je n'arrive pas à suppromer tr/bho.czo

Question

Bonjour,


J'ai un énorme problème. Cela a commencé il y a environ deux semaines. Mon PC en s'allumant m'a affiché un message d'erreur ERREUR RPC je sais pas quoi ARRET SYSTEM VOTRE ORDINATEUR VA ETRE REDEMARRER bla bla avec un décompte de 60 secondes. En plus de cela certains de mes programmes à chaque lancement soit ne se lance plus, soit se retrouve modifier tel que Mozilla firefox ou internet explorer. Je ne sais plus quoi faire. J'ai beau utiliser SPYBOT, ANTIVIR, A-SQUARRED rien à faire alors qu'ils détectent tous des problèmes et les suppriment. Le message d'erreur apparait toujours dès que je lance l'internet et les autres problèmes tel que la modification de mes fichiers suit. En scannant avec ANTIVIR je trouve toujours le même virus que je retue toujours à chaque redémarrage de PC tr/bho.czo!!!!! Aidez-moi s'il vous plait, comment faire pour récupérer un PC saint!

Destrio5 · Answer

Salut,

On va regarder ça.

- Télécharge HijackThis V 2.02 (HijackThis Installer) :
http://www.trendsecure.com/portal/en-US/threat_analytics/HJTInstall.exe

- Fais un double-clic sur HJTInstall.exe afin de lancer l'installation

- Clique sur Install ensuite sur I Accept

- Clique sur Do a scan system and save log file

- Le bloc-notes s'ouvrira, fais un copier-coller de tout son contenu ici dans ta prochaine réponse.

mido · Answer

Destrio5,

Étant donné que cette infection est récente (14/07/2008) vous pouvez probablement la supprimer (fichiers et valeur registre) à partir de ceci :
http://www.avira.com/fr/threats/section/fulldetails/id_vir/4237/tr_psw.onlin.aklo.2.html

mido · Answer

Destrio5, 

Oups.. se serait plutôt avec le lien suivant : http://www.avira.com/fr/threats/section/fulldetails/id_vir/4260/tr_bho.czo.html

christian Nt · Answer

Bonjour,

Voici le résultat de mon scan HIJACKTHIS:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 23:47:24, on 11/08/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0013)
Boot mode: Normal

Running processes:
D:\WINDOWS\System32\smss.exe
D:\WINDOWS\system32\csrss.exe
D:\WINDOWS\system32\winlogon.exe
D:\WINDOWS\system32\services.exe
D:\WINDOWS\system32\lsass.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\System32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\svchost.exe
D:\WINDOWS\system32\ZoneLabs\vsmon.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
D:\WINDOWS\system32\spoolsv.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
D:\WINDOWS\Explorer.EXE
C:\Program Files\a-squared Anti-Malware\a2service.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcIp.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcLog.exe
D:\WINDOWS\system32
vsvc32.exe
D:\WINDOWS\system32\HPZipm12.exe
D:\WINDOWS\system32\PnkBstrA.exe
D:\WINDOWS\system32\PnkBstrB.exe
D:\WINDOWS\system32\svchost.exe
D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcAppFlt.exe
D:\WINDOWS\system32\RUNDLL32.EXE
D:\WINDOWS\system32\LVCOMSX.EXE
D:\Program Files\Logitech\Video\LogiTray.exe
D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe
D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe
D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe
D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\a-squared Anti-Malware\a2guard.exe
D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
D:\WINDOWS\system32\ctfmon.exe
D:\WINDOWS\lclock.exe
D:\PROGRA~1\MSNMES~1\msnmsgr.exe
D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
D:\Documents and Settings\Hedge\Torrent\bittorrent.exe
D:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Ares\Ares.exe
D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
D:\WINDOWS\system32\wscntfy.exe
D:\WINDOWS\System32\alg.exe
D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
D:\Program Files\Logitech\Video\FxSvr2.exe
D:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
D:\Program Files\HP\Digital Imaging\Product Assistant\bin\hprblog.exe
D:\Program Files\Mozilla Firefox\firefox.exe
D:\Documents and Settings\krys\Bureau\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = https://www.bing.com/?cc=fr&toHttps=1&redig=55729C844D6A45819CAD368B3E178C9F
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.neuf.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.msn.com/fr-fr/?ocid=iehp
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://www.google.fr/keyword/%s
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Favoris
O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - D:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O2 - BHO: IeCatch2 Class - {A5366673-E8CA-11D3-9CD9-0090271D075B} - D:\PROGRA~1\FlashGet\jccatch.dll
O2 - BHO: FlashFXP Helper for Internet Explorer - {E5A1691B-D188-4419-AD02-90002030B8EE} - D:\PROGRA~1\FlashFXP\IEFlash.dll
O2 - BHO: (no name) - {E845745E-AB33-4446-852A-3633EE3B05E2} - D:\WINDOWS\system32\cmsetAC.dll (file missing)
O3 - Toolbar: FlashGet Bar - {E0E899AB-F487-11D5-8D29-0050BA6940E3} - D:\PROGRA~1\FlashGet\fgiebar.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - D:\PROGRA~1\MegauploadToolbar\megauploadtoolbar.dll
O4 - HKLM\..\Run: [JMB36X Configure] D:\WINDOWS\system32\JMRaidTool.exe boot
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE D:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE D:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [LVCOMSX] D:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [LogitechVideoRepair] D:\Program Files\Logitech\Video\ISStart.exe 
O4 - HKLM\..\Run: [LogitechVideoTray] D:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files\Java\jre1.6.0_01\bin\jusched.exe"
O4 - HKLM\..\Run: [HPHUPD08] D:\Program Files\HP\Digital Imaging\{33D6CC28-9F75-4d1b-A11D-98895B3A3729}\hphupd08.exe
O4 - HKLM\..\Run: [HP Software Update] D:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [ccApp] "D:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [ppmate] C:\Program Files\PPMate\PPMate\ppmate.exe -autoplay
O4 - HKLM\..\Run: [USB2Check] RUNDLL32.EXE "D:\WINDOWS\system32\PCLECoInst.dll",CheckUSBController
O4 - HKLM\..\Run: [USBToolTip] "D:\Program Files\Pinnacle\Shared Files\Programs\USBTip\USBTip.exe"
O4 - HKLM\..\Run: [PinnacleDriverCheck] D:\WINDOWS\system32\PSDrvCheck.exe
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\K-Lite Codec Pack\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [avgnt] "D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [a-squared] "C:\Program Files\a-squared Anti-Malware\a2guard.exe"
O4 - HKLM\..\Run: [Zone Labs Client] "D:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LClock] lclock.exe
O4 - HKCU\..\Run: [msnmsgr] "D:\PROGRA~1\MSNMES~1\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] D:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [BitTorrent] "D:\Documents and Settings\Hedge\Torrent\bittorrent.exe" --force_start_minimized
O4 - HKCU\..\Run: [Skype] "D:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-19\..\Run: [LClock] lclock.exe (User '?')
O4 - HKUS\S-1-5-19\..\Run: [MsnMsgr] "D:\Program Files\MSN Messenger\MsnMsgr.Exe" /background (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User '?')
O4 - HKUS\S-1-5-21-484763869-1844823847-839522115-1003\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User '?')
O4 - HKUS\S-1-5-18\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User '?')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] D:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [tscuninstall] %systemroot%\system32	scupgrd.exe (User 'Default user')
O4 - Global Startup: Belkin Wireless USB Utility.lnk = D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe
O4 - Global Startup: Démarrage rapide du logiciel HP Image Zone.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Microsoft Office.lnk = D:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: Télécharger avec FlashGet - D:\PROGRA~1\FlashGet\jc_link.htm
O8 - Extra context menu item: Télécharger tout avec FlashGet - D:\PROGRA~1\FlashGet\jc_all.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - D:\Program Files\Java\jre1.6.0_01\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - D:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\FICHIE~1\Skype\Skype4COM.dll
O20 - Winlogon Notify: !SASWinLogon - D:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: a-squared Anti-Malware Service (a2AntiMalware) - Emsi Software GmbH - C:\Program Files\a-squared Anti-Malware\a2service.exe
O23 - Service: Adobe LM Service - Unknown owner - D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: Avira AntiVir Personal - Free Antivirus Guard (AntiVirService) - Avira GmbH - D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ares Chatroom server (AresChatServer) - Ares Development Group - C:\Program Files\Ares\chatServer.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcAppFlt.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LiveUpdate - Symantec Corporation - D:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin
SvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - D:\WINDOWS\system32
vsvc32.exe
O23 - Service: Pml Driver HPZ12 - HP - D:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - D:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - D:\WINDOWS\system32\PnkBstrB.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - D:\WINDOWS\system32\ZoneLabs\vsmon.exe

Destrio5 · Answer

T'as deux antivirus, c'est pas bon.

