\" /h ccCommon"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cd20xrnt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdaudio]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Changer]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CmdIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cmpci]
"ImagePath"="system32\drivers\cmaudio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\COMSysApp]
"ImagePath"="D:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ContentFilter]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ContentIndex]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cpqarray]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\d347bus]
"ImagePath"="system32\DRIVERS\d347bus.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\d347prt]
"ImagePath"="System32\Drivers\d347prt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dac2w2k]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dac960nt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DCamUSBEMPIA]
"ImagePath"="system32\DRIVERS\emDevice.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dpti2o]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\emAudio]
"ImagePath"="system32\drivers\emAudio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\es1371]
"ImagePath"="system32\drivers\es1371mp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\EventSystem]
"ServiceDll"="D:\WINDOWS\system32\es.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fastfat]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fdc]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FiltUSBEMPIA]
"ImagePath"="system32\DRIVERS\emFilter.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fips]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Flpydisk]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ForceWare Intelligent Application Manager (IAM)]
"ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fs_Rec]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\gameenum]
"ImagePath"="system32\DRIVERS\gameenum.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hcarrjarfbyt]
"ImagePath"="system32\drivers\hcarrjarfbyt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hpn]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i2omgmt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i2omp]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IDriverT]
"ImagePath"="\"D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ImapiService]
"ImagePath"="D:\WINDOWS\system32\imapi.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\inetaccs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ini910u]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Inport]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IntelIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ip6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ISAPISearch]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JGOGO]
"ImagePath"="system32\DRIVERS\JGOGO.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JRAID]
"ImagePath"="system32\DRIVERS\jraid.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\KSecDD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lbrtfdc]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ldap]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LicenseService]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LiveUpdate]
"ImagePath"="\"D:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LVUSBSta]
"ImagePath"="system32\drivers\lvusbsta.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MDM]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mnmdd]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mnmsrvc]
"ImagePath"="D:\WINDOWS\system32\mnmsrvc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Modem]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MountMgr]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mraid35x]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSDTC]
"ImagePath"="D:\WINDOWS\system32\msdtc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Msfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSIServer]
"ImagePath"="D:\WINDOWS\system32\msiexec.exe /V"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MTsensor]
"ImagePath"="system32\DRIVERS\ASACPI.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Mup]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NDIS]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NDProxy]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Npfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nSvcIp]
"ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nSvcLog]
"ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ntfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Null]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NULLPROTO]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nvata]
"ImagePath"="system32\DRIVERS\nvata.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVENETFD]
"ImagePath"="system32\DRIVERS\NVENETFD.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nvnetbus]
"ImagePath"="system32\DRIVERS\nvnetbus.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVTCP]
"ImagePath"="System32\DRIVERS\NVTcp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PartMgr]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ParVdm]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCASp50]
"ImagePath"="System32\Drivers\PCASp50.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCIDump]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCLEPCI]
"ImagePath"="\??\D:\WINDOWS\system32\drivers\pclepci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Pcmcia]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDCOMP]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDFRAME]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDRELI]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDRFRAME]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\perc2]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\perc2hib]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfDisk]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfNet]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfOS]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfProc]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PfModNT]
"ImagePath"="\??\D:\WINDOWS\system32\PfModNT.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\pfsvgae]
"ImagePath"="\??\D:\DOCUME~1\Dani\Local Settings\Temp\pfsvgae.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Pml Driver HPZ12]
"ImagePath"="D:\WINDOWS\system32\HPZipm12.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PnkBstrA]
"ImagePath"="D:\WINDOWS\system32\PnkBstrA.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PnkBstrB]
"ImagePath"="D:\WINDOWS\system32\PnkBstrB.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PxHelp20]
"ImagePath"="system32\DRIVERS\PxHelp20.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1080]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ql10wnt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql12160]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1240]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1280]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPDD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPNP]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPWD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDSessMgr]
"ImagePath"="D:\WINDOWS\system32\sessmgr.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ROOTMODEM]
"ImagePath"="System32\Drivers\RootMdm.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASDIFSV]
"ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASENUM]
"ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASKUTIL]
"ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ScanUSBEMPIA]
"ImagePath"="system32\DRIVERS\emScan.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SCardDrv]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SDTHOOK]
"ImagePath"="System32\DRIVERS\SDTHOOK.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Sfloppy]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Simbad]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\smp_lpt]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Sparrow]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\srescan]
"ImagePath"="system32\ZoneLabs\srescan.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\srservice]
"ServiceDll"="D:\WINDOWS\system32\srsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdbus]
"ImagePath"="system32\DRIVERS\sscdbus.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdmdfl]
"ImagePath"="system32\DRIVERS\sscdmdfl.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdmdm]
"ImagePath"="system32\DRIVERS\sscdmdm.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ssmdrv]
"ImagePath"="system32\DRIVERS\ssmdrv.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\StarOpen]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SwPrv]
"ImagePath"="D:\WINDOWS\system32\dllhost.exe /Processid:{6635FEB7-5681-4234-8082-47CE48AD5412}"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\symc810]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\symc8xx]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sym_hi]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sym_u3]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDPIPE]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDTCP]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TlntSvr]
"ImagePath"="D:\WINDOWS\system32\tlntsvr.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TosIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TSDDD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Udfs]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ultra]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\uploadmgr]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usnjsvc]
"ImagePath"="\"D:\Program Files\MSN Messenger\usnsvc.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usprserv]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ViaIde]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Vofsmpumt-d9]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VolSnap]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\vsdatant]
"ImagePath"="System32\vsdatant.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\vsmon]
"ImagePath"="D:\WINDOWS\system32\ZoneLabs\vsmon.exe -service"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VxD]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\W32Time]
"ServiceDll"="D:\WINDOWS\system32\w32time.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\W3SVC]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WDICA]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Winsock]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WinSock2]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WinTrust]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmdmPmSN]
"ServiceDll"="D:\WINDOWS\system32\MsPMSNSv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmiApRpl]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmiApSrv]
"ImagePath"="D:\WINDOWS\system32\wbem\wmiapsrv.exe"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WMPNetworkSvc]
"ImagePath"="\"D:\Program Files\Windows Media Player\WMPNetwk.exe\""
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wuauserv]
"ServiceDll"="D:\WINDOWS\system32\wuauserv.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xvyuwczd]
"ImagePath"="system32\drivers\dyfnrdyf.dat"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ZDPSp50]
"ImagePath"="System32\Drivers\ZDPSp50.sys"
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{01C11E6A-09DB-4C74-8A8F-4AF588705488}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{213DC0AE-334E-493A-B328-FFE24A608305}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{736A8DC2-D924-40CB-8DA8-493ABA0920C6}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{7D2177A5-2ACD-4A0B-A914-5A9F1AE8E34A}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{856AE575-12A9-418C-86BD-0F05D34E8680}]
[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{F1EB8025-376C-4AB5-A5D8-5049338D9EC3}]
.
Temps d'accomplissement: 2008-08-17 0:08:52
ComboFix-quarantined-files.txt 2008-08-16 22:08:48
Pre-Run: 3,805,642,752 octets libres
Post-Run: 8,481,525,760 octets libres
848