- Télécharge et installe MalwareByte's Anti-Malware :
http://www.download.com/Malwarebytes-Anti-Malware/3000-8022_4-10804572.htm

- Mets-le à jour

- Redémarre en mode sans échec (Recommandé) :
https://www.malekal.com/demarrer-windows-mode-sans-echec/

- Choisis ta session habituelle

- Fais un scan complet avec MalwareByte's Anti-Malware

- Supprime tout ce que le logiciel trouve, enregistre le rapport

- Redémarre en mode normal et poste le rapport ici

Tutorial :
https://www.malekal.com/tutoriel-malwarebyte-anti-malware/

Christian Nt · Answer

Voici le rapport que j'ai obtenu avec malwarebyte's:

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Executable location: D:\Program Files\Malwarebytes' Anti-Malware
Database location: D:\Documents and Settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\rules.ref

Username: krys
Windows folder: D:\WINDOWS
System folder: D:\WINDOWS\system32
Root drive: D:
Program Files: D:\Program Files
Common Files: D:\Program Files\Fichiers communs

Desktop: D:\Documents and Settings\Administrateur\Bureau
Desktop: D:\Documents and Settings\All Users\Bureau
Desktop: D:\Documents and Settings\Dani\Bureau
Desktop: D:\Documents and Settings\Default User\Bureau
Desktop: D:\Documents and Settings\Eddy\Bureau
Desktop: D:\Documents and Settings\Hedge\Bureau
Desktop: D:\Documents and Settings\kevin\Bureau
Desktop: D:\Documents and Settings\krys\Bureau

Start Menu: D:\Documents and Settings\Administrateur\Menu Démarrer
Start Menu: D:\Documents and Settings\All Users\Menu Démarrer
Start Menu: D:\Documents and Settings\Dani\Menu Démarrer
Start Menu: D:\Documents and Settings\Default User\Menu Démarrer
Start Menu: D:\Documents and Settings\Eddy\Menu Démarrer
Start Menu: D:\Documents and Settings\Hedge\Menu Démarrer
Start Menu: D:\Documents and Settings\kevin\Menu Démarrer
Start Menu: D:\Documents and Settings\krys\Menu Démarrer
Start Menu: D:\Documents and Settings\All Users\Menu Démarrer

User Root: D:\Documents and Settings\Administrateur
User Root: D:\Documents and Settings\All Users
User Root: D:\Documents and Settings\Dani
User Root: D:\Documents and Settings\Default User
User Root: D:\Documents and Settings\Eddy
User Root: D:\Documents and Settings\Hedge
User Root: D:\Documents and Settings\kevin
User Root: D:\Documents and Settings\krys
User Root: D:\Documents and Settings\LocalService
User Root: D:\Documents and Settings\NetworkService

Favorite: D:\Documents and Settings\Administrateur\Favoris
Favorite: D:\Documents and Settings\All Users\Favoris
Favorite: D:\Documents and Settings\Dani\Favoris
Favorite: D:\Documents and Settings\Default User\Favoris
Favorite: D:\Documents and Settings\Eddy\Favoris
Favorite: D:\Documents and Settings\Hedge\Favoris
Favorite: D:\Documents and Settings\kevin\Favoris
Favorite: D:\Documents and Settings\krys\Favoris

Application Data: D:\Documents and Settings\Administrateur\Application Data
Application Data: D:\Documents and Settings\All Users\Application Data
Application Data: D:\Documents and Settings\Dani\Application Data
Application Data: D:\Documents and Settings\Default User\Application Data
Application Data: D:\Documents and Settings\Eddy\Application Data
Application Data: D:\Documents and Settings\Hedge\Application Data
Application Data: D:\Documents and Settings\kevin\Application Data
Application Data: D:\Documents and Settings\krys\Application Data
Application Data: D:\Documents and Settings\LocalService\Application Data
Application Data: D:\Documents and Settings\NetworkService\Application Data
Application Data: D:\Documents and Settings\All Users\Application Data

Quick Launch: D:\Documents and Settings\Administrateur\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\All Users\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Dani\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Eddy\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\Hedge\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\kevin\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\krys\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\LocalService\Application Data\Microsoft\Internet Explorer\Quick Launch
Quick Launch: D:\Documents and Settings\NetworkService\Application Data\Microsoft\Internet Explorer\Quick Launch

Temporary Folder: D:\Documents and Settings\Administrateur\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Dani\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Default User\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Eddy\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\Hedge\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\kevin\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\krys\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\LocalService\Local Settings\Temp
Temporary Folder: D:\Documents and Settings\NetworkService\Local Settings\Temp
Temporary Folder: D:\WINDOWS\Temp

Destrio5 · Answer

Ce n'est pas le bon rapport.

Christian Nt · Answer

Mince, je refais un autre scan ce soir et je vous envoie le rapport en ce cas.

Destrio5 · Answer

Ok.

Christian Nt · Answer

Voici mon rapport, je pense que cette fois il s'agit du bon:

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Windows 5.1.2600 Service Pack 2

08:03:54 14/08/2008
mbam-log-8-14-2008 (08-03-35).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|H:\|J:\|)
Eléments examinés: 309802
Temps écoulé: 2 hour(s), 53 minute(s), 44 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 19
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 12

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_CLASSES_ROOT\AppID\{8d71eeb8-a1a7-4733-8fa2-1cac015c967d} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{ceb9c60d-f0ad-4b73-a3ab-4fc822e38d66} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{1601d447-7424-4866-8dcc-acf98a2a41e1} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{c3c0ec2c-2c1c-495c-9ad0-1f0ef833d7b5} (Adware.BHO) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{c1a6d8b8-93c3-4186-9dd1-13983f9f1d9b} (Adware.RightOnAds) -> No action taken.
HKEY_CLASSES_ROOT\Typelib\{3160f356-e8c3-4de2-a698-92eeeb3d3400} (Adware.RightOnAds) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\mysearchassistant (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\adsst) -> Noare.Agent) -> No action taken.
HKEY_CLASSES_ROOT\AppID\Sidebar.DLL (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\MySidesearch (Adware.BHO) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\dcadssearchassistant (Adware.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\HID_Layer (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CAC (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\WebMediaPlayer.exe (Adware.EGDAccess) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{9869efa6-18e9-11d3-a837-00104b9e30b5} (Trojan.Agent) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{9869efb4-18e9-11d3-a837-00104b9e30b5} (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4e7bd74f-2b8d-469e-ccb0-b130eedbe97c} (Trojan.BHO) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
D:\WINDOWS\system32\WhoisCL.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\system32\myss_sb_uninstall.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\system32\adssite-remove.exe (Adware.Agent) -> No action taken.
D:\WINDOWS\system32\mysidesearch_sidebar_uninstall.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\system32\dcads_sidebar_uninstall.exe (Adware.BHO) -> No action taken.
D:\WINDOWS\Fonts\death_font_ver1_0.zip (Trojan.Downloader) -> No action taken.
D:\Documents and Settings\Dani\Local Settings\Temp\CmdLineExt03.dll (Trojan.Agent) -> No action taken.
D:\Documents and Settings\krys\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Documents and Settings\kevin\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Documents and Settings\Hedge\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Documents and Settings\Dani\Application Data\urlredir.cfg (Adware.RightOnAds) -> No action taken.
D:\Program Files\MegauploadToolbar\megauploadtoolbar.dll (Trojan.BHO) -> No action taken.

Destrio5 · Answer

Tu as bien cliqué sur Supprimer la sélection ?

Christian Nt · Answer

Je confirme j'ai bien supprimé la sélection. Suite à votre message j'ai refait un autre scan en mode sans échec puis redémarrer l'ordinateur comme demandé et voici le rapport donnée:

Malwarebytes' Anti-Malware 1.24
Version de la base de données: 1045
Windows 5.1.2600 Service Pack 2

02:16:57 16/08/2008
mbam-log-8-16-2008 (02-16-57).txt

Type de recherche: Examen complet (C:\|D:\|E:\|F:\|H:\|J:\|)
Eléments examinés: 309951
Temps écoulé: 3 hour(s), 36 minute(s), 52 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 3
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bf (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\bk (Trojan.Agent) -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Settings\iu (Trojan.Agent) -> Delete on reboot.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

Destrio5 · Answer

Tu as deux antivirus, il faut en retirer un.

Christian Nt · Answer

Oui j'en avais deux Avast et Antivir, j'ai désinstallé avast mais est-il possible qu'il ne soit pas désinstallé correctement? Sinon actuellement j'ai antivir qui fonctionne sur mon ordinateur, A-SQUARRED gardien que j'ai installé récemment et ZONE ALARM comme pare-feu.

Destrio5 · Answer

Il y a Norton aussi, supprime-le avec ceci :
ftp://ftp.symantec.com/public/francais/removal_tools/Norton_Removal_Tool.exe

Christian Nt · Answer

C'est bizarre.. pourtant je n'ai jamais installé norton... fin à ma connaissance! Que dois-je faire ensuite? Mon problème de virus et de malware est-il réglé?

Destrio5 · Answer

Norton est l'antivirus qui est installé d'office sur la plupart des PC de marque.

- Télécharge Navilog1 (de IL-MAFIOSO) et enregistre-le sur le bureau : 
http://perso.orange.fr/il.mafioso/Navifix/Navilog1.exe 

- Double-clique sur Navilog1.exe afin de lancer l'installation

- Si le fix ne lance pas automatiquement après son installation, double-clique sur Navilog1 présent sur le bureau

- Appuie sur F ou f  puis valide par Entrée

- Appuie sur une touche de ton clavier à chaque fois que cela est demandé, tu arriveras au menu des options

- Choisis l'option 1 et appuie sur la touche Entrée pour valider ton choix

- Patiente jusqu'au message : *** Analyse Termine le ..... ***

- Le scan fini, le bloc-notes contenant le rapport sera affiché, poste le contenu de ce rapport dans ta prochaine réponse

- Si le résultat du scan ne s'affiche pas, tu le trouveras dans C:\fixnavi.txt

N'utilise pas l'option 2, 3 et 4 sans notre accord, des fichiers légitimes peuvent être inclus dans ce scan.

Christian Nt · Answer

Bonsoir, 

Voici mon rapport navilog:

Search Navipromo version 3.6.4 commencé le 16/08/2008 à 23:14:36,39

!!! Attention,ce rapport peut indiquer des fichiers/programmes légitimes!!!
!!! Postez ce rapport sur le forum pour le faire analyser !!!
!!! Ne lancez pas la partie désinfection sans l'avis d'un spécialiste !!!

Outil exécuté depuis D:\Program Files
avilog1
Session actuelle : "krys" 

Mise à jour le 16.08.2008 à 22h00 par IL-MAFIOSO


Microsoft Windows XP [version 5.1.2600]
Internet Explorer : 7.0.5730.13 
Système de fichiers : NTFS

Recherche executé en mode normal

*** Recherche Programmes installés ***


*** Recherche dossiers dans "D:\WINDOWS" ***


*** Recherche dossiers dans "D:\Program Files" ***


*** Recherche dossiers dans "D:\Documents and Settings\All Users\menu démarrer\programmes" ***


*** Recherche dossiers dans "D:\Documents and Settings\All Users\menu démarrer" ***


*** Recherche dossiers dans "d:\docume~1\alluse~1\applic~1" ***


*** Recherche dossiers dans "D:\Documents and Settings\krys\application data" *** 


*** Recherche dossiers dans "D:\DOCUME~1\Administrateur\application data" *** 


*** Recherche dossiers dans "D:\DOCUME~1\Dani\application data" *** 


*** Recherche dossiers dans "D:\DOCUME~1\Eddy\application data" *** 


*** Recherche dossiers dans "D:\DOCUME~1\Hedge\application data" *** 


*** Recherche dossiers dans "D:\DOCUME~1\kevin\application data" *** 


*** Recherche dossiers dans "D:\Documents and Settings\krys\local settings\application data" *** 


*** Recherche dossiers dans "D:\DOCUME~1\Administrateur\local settings\application data" *** 


*** Recherche dossiers dans "D:\DOCUME~1\Dani\local settings\application data" *** 


*** Recherche dossiers dans "D:\DOCUME~1\Eddy\local settings\application data" *** 


*** Recherche dossiers dans "D:\DOCUME~1\Hedge\local settings\application data" *** 


*** Recherche dossiers dans "D:\DOCUME~1\kevin\local settings\application data" *** 


*** Recherche dossiers dans "D:\Documents and Settings\krys\menu dÚmarrer\programmes" *** 


*** Recherche avec Catchme-rootkit/stealth malware detector par gmer ***
pour + d'infos : http://www.gmer.net



*** Recherche avec GenericNaviSearch ***
!!! Tous ces résultats peuvent révéler des fichiers légitimes !!!
!!! A vérifier impérativement avant toute suppression manuelle !!!

* Recherche dans "D:\WINDOWS\system32" *

* Recherche dans "D:\Documents and Settings\krys\local settings\application data" * 

* Recherche dans "D:\DOCUME~1\Administrateur\local settings\application data" * 

* Recherche dans "D:\DOCUME~1\Dani\local settings\application data" * 

* Recherche dans "D:\DOCUME~1\Eddy\local settings\application data" * 

* Recherche dans "D:\DOCUME~1\Hedge\local settings\application data" * 

* Recherche dans "D:\DOCUME~1\kevin\local settings\application data" * 



*** Recherche fichiers *** 



*** Recherche clés spécifiques dans le Registre ***


*** Module de Recherche complémentaire ***
(Recherche fichiers spécifiques)

1)Recherche nouveaux fichiers Instant Access :


2)Recherche Heuristique :

* Dans "D:\WINDOWS\system32" :


* Dans "D:\Documents and Settings\krys\local settings\application data" : 


* Dans "D:\DOCUME~1\Administrateur\local settings\application data" : 


* Dans "D:\DOCUME~1\Dani\local settings\application data" : 


* Dans "D:\DOCUME~1\Eddy\local settings\application data" : 


* Dans "D:\DOCUME~1\Hedge\local settings\application data" : 


* Dans "D:\DOCUME~1\kevin\local settings\application data" : 


3)Recherche Certificats :

Certificat Egroup absent !
Certificat Electronic-Group absent !
Certificat Montorgueil absent !
Certificat OOO-Favorit absent !
Certificat Sunny-Day-Design-Ltd absent !

4)Recherche fichiers connus :

D:\WINDOWS\system32\qtstv.bak2 trouvé ! infection Vundo possible non traitée par cet outil !


*** Analyse terminée le 16/08/2008 à 23:21:52,62 ***

Destrio5 · Answer

T'es infecté par Vundo/Virtumonde.

---> Désinstalle Navilog1

---> Fais ceci :

---> Télécharge ComboFix.exe de sUBs sur ton Bureau :
http://download.bleepingcomputer.com/sUBs/ComboFix.exe

/!\ Déconnecte-toi du net et ferme toutes les applications, antivirus et antispyware y compris /!\

---> Double-clique sur Combofix.exe
Un "pop-up" va apparaître qui dit que "ComboFix est utilisé à vos risques et avec aucune garantie...".
Accepte en cliquant sur "Oui"

---> Mets-le en langue française F
Tape sur la touche 1 (Yes) pour démarrer le scan.

/!\ Ne touche à rien tant que le scan n'est pas terminé. /!\

En fin de scan, il est possible que ComboFix ait besoin de redémarrer le PC pour finaliser la désinfection, laisse-le faire.

Une fois le scan achevé, un rapport va s'afficher : Poste son contenu

/!\ Réactive la protection en temps réel de ton antivirus et de ton antispyware avant de te reconnecter à Internet. /!\

Note : Le rapport se trouve également là : C:\ComboFix.txt

Christian Nt · Answer

Bonsoir, J'ai effectué le scan avec Combofix comme demandé mais pendant le travail de l'application un message d'erreur n'arrêtait pas d'apparaitre du genre: " regt.cfexe est introuvable: blabla impossible de trouver ACLUI.dll bla bla.." Finalement j'ai réussi à terminer combofix comme demandé précédemment et voici ce qu'il m'a donné comme rapport: ComboFix 08-08-15.04 - krys 2008-08-16 23:53:31.1 - NTFSx86 Endroit: D:\Documents and Settings\krys\Bureau\ComboFix.exe [color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color] . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . D:\Documents and Settings\Hedge\Application Data\Adssite Advanced Toolbar D:\Documents and Settings\Hedge\Application Data\Adssite Advanced Toolbar\selected.xml D:\Documents and Settings\Hedge\Cookies\hedge@protectionconue[2].txt D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\#SharedObjects\SAGKEC5L\interclick.com D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\#SharedObjects\SAGKEC5L\interclick.com\ud.sol D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol D:\Program Files\Mozilla Firefox\components sBrowserOpt.dll D:\WINDOWS\system32\ceudalyr.ini D:\WINDOWS\system32\dgsfklbb.ini D:\WINDOWS\system32\ewekypwk.ini D:\WINDOWS\system32\fjwbrunf.ini D:\WINDOWS\system32\ftasusan.ini D:\WINDOWS\system32\gindwovv.ini D:\WINDOWS\system32\hiylfjvh.ini D:\WINDOWS\system32\hmxckulr.ini D:\WINDOWS\system32\iwtioamg.ini D:\WINDOWS\system32\kbhdanpj.ini D:\WINDOWS\system32\MSINET.oca D:\WINDOWS\system32 sg59.dll D:\WINDOWS\system32\pyjvwvup.ini D:\WINDOWS\system32\qtstv.bak2 D:\WINDOWS\system32\qtstv.ini D:\WINDOWS\system32\qyfgwvou.ini D:\WINDOWS\system32 hxwsjko.ini D:\WINDOWS\system32\ucxixoxl.ini D:\WINDOWS\system32\usnspxwv.ini D:\WINDOWS\system32\vgxyhrgs.ini D:\WINDOWS\system32\vivseobx.ini D:\WINDOWS\system32\xwbagloe.ini D:\WINDOWS\system32\ymqfitju.ini D:\WINDOWS\system32\yrkwillx.ini . ((((((((((((((((((((((((((((( Fichiers créés 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))))))) . 2008-08-15 02:13 . 2008-08-15 02:13 664 --a------ D:\WINDOWS\system32\d3d9caps.dat 2008-08-12 20:36 . 2008-08-12 20:36 d-------- D:\Documents and Settings\krys\Application Data\Malwarebytes 2008-08-12 02:18 . 2008-08-13 02:45 d-------- D:\Program Files\Malwarebytes' Anti-Malware 2008-08-12 02:18 . 2008-08-12 02:18 d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes 2008-08-12 02:18 . 2008-07-30 20:07 38,472 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys 2008-08-12 02:18 . 2008-07-30 20:07 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys 2008-08-10 11:51 . 2008-08-10 11:51 d-------- D:\Program Files\Zone Labs 2008-08-10 03:02 . 2008-08-10 03:02 d-------- D:\WINDOWS\system32\fr-fr 2008-08-10 02:48 . 2008-08-10 02:48 d--h----- D:\WINDOWS\system32\GroupPolicy 2008-08-09 15:19 . 2008-08-09 15:19 0 --a------ D:\WINDOWS\~VS1C.tmp 2008-08-09 11:43 . 2008-08-09 11:43 54,156 --ah----- D:\WINDOWS\QTFont.qfn 2008-08-09 11:43 . 2008-08-09 11:43 1,409 --a------ D:\WINDOWS\QTFont.for 2008-08-01 00:20 . 2008-08-01 00:20 578,048 --a------ D:\WINDOWS\system32\DllCache\user32.dll 2008-08-01 00:12 . 2008-08-01 00:12 d-------- D:\WINDOWS\ERUNT 2008-07-31 00:04 . 2008-07-31 00:04 d-------- D:\Program Files\Avira 2008-07-28 22:53 . 2008-07-28 22:53 d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft 2008-07-28 22:50 . 2008-07-28 22:53 d-------- D:\Program Files\Lavasoft 2008-07-28 22:50 . 2008-07-28 22:50 d-------- D:\Documents and Settings\krys\Application Data\Lavasoft 2008-07-25 01:56 . 2008-07-25 01:56 240 --a------ D:\WINDOWS\system32\drivers\vsconfig.xml . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2008-08-16 21:48 --------- d-----w D:\Program Files\Navilog1 2008-08-16 21:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy 2008-08-15 19:34 30,720 ----a-w D:\WINDOWS\Internet Logs\xDB2.tmp 2008-08-14 06:05 --------- d-----w D:\Program Files\MegauploadToolbar 2008-08-13 06:50 9,216 ----a-w D:\WINDOWS\Internet Logs\xDB1.tmp 2008-08-13 06:50 258,560 ----a-w D:\WINDOWS\Internet Logs\xDB77.tmp 2008-08-13 06:50 1,212,928 ----a-w D:\WINDOWS\Internet Logs\xDB78.tmp 2008-08-11 20:58 --------- d-----w D:\Documents and Settings\krys\Application Data\Skype 2008-08-11 06:12 9,728 ----a-w D:\WINDOWS\Internet Logs\xDBEA.tmp 2008-08-11 06:12 9,216 ----a-w D:\WINDOWS\Internet Logs\xDBEB.tmp 2008-08-11 06:11 80,384 ----a-w D:\WINDOWS\Internet Logs\xDBE8.tmp 2008-08-11 06:11 1,205,760 ----a-w D:\WINDOWS\Internet Logs\xDBE9.tmp 2008-08-09 12:26 --------- d-----w D:\Documents and Settings\krys\Application Data\BitTorrent 2008-08-08 21:09 --------- d-----w D:\Documents and Settings\krys\Application Data\MEGAUPLOADTOOLBAR 2008-08-06 20:42 --------- d-----w D:\Documents and Settings\Hedge\Application Data\MegauploadToolbar 2008-08-02 22:11 --------- d-----w D:\Program Files\CDBurnerXP Pro 3 2008-08-01 22:25 --------- d-----w D:\Program Files\Messenger Plus! Live 2008-08-01 20:49 --------- d-----w D:\Program Files\RPG Maker 2003 2008-08-01 20:49 --------- d-----w D:\Program Files\Pinnacle 2008-08-01 20:49 --------- d-----w D:\Program Files\FlashGet 2008-08-01 20:48 --------- d-----w D:\Program Files\DivX 2008-08-01 20:48 --------- d-----w D:\Program Files\BitTorrent++ 2008-07-30 22:04 --------- d-----w D:\Documents and Settings\All Users\Application Data\Avira 2008-07-29 20:38 --------- d-----w D:\Documents and Settings\krys\Application Data\skypePM 2008-07-28 20:52 --------- d-----w D:\Program Files\Fichiers communs\Wise Installation Wizard 2008-07-18 17:26 --------- d-----w D:\Documents and Settings\Dani\Application Data\MEGAUPLOADTOOLBAR 2008-07-10 20:45 --------- d-----w D:\Documents and Settings\krys\Application Data\ArcSoft 2008-07-10 20:44 --------- d-----w D:\Program Files\Fichiers communs\Nikon 2008-07-10 20:42 --------- d-----w D:\Program Files\InstallShield Installation Information 2008-07-10 20:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer 2008-06-29 21:14 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys 2008-06-29 21:14 --------- d-----w D:\Documents and Settings\krys\Application Data\DAEMON Tools 2008-06-11 00:04 200,704 ----a-w D:\WINDOWS\system32\ssldivx.dll 2008-06-11 00:04 1,044,480 ----a-w D:\WINDOWS\system32\libdivx.dll 2002-07-26 15:02 153,088 ----a-w D:\Program Files\UNWISE.EXE . ------- Sigcheck ------- 2004-12-10 23:44 359040 37e6643b1c4fb5de3a4fcef92909b4ad D:\WINDOWS\system32\drivers cpip.sys 2005-03-12 04:42 2322816 ef63ab857ca46064a559d32ca57ca53b D:\WINDOWS\system32 toskrnl.exe 2005-03-22 22:54 1477120 7709e0d27cb024bdc8589833b0845f41 D:\WINDOWS\explorer.exe . ((((((((((((((((((((((((((((((((( Point de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\ Belkin Wireless USB Utility.lnk - D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 11:23:10 1404928] D‚marrage rapide du logiciel HP Image Zone.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728] HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624] Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 00:05:56 65588] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) "NoActiveDesktop"= 0 (0x0) "ForceActiveDesktopOn"= 0 (0x0) [HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer] "ForceClassicControlPanel"= 1 (0x1) "NoSMBalloonTip"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon] "SfcDisable"=dword:ffffff9d [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon otify\!SASWinLogon] 2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "vidc.3iv2"= 3ivxVfWCodec.dll "VIDC.HFYU"= huffyuv.dll "VIDC.VP31"= vp31vfw.dll "vidc.yv12"= yv12vfw.dll "VIDC.MJPG"= Pvmjpg30.dll "VIDC.PIM1"= pclepim1.dll [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent] --a------ 2006-11-16 03:35 43008 D:\Documents and Settings\Hedge\Torrent\bittorrent.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe"= "D:\Program Files\FlashFXP\flashfxp.exe"= "D:\Program Files\BitTorrent\bittorrent.exe"= "D:\Program Files\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\Apache.exe"= "D:\Program Files\eMule\emule.exe"= "D:\StubInstaller.exe"= "D:\Documents and Settings\Hedge\Mes documents\LimeWire\LimeWire.exe"= "C:\Program Files\BF2.exe"= "C:\Documents and Settings\Krys\eMule\emule.exe"= "D:\Program Files\EA GAMES\Battlefield 2\BF2.exe"= "C:\Program Files\Atari\Test Drive Unlimited\TestDriveUnlimited.exe"= "C:\StubInstaller.exe"= "D:\Documents and Settings\Hedge\Mes documents\Azureus\Azureus.exe"= "C:\Documents and Settings\Hedge\Mes documents\LimeWire\LimeWire.exe"= "C:\Documents and Settings\Hedge\Mes documents\Torrent\bittorrent.exe"= "D:\Documents and Settings\Hedge\Torrent\bittorrent.exe"= "D:\Program Files\Messenger\msmsgs.exe"= "C:\Program Files\eMule\emule.exe"= "D:\Documents and Settings\Hedge\Mes documents\Shareaza\Shareaza.exe"= "C:\Documents and Settings\Hedge\Mes documents\Shareaza\Shareaza.exe"= "D:\Program Files\MSN Messenger\msnmsgr.exe"= "D:\Program Files\MSN Messenger\livecall.exe"= "D:\Program Files\Mozilla Firefox\firefox.exe"= "C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe"= "C:\Program Files\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe"= "C:\Program Files\KONAMI\Pro Evolution Soccer 6\PES6.exe"= "D:\WINDOWS\system32\dplaysvr.exe"= "D:\Program Files\Electronic Arts\Battlefield 2142\BF2142.exe"= "D:\Program Files\GameSpy\Comrade\Comrade.exe"= "C:\Program Files\CapCom\Lost Planet Extreme Condition\LostPlanetDx9.exe"= "C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Game.exe"= "C:\Program Files\Ubisoft\Tom Clancy's Rainbow Six Vegas\Binaries\R6Vegas_Launcher.exe"= "C:\Program Files\PPMate\PPMate\ppmate.exe"= "C:\Program Files\Pinnacle\Studio 10\programs\RM.exe"= "C:\Program Files\Pinnacle\Studio 10\programs\Studio.exe"= "C:\Program Files\Pinnacle\Studio 10\programs\PMSRegisterFile.exe"= "C:\Program Files\Pinnacle\Studio 10\programs\umi.exe"= "D:\Program Files\Skype\Phone\Skype.exe"= "C:\Program Files\Ares\Ares.exe"= [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J] \Shell\AutoRun\command - setupSNK.exe [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{081266f1-0942-11dc-9c6e-c42a6c3110d8}] \Shell\AutoRun\command - setupSNK.exe *Newly Created Service* - PROCEXP90 . Contenu du dossier 'Scheduled Tasks/Tâches planifiées' 2008-08-16 D:\WINDOWS\Tasks\HPpromotions journeysoftware.job - D:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36] . - - - - ORPHANS REMOVED - - - - BHO-{E845745E-AB33-4446-852A-3633EE3B05E2} - D:\WINDOWS\system32\cmsetAC.dll . ------- Supplementary Scan ------- . FireFox -: Profile - D:\Documents and Settings\krys\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\ FF -: plugin - D:\Program Files\DivX\DivX Content Uploader pUpload.dll FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins pqtplugin.dll FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins pqtplugin2.dll FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins pqtplugin3.dll FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins pqtplugin4.dll FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins pqtplugin5.dll FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins pqtplugin6.dll FF -: plugin - D:\Program Files\K-Lite Codec Pack eal\browser\plugins ppl3260.dll FF -: plugin - D:\Program Files\K-Lite Codec Pack eal\browser\plugins prpjplug.dll FF -: plugin - D:\Program Files\Mozilla Firefox\plugins pbittorrent.dll FF -: plugin - D:\Program Files\Mozilla Firefox\plugins pmozax.dll FF -: plugin - D:\Program Files\Mozilla Firefox\plugins pOGAPlugin.dll ************************************************************************** catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-08-16 23:58:26 Windows 5.1.2600 Service Pack 2 NTFS Balayage processus cachés ... Balayage caché autostart entries ... Balayage des fichiers cachés ... Scan terminé avec succès Les fichiers cachés: 0 ************************************************************************** [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xvyuwczd] "ImagePath"="system32\drivers\dyfnrdyf.dat" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET CLR Data] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET CLR Networking] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET Data Provider for Oracle] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET Data Provider for SqlServer] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NETFramework] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\a2AntiMalware] "ImagePath"="\"C:\Program Files\a-squared Anti-Malware\a2service.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Abiosdsk] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\abp480n5] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ACPI] "ImagePath"="system32\DRIVERS\ACPI.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ACPIEC] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Adobe LM Service] "ImagePath"="\"D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\adpu160m] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aec] "ImagePath"="system32\drivers\aec.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AFD] "ImagePath"="\SystemRoot\System32\drivers\afd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Aha154x] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aic78u2] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aic78xx] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Alerter] "ServiceDll"="%SystemRoot%\system32\alrsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ALG] "ImagePath"="%SystemRoot%\System32\alg.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AliIde] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AmdK8] "ImagePath"="system32\DRIVERS\AmdK8.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\amsint] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AntiVirScheduler] "ImagePath"="\"D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AntiVirService] "ImagePath"="\"D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AppMgmt] "ServiceDll"="%SystemRoot%\System32\appmgmts.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AresChatServer] "ImagePath"="C:\Program Files\Ares\chatServer.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Arp1394] "ImagePath"="system32\DRIVERS\arp1394.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASAPIW2K] "ImagePath"="System32\Drivers\ASAPIW2K.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc3350p] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc3550] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET_1.1.4322] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET_2.0.50727] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Aspi32] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AspiXNT] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aspnet_state] "ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AsyncMac] "ImagePath"="system32\DRIVERS\asyncmac.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\atapi] "ImagePath"="system32\DRIVERS\atapi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Atdisk] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Atmarpc] "ImagePath"="system32\DRIVERS\atmarpc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AudioSrv] "ServiceDll"="%SystemRoot%\System32\audiosrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\audstub] "ImagePath"="system32\DRIVERS\audstub.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avgio] "ImagePath"="\??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avgntflt] "ImagePath"="\??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avipbb] "ImagePath"="system32\DRIVERS\avipbb.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BattC] "MofImagePath"="System32\Drivers\battc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Beep] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BITS] "ServiceDll"="D:\WINDOWS\system32\qmgr.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BLKWGU(Belkin)] "ImagePath"="system32\DRIVERS\BLKWGU.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Browser] "ServiceDll"="%SystemRoot%\System32\browser.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CamDrL] "ImagePath"="system32\DRIVERS\Camdrl.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\catchme] "ImagePath"="\??\D:\DOCUME~1\krys\Local Settings\Temp\catchme.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cbidf2k] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CCDECODE] "ImagePath"="system32\DRIVERS\CCDECODE.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ccEvtMgr] "ImagePath"="\"D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe\" /h ccCommon" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ccSetMgr] "ImagePath"="\"D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe\" /h ccCommon" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cd20xrnt] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdaudio] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdfs] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdrom] "ImagePath"="system32\DRIVERS\cdrom.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Changer] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CiSvc] "ImagePath"="%SystemRoot%\system32\cisvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ClipSrv] "ImagePath"="%SystemRoot%\system32\clipsrv.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\clr_optimization_v2.0.50727_32] "ImagePath"="D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CmdIde] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cmpci] "ImagePath"="system32\drivers\cmaudio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\COMSysApp] "ImagePath"="D:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ContentFilter] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ContentIndex] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cpqarray] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CryptSvc] "ServiceDll"="%SystemRoot%\System32\cryptsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\d347bus] "ImagePath"="system32\DRIVERS\d347bus.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\d347prt] "ImagePath"="System32\Drivers\d347prt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dac2w2k] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dac960nt] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DCamUSBEMPIA] "ImagePath"="system32\DRIVERS\emDevice.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DcomLaunch] "ServiceDll"="%SystemRoot%\system32 pcss.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Dhcp] "ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Disk] "ImagePath"="system32\DRIVERS\disk.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmadmin] "ImagePath"="%SystemRoot%\System32\dmadmin.exe /com" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmboot] "ImagePath"="System32\drivers\dmboot.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmio] "ImagePath"="System32\drivers\dmio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmload] "ImagePath"="System32\drivers\dmload.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmserver] "ServiceDll"="%SystemRoot%\System32\dmserver.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DMusic] "ImagePath"="system32\drivers\DMusic.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Dnscache] "ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dpti2o] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\drmkaud] "ImagePath"="system32\drivers\drmkaud.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\emAudio] "ImagePath"="system32\drivers\emAudio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ERSvc] "ServiceDll"="%SystemRoot%\System32\ersvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\es1371] "ImagePath"="system32\drivers\es1371mp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Eventlog] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\EventSystem] "ServiceDll"="D:\WINDOWS\system32\es.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fastfat] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FastUserSwitchingCompatibility] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fdc] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FiltUSBEMPIA] "ImagePath"="system32\DRIVERS\emFilter.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fips] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Flpydisk] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FltMgr] "ImagePath"="system32\DRIVERS\fltMgr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ForceWare Intelligent Application Manager (IAM)] "ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin SvcAppFlt.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fs_Rec] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ftdisk] "ImagePath"="system32\DRIVERS\ftdisk.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\gameenum] "ImagePath"="system32\DRIVERS\gameenum.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Gpc] "ImagePath"="system32\DRIVERS\msgpc.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hcarrjarfbyt] "ImagePath"="system32\drivers\hcarrjarfbyt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HDAudBus] "ImagePath"="system32\DRIVERS\HDAudBus.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\helpsvc] "ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HidServ] "ServiceDll"="%SystemRoot%\System32\hidserv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hidusb] "ImagePath"="system32\DRIVERS\hidusb.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hpn] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZid412] "ImagePath"="system32\DRIVERS\HPZid412.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZipr12] "ImagePath"="system32\DRIVERS\HPZipr12.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZius12] "ImagePath"="system32\DRIVERS\HPZius12.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HTTP] "ImagePath"="System32\Drivers\HTTP.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HTTPFilter] "ServiceDll"="%SystemRoot%\System32\w3ssl.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i2omgmt] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i2omp] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i8042prt] "ImagePath"="system32\DRIVERS\i8042prt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IDriverT] "ImagePath"="\"D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Imapi] "ImagePath"="system32\DRIVERS\imapi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ImapiService] "ImagePath"="D:\WINDOWS\system32\imapi.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\inetaccs] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ini910u] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Inport] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IntelIde] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ip6Fw] "ImagePath"="system32\DRIVERS\Ip6Fw.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpFilterDriver] "ImagePath"="system32\DRIVERS\ipfltdrv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpInIp] "ImagePath"="system32\DRIVERS\ipinip.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpNat] "ImagePath"="system32\DRIVERS\ipnat.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IPSec] "ImagePath"="system32\DRIVERS\ipsec.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IRENUM] "ImagePath"="system32\DRIVERS\irenum.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ISAPISearch] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\isapnp] "ImagePath"="system32\DRIVERS\isapnp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JGOGO] "ImagePath"="system32\DRIVERS\JGOGO.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JRAID] "ImagePath"="system32\DRIVERS\jraid.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Kbdclass] "ImagePath"="system32\DRIVERS\kbdclass.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\kmixer] "ImagePath"="system32\drivers\kmixer.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\KSecDD] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lanmanserver] "ServiceDll"="%SystemRoot%\System32\srvsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lanmanworkstation] "ServiceDll"="%SystemRoot%\System32\wkssvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lbrtfdc] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ldap] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LicenseService] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LiveUpdate] "ImagePath"="\"D:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE\"" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LmHosts] "ServiceDll"="%SystemRoot%\System32\lmhsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LVUSBSta] "ImagePath"="system32\drivers\lvusbsta.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MDM] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Messenger] "ServiceDll"="%SystemRoot%\System32\msgsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mnmdd] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mnmsrvc] "ImagePath"="D:\WINDOWS\system32\mnmsrvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Modem] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Mouclass] "ImagePath"="system32\DRIVERS\mouclass.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mouhid] "ImagePath"="system32\DRIVERS\mouhid.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MountMgr] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mraid35x] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MRxDAV] "ImagePath"="system32\DRIVERS\mrxdav.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MRxSmb] "ImagePath"="system32\DRIVERS\mrxsmb.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSDTC] "ImagePath"="D:\WINDOWS\system32\msdtc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Msfs] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSIServer] "ImagePath"="D:\WINDOWS\system32\msiexec.exe /V" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSKSSRV] "ImagePath"="system32\drivers\MSKSSRV.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSPCLOCK] "ImagePath"="system32\drivers\MSPCLOCK.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSPQM] "ImagePath"="system32\drivers\MSPQM.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mssmbios] "ImagePath"="system32\DRIVERS\mssmbios.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSTEE] "ImagePath"="system32\drivers\MSTEE.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MTsensor] "ImagePath"="system32\DRIVERS\ASACPI.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Mup] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NABTSFEC] "ImagePath"="system32\DRIVERS\NABTSFEC.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NDIS] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisIP] "ImagePath"="system32\DRIVERS\NdisIP.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisTapi] "ImagePath"="system32\DRIVERS distapi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ndisuio] "ImagePath"="system32\DRIVERS disuio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisWan] "ImagePath"="system32\DRIVERS diswan.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NDProxy] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetBIOS] "ImagePath"="system32\DRIVERS etbios.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetBT] "ImagePath"="system32\DRIVERS etbt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetDDE] "ImagePath"="%SystemRoot%\system32 etdde.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetDDEdsdm] "ImagePath"="%SystemRoot%\system32 etdde.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Netlogon] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Netman] "ServiceDll"="%SystemRoot%\System32 etman.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NIC1394] "ImagePath"="system32\DRIVERS ic1394.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Nla] "ServiceDll"="%SystemRoot%\System32\mswsock.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Npfs] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services SvcIp] "ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin SvcIp.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services SvcLog] "ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin SvcLog.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ntfs] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NtLmSsp] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NtmsSvc] "ServiceDll"="%SystemRoot%\system32 tmssvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Null] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NULLPROTO] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services v] "ImagePath"="system32\DRIVERS v4_mini.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services vata] "ImagePath"="system32\DRIVERS vata.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVENETFD] "ImagePath"="system32\DRIVERS\NVENETFD.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services vnetbus] "ImagePath"="system32\DRIVERS vnetbus.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVSvc] "ImagePath"="%SystemRoot%\system32 vsvc32.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVTCP] "ImagePath"="System32\DRIVERS\NVTcp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NwlnkFlt] "ImagePath"="system32\DRIVERS wlnkflt.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NwlnkFwd] "ImagePath"="system32\DRIVERS wlnkfwd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ohci1394] "ImagePath"="system32\DRIVERS\ohci1394.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Parport] "ImagePath"="system32\DRIVERS\parport.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PartMgr] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ParVdm] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCASp50] "ImagePath"="System32\Drivers\PCASp50.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCI] "ImagePath"="system32\DRIVERS\pci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCIDump] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCIIde] "ImagePath"="system32\DRIVERS\pciide.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCLEPCI] "ImagePath"="\??\D:\WINDOWS\system32\drivers\pclepci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Pcmcia] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDCOMP] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDFRAME] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDRELI] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDRFRAME] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\perc2] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\perc2hib] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfDisk] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfNet] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfOS] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfProc] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PfModNT] "ImagePath"="\??\D:\WINDOWS\system32\PfModNT.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\pfsvgae] "ImagePath"="\??\D:\DOCUME~1\Dani\Local Settings\Temp\pfsvgae.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PlugPlay] "ImagePath"="%SystemRoot%\system32\services.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Pml Driver HPZ12] "ImagePath"="D:\WINDOWS\system32\HPZipm12.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PnkBstrA] "ImagePath"="D:\WINDOWS\system32\PnkBstrA.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PnkBstrB] "ImagePath"="D:\WINDOWS\system32\PnkBstrB.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PolicyAgent] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PptpMiniport] "ImagePath"="system32\DRIVERS aspptp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Processor] "ImagePath"="system32\DRIVERS\processr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ProtectedStorage] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PSched] "ImagePath"="system32\DRIVERS\psched.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ptilink] "ImagePath"="system32\DRIVERS\ptilink.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PxHelp20] "ImagePath"="system32\DRIVERS\PxHelp20.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1080] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ql10wnt] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql12160] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1240] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1280] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasAcd] "ImagePath"="system32\DRIVERS asacd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasAuto] "ServiceDll"="%SystemRoot%\System32 asauto.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Rasl2tp] "ImagePath"="system32\DRIVERS asl2tp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasMan] "ServiceDll"="%SystemRoot%\System32 asmans.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasPppoe] "ImagePath"="system32\DRIVERS aspppoe.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Raspti] "ImagePath"="system32\DRIVERS aspti.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Rdbss] "ImagePath"="system32\DRIVERS dbss.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPCDD] "ImagePath"="System32\DRIVERS\RDPCDD.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPDD] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services dpdr] "ImagePath"="system32\DRIVERS dpdr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPNP] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPWD] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDSessMgr] "ImagePath"="D:\WINDOWS\system32\sessmgr.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services edbook] "ImagePath"="system32\DRIVERS edbook.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RemoteAccess] "ServiceDll"="%SystemRoot%\System32\mprdim.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RemoteRegistry] "ServiceDll"="%SystemRoot%\system32 egsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ROOTMODEM] "ImagePath"="System32\Drivers\RootMdm.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RpcLocator] "ImagePath"="%SystemRoot%\system32\locator.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RpcSs] "ServiceDll"="%SystemRoot%\system32 pcss.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RSVP] "ImagePath"="%SystemRoot%\system32 svp.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SamSs] "ImagePath"="%SystemRoot%\system32\lsass.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASDIFSV] "ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASENUM] "ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASKUTIL] "ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ScanUSBEMPIA] "ImagePath"="system32\DRIVERS\emScan.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SCardDrv] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SCardSvr] "ImagePath"="%SystemRoot%\System32\SCardSvr.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Schedule] "ServiceDll"="%SystemRoot%\system32\schedsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SDTHOOK] "ImagePath"="System32\DRIVERS\SDTHOOK.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Secdrv] "ImagePath"="system32\DRIVERS\secdrv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\seclogon] "ServiceDll"="%SystemRoot%\System32\seclogon.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SENS] "ServiceDll"="%SystemRoot%\system32\sens.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\serenum] "ImagePath"="system32\DRIVERS\serenum.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Serial] "ImagePath"="system32\DRIVERS\serial.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Sfloppy] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SharedAccess] "ServiceDll"="%SystemRoot%\System32\ipnathlp.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ShellHWDetection] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Simbad] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SLIP] "ImagePath"="system32\DRIVERS\SLIP.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\smp_lpt] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Sparrow] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\splitter] "ImagePath"="system32\drivers\splitter.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Spooler] "ImagePath"="%SystemRoot%\system32\spoolsv.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sptd] "ImagePath"="System32\Drivers\sptd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sr] "ImagePath"="system32\DRIVERS\sr.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\srescan] "ImagePath"="system32\ZoneLabs\srescan.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\srservice] "ServiceDll"="D:\WINDOWS\system32\srsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Srv] "ImagePath"="system32\DRIVERS\srv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdbus] "ImagePath"="system32\DRIVERS\sscdbus.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdmdfl] "ImagePath"="system32\DRIVERS\sscdmdfl.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdmdm] "ImagePath"="system32\DRIVERS\sscdmdm.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SSDPSRV] "ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ssmdrv] "ImagePath"="system32\DRIVERS\ssmdrv.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\StarOpen] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\stisvc] "ServiceDll"="%SystemRoot%\system32\wiaservc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\streamip] "ImagePath"="system32\DRIVERS\StreamIP.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\swenum] "ImagePath"="system32\DRIVERS\swenum.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\swmidi] "ImagePath"="system32\drivers\swmidi.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SwPrv] "ImagePath"="D:\WINDOWS\system32\dllhost.exe /Processid:{6635FEB7-5681-4234-8082-47CE48AD5412}" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\symc810] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\symc8xx] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sym_hi] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sym_u3] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sysaudio] "ImagePath"="system32\drivers\sysaudio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SysmonLog] "ImagePath"="%SystemRoot%\system32\smlogsvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TapiSrv] "ServiceDll"="%SystemRoot%\System32 apisrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Tcpip] "ImagePath"="system32\DRIVERS cpip.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDPIPE] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDTCP] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TermDD] "ImagePath"="system32\DRIVERS ermdd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TermService] "ServiceDll"="%SystemRoot%\System32 ermsrv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Themes] "ServiceDll"="%SystemRoot%\System32\shsvcs.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TlntSvr] "ImagePath"="D:\WINDOWS\system32 lntsvr.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TosIde] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TrkWks] "ServiceDll"="%SystemRoot%\system32 rkwks.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TSDDD] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Udfs] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ultra] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Update] "ImagePath"="system32\DRIVERS\update.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\uploadmgr] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\upnphost] "ServiceDll"="%SystemRoot%\System32\upnphost.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\UPS] "ImagePath"="%SystemRoot%\System32\ups.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbaudio] "ImagePath"="system32\drivers\usbaudio.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbccgp] "ImagePath"="system32\DRIVERS\usbccgp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbehci] "ImagePath"="system32\DRIVERS\usbehci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbhub] "ImagePath"="system32\DRIVERS\usbhub.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbohci] "ImagePath"="system32\DRIVERS\usbohci.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbprint] "ImagePath"="system32\DRIVERS\usbprint.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbscan] "ImagePath"="system32\DRIVERS\usbscan.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbstor] "ImagePath"="system32\DRIVERS\USBSTOR.SYS" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usnjsvc] "ImagePath"="\"D:\Program Files\MSN Messenger\usnsvc.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usprserv] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VgaSave] "ImagePath"="\SystemRoot\System32\drivers\vga.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ViaIde] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Vofsmpumt-d9] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VolSnap] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\vsdatant] "ImagePath"="System32\vsdatant.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\vsmon] "ImagePath"="D:\WINDOWS\system32\ZoneLabs\vsmon.exe -service" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VSS] "ImagePath"="%SystemRoot%\System32\vssvc.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VxD] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\W32Time] "ServiceDll"="D:\WINDOWS\system32\w32time.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\W3SVC] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Wanarp] "ImagePath"="system32\DRIVERS\wanarp.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WDICA] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wdmaud] "ImagePath"="system32\drivers\wdmaud.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WebClient] "ServiceDll"="%SystemRoot%\System32\webclnt.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\winmgmt] "ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Winsock] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WinSock2] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WinTrust] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmdmPmSN] "ServiceDll"="D:\WINDOWS\system32\MsPMSNSv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Wmi] "ServiceDll"="%SystemRoot%\System32\advapi32.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmiApRpl] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmiApSrv] "ImagePath"="D:\WINDOWS\system32\wbem\wmiapsrv.exe" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WMPNetworkSvc] "ImagePath"="\"D:\Program Files\Windows Media Player\WMPNetwk.exe\"" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WpdUsb] "ImagePath"="system32\DRIVERS\wpdusb.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WS2IFSL] "ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wscsvc] "ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WSTCODEC] "ImagePath"="system32\DRIVERS\WSTCODEC.SYS" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wuauserv] "ServiceDll"="D:\WINDOWS\system32\wuauserv.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfPf] "ImagePath"="system32\DRIVERS\WudfPf.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfRd] "ImagePath"="system32\DRIVERS\wudfrd.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfSvc] "ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WZCSVC] "ServiceDll"="%SystemRoot%\System32\wzcsvc.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xmlprov] "ServiceDll"="%SystemRoot%\System32\xmlprov.dll" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xvyuwczd] "ImagePath"="system32\drivers\dyfnrdyf.dat" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ZDPSp50] "ImagePath"="System32\Drivers\ZDPSp50.sys" [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{01C11E6A-09DB-4C74-8A8F-4AF588705488}] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{213DC0AE-334E-493A-B328-FFE24A608305}] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{736A8DC2-D924-40CB-8DA8-493ABA0920C6}] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{7D2177A5-2ACD-4A0B-A914-5A9F1AE8E34A}] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{856AE575-12A9-418C-86BD-0F05D34E8680}] [HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{F1EB8025-376C-4AB5-A5D8-5049338D9EC3}] . Temps d'accomplissement: 2008-08-17 0:08:52 ComboFix-quarantined-files.txt 2008-08-16 22:08:48 Pre-Run: 3,805,642,752 octets libres Post-Run: 8,481,525,760 octets libres 848

Christian Nt · Answer

Bonsoir,

J'ai tout fait comme demandé avec combofix mais pendant le travail de l'application un message d'erreur est apparu à plusieurs reprises "regt.cfexe est introuvable: blablabla fichier ACLUI.dll blablabla..." Finalement j'ai réussi à terminer l'application combofix et voici le rapport qu'il m'a donné:

ComboFix 08-08-15.04 - krys 2008-08-16 23:53:31.1 - NTFSx86

Endroit: D:\Documents and Settings\krys\Bureau\ComboFix.exe

[color=red][b]AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !![/b][/color]
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Documents and Settings\Hedge\Application Data\Adssite Advanced Toolbar
D:\Documents and Settings\Hedge\Application Data\Adssite Advanced Toolbar\selected.xml
D:\Documents and Settings\Hedge\Cookies\hedge@protectionconue[2].txt
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\#SharedObjects\SAGKEC5L\interclick.com
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\#SharedObjects\SAGKEC5L\interclick.com\ud.sol
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
D:\Documents and Settings\krys\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
D:\Program Files\Mozilla Firefox\components\nsBrowserOpt.dll
D:\WINDOWS\system32\ceudalyr.ini
D:\WINDOWS\system32\dgsfklbb.ini
D:\WINDOWS\system32\ewekypwk.ini
D:\WINDOWS\system32\fjwbrunf.ini
D:\WINDOWS\system32\ftasusan.ini
D:\WINDOWS\system32\gindwovv.ini
D:\WINDOWS\system32\hiylfjvh.ini
D:\WINDOWS\system32\hmxckulr.ini
D:\WINDOWS\system32\iwtioamg.ini
D:\WINDOWS\system32\kbhdanpj.ini
D:\WINDOWS\system32\MSINET.oca
D:\WINDOWS\system32\nsg59.dll
D:\WINDOWS\system32\pyjvwvup.ini
D:\WINDOWS\system32\qtstv.bak2
D:\WINDOWS\system32\qtstv.ini
D:\WINDOWS\system32\qyfgwvou.ini
D:\WINDOWS\system32\rhxwsjko.ini
D:\WINDOWS\system32\ucxixoxl.ini
D:\WINDOWS\system32\usnspxwv.ini
D:\WINDOWS\system32\vgxyhrgs.ini
D:\WINDOWS\system32\vivseobx.ini
D:\WINDOWS\system32\xwbagloe.ini
D:\WINDOWS\system32\ymqfitju.ini
D:\WINDOWS\system32\yrkwillx.ini

.
((((((((((((((((((((((((((((( Fichiers créés 2008-07-16 to 2008-08-16 ))))))))))))))))))))))))))))))))))))
.

2008-08-15 02:13 . 2008-08-15 02:13 664 --a------ D:\WINDOWS\system32\d3d9caps.dat
2008-08-12 20:36 . 2008-08-12 20:36 <REP> d-------- D:\Documents and Settings\krys\Application Data\Malwarebytes
2008-08-12 02:18 . 2008-08-13 02:45 <REP> d-------- D:\Program Files\Malwarebytes' Anti-Malware
2008-08-12 02:18 . 2008-08-12 02:18 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-12 02:18 . 2008-07-30 20:07 38,472 --a------ D:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-12 02:18 . 2008-07-30 20:07 17,144 --a------ D:\WINDOWS\system32\drivers\mbam.sys
2008-08-10 11:51 . 2008-08-10 11:51 <REP> d-------- D:\Program Files\Zone Labs
2008-08-10 03:02 . 2008-08-10 03:02 <REP> d-------- D:\WINDOWS\system32\fr-fr
2008-08-10 02:48 . 2008-08-10 02:48 <REP> d--h----- D:\WINDOWS\system32\GroupPolicy
2008-08-09 15:19 . 2008-08-09 15:19 0 --a------ D:\WINDOWS\~VS1C.tmp
2008-08-09 11:43 . 2008-08-09 11:43 54,156 --ah----- D:\WINDOWS\QTFont.qfn
2008-08-09 11:43 . 2008-08-09 11:43 1,409 --a------ D:\WINDOWS\QTFont.for
2008-08-01 00:20 . 2008-08-01 00:20 578,048 --a------ D:\WINDOWS\system32\DllCache\user32.dll
2008-08-01 00:12 . 2008-08-01 00:12 <REP> d-------- D:\WINDOWS\ERUNT
2008-07-31 00:04 . 2008-07-31 00:04 <REP> d-------- D:\Program Files\Avira
2008-07-28 22:53 . 2008-07-28 22:53 <REP> d-------- D:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-28 22:50 . 2008-07-28 22:53 <REP> d-------- D:\Program Files\Lavasoft
2008-07-28 22:50 . 2008-07-28 22:50 <REP> d-------- D:\Documents and Settings\krys\Application Data\Lavasoft
2008-07-25 01:56 . 2008-07-25 01:56 240 --a------ D:\WINDOWS\system32\drivers\vsconfig.xml

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-16 21:48 --------- d-----w D:\Program Files\Navilog1
2008-08-16 21:06 --------- d-----w D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-08-15 19:34 30,720 ----a-w D:\WINDOWS\Internet Logs\xDB2.tmp
2008-08-14 06:05 --------- d-----w D:\Program Files\MegauploadToolbar
2008-08-13 06:50 9,216 ----a-w D:\WINDOWS\Internet Logs\xDB1.tmp
2008-08-13 06:50 258,560 ----a-w D:\WINDOWS\Internet Logs\xDB77.tmp
2008-08-13 06:50 1,212,928 ----a-w D:\WINDOWS\Internet Logs\xDB78.tmp
2008-08-11 20:58 --------- d-----w D:\Documents and Settings\krys\Application Data\Skype
2008-08-11 06:12 9,728 ----a-w D:\WINDOWS\Internet Logs\xDBEA.tmp
2008-08-11 06:12 9,216 ----a-w D:\WINDOWS\Internet Logs\xDBEB.tmp
2008-08-11 06:11 80,384 ----a-w D:\WINDOWS\Internet Logs\xDBE8.tmp
2008-08-11 06:11 1,205,760 ----a-w D:\WINDOWS\Internet Logs\xDBE9.tmp
2008-08-09 12:26 --------- d-----w D:\Documents and Settings\krys\Application Data\BitTorrent
2008-08-08 21:09 --------- d-----w D:\Documents and Settings\krys\Application Data\MEGAUPLOADTOOLBAR
2008-08-06 20:42 --------- d-----w D:\Documents and Settings\Hedge\Application Data\MegauploadToolbar
2008-08-02 22:11 --------- d-----w D:\Program Files\CDBurnerXP Pro 3
2008-08-01 22:25 --------- d-----w D:\Program Files\Messenger Plus! Live
2008-08-01 20:49 --------- d-----w D:\Program Files\RPG Maker 2003
2008-08-01 20:49 --------- d-----w D:\Program Files\Pinnacle
2008-08-01 20:49 --------- d-----w D:\Program Files\FlashGet
2008-08-01 20:48 --------- d-----w D:\Program Files\DivX
2008-08-01 20:48 --------- d-----w D:\Program Files\BitTorrent++
2008-07-30 22:04 --------- d-----w D:\Documents and Settings\All Users\Application Data\Avira
2008-07-29 20:38 --------- d-----w D:\Documents and Settings\krys\Application Data\skypePM
2008-07-28 20:52 --------- d-----w D:\Program Files\Fichiers communs\Wise Installation Wizard
2008-07-18 17:26 --------- d-----w D:\Documents and Settings\Dani\Application Data\MEGAUPLOADTOOLBAR
2008-07-10 20:45 --------- d-----w D:\Documents and Settings\krys\Application Data\ArcSoft
2008-07-10 20:44 --------- d-----w D:\Program Files\Fichiers communs\Nikon
2008-07-10 20:42 --------- d-----w D:\Program Files\InstallShield Installation Information
2008-07-10 20:42 --------- d-----w D:\Documents and Settings\All Users\Application Data\Apple Computer
2008-06-29 21:14 717,296 ----a-w D:\WINDOWS\system32\drivers\sptd.sys
2008-06-29 21:14 --------- d-----w D:\Documents and Settings\krys\Application Data\DAEMON Tools
2008-06-11 00:04 200,704 ----a-w D:\WINDOWS\system32\ssldivx.dll
2008-06-11 00:04 1,044,480 ----a-w D:\WINDOWS\system32\libdivx.dll
2002-07-26 15:02 153,088 ----a-w D:\Program Files\UNWISE.EXE
.

------- Sigcheck -------

2004-12-10 23:44 359040 37e6643b1c4fb5de3a4fcef92909b4ad D:\WINDOWS\system32\drivers\tcpip.sys

2005-03-12 04:42 2322816 ef63ab857ca46064a559d32ca57ca53b D:\WINDOWS\system32\ntoskrnl.exe

2005-03-22 22:54 1477120 7709e0d27cb024bdc8589833b0845f41 D:\WINDOWS\explorer.exe
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

D:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Belkin Wireless USB Utility.lnk - D:\Program Files\Belkin\USB F5D7050\Wireless Utility\Belkinwcui.exe [2005-10-28 11:23:10 1404928]
D‚marrage rapide du logiciel HP Image Zone.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe [2005-05-12 00:49:24 73728]
HP Digital Imaging Monitor.lnk - D:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe [2005-05-11 23:23:26 282624]
Microsoft Office.lnk - D:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-18 00:05:56 65588]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)
"NoActiveDesktop"= 0 (0x0)
"ForceActiveDesktopOn"= 0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"ForceClassicControlPanel"= 1 (0x1)
"NoSMBalloonTip"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "D:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"SfcDisable"=dword:ffffff9d

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 13:41 294912 D:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.3iv2"= 3ivxVfWCodec.dll
"VIDC.HFYU"= huffyuv.dll
"VIDC.VP31"= vp31vfw.dll
"vidc.yv12"= yv12vfw.dll
"VIDC.MJPG"= Pvmjpg30.dll
"VIDC.PIM1"= pclepim1.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
SecurityProviders msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
--a------ 2006-11-16 03:35 43008 D:\Documents and Settings\Hedge\Torrent\bittorrent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"D:\\Program Files\\FlashFXP\\flashfxp.exe"=
"D:\\Program Files\\BitTorrent\\bittorrent.exe"=
"D:\\Program Files\\NVIDIA Corporation\\NetworkAccessManager\\Apache Group\\Apache2\\bin\\Apache.exe"=
"D:\\Program Files\\eMule\\emule.exe"=
"D:\\StubInstaller.exe"=
"D:\\Documents and Settings\\Hedge\\Mes documents\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BF2.exe"=
"C:\\Documents and Settings\\Krys\\eMule\\emule.exe"=
"D:\\Program Files\\EA GAMES\\Battlefield 2\\BF2.exe"=
"C:\\Program Files\\Atari\\Test Drive Unlimited\\TestDriveUnlimited.exe"=
"C:\\StubInstaller.exe"=
"D:\\Documents and Settings\\Hedge\\Mes documents\\Azureus\\Azureus.exe"=
"C:\\Documents and Settings\\Hedge\\Mes documents\\LimeWire\\LimeWire.exe"=
"C:\\Documents and Settings\\Hedge\\Mes documents\\Torrent\\bittorrent.exe"=
"D:\\Documents and Settings\\Hedge\\Torrent\\bittorrent.exe"=
"D:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\eMule\\emule.exe"=
"D:\\Documents and Settings\\Hedge\\Mes documents\\Shareaza\\Shareaza.exe"=
"C:\\Documents and Settings\\Hedge\\Mes documents\\Shareaza\\Shareaza.exe"=
"D:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"D:\\Program Files\\MSN Messenger\\livecall.exe"=
"D:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\XR_3DA.exe"=
"C:\\Program Files\\THQ\\S.T.A.L.K.E.R. - Shadow of Chernobyl\\bin\\dedicated\\XR_3DA.exe"=
"C:\\Program Files\\KONAMI\\Pro Evolution Soccer 6\\PES6.exe"=
"D:\\WINDOWS\\system32\\dplaysvr.exe"=
"D:\\Program Files\\Electronic Arts\\Battlefield 2142\\BF2142.exe"=
"D:\\Program Files\\GameSpy\\Comrade\\Comrade.exe"=
"C:\\Program Files\\CapCom\\Lost Planet Extreme Condition\\LostPlanetDx9.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Game.exe"=
"C:\\Program Files\\Ubisoft\\Tom Clancy's Rainbow Six Vegas\\Binaries\\R6Vegas_Launcher.exe"=
"C:\\Program Files\\PPMate\\PPMate\\ppmate.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\RM.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\Studio.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\PMSRegisterFile.exe"=
"C:\\Program Files\\Pinnacle\\Studio 10\\programs\\umi.exe"=
"D:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Ares\\Ares.exe"=

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\J]
\Shell\AutoRun\command - setupSNK.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{081266f1-0942-11dc-9c6e-c42a6c3110d8}]
\Shell\AutoRun\command - setupSNK.exe

*Newly Created Service* - PROCEXP90
.
Contenu du dossier 'Scheduled Tasks/Tâches planifiées'

2008-08-16 D:\WINDOWS\Tasks\HPpromotions journeysoftware.job
- D:\Program Files\hp\digital imaging\bin\hp promotions\journeysoftware\HPpromo.exe [2005-04-22 17:36]
.
- - - - ORPHANS REMOVED - - - -

BHO-{E845745E-AB33-4446-852A-3633EE3B05E2} - D:\WINDOWS\system32\cmsetAC.dll

.
------- Supplementary Scan -------
.
FireFox -: Profile - D:\Documents and Settings\krys\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\
FF -: plugin - D:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin2.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin3.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin4.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin5.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\QuickTime\Plugins\npqtplugin6.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\real\browser\plugins\nppl3260.dll
FF -: plugin - D:\Program Files\K-Lite Codec Pack\real\browser\plugins\nprpjplug.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npbittorrent.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - D:\Program Files\Mozilla Firefox\plugins\npOGAPlugin.dll

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-16 23:58:26
Windows 5.1.2600 Service Pack 2 NTFS

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xvyuwczd]
"ImagePath"="system32\drivers\dyfnrdyf.dat"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\a2AntiMalware]
"ImagePath"="\"C:\Program Files\a-squared Anti-Malware\a2service.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\abp480n5]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ACPIEC]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Adobe LM Service]
"ImagePath"="\"D:\Program Files\Fichiers communs\Adobe Systems Shared\Service\Adobelmsvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\adpu160m]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aec]
"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Aha154x]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aic78u2]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aic78xx]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AliIde]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AmdK8]
"ImagePath"="system32\DRIVERS\AmdK8.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\amsint]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AntiVirScheduler]
"ImagePath"="\"D:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AntiVirService]
"ImagePath"="\"D:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AresChatServer]
"ImagePath"="C:\Program Files\Ares\chatServer.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Arp1394]
"ImagePath"="system32\DRIVERS\arp1394.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASAPIW2K]
"ImagePath"="System32\Drivers\ASAPIW2K.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc3350p]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\asc3550]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET_1.1.4322]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Aspi32]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AspiXNT]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Atdisk]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avgio]
"ImagePath"="\??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avgntflt]
"ImagePath"="\??\D:\Program Files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\avipbb]
"ImagePath"="system32\DRIVERS\avipbb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Beep]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BITS]
"ServiceDll"="D:\WINDOWS\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\BLKWGU(Belkin)]
"ImagePath"="system32\DRIVERS\BLKWGU.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CamDrL]
"ImagePath"="system32\DRIVERS\Camdrl.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\catchme]
"ImagePath"="\??\D:\DOCUME~1\krys\Local Settings\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CCDECODE]
"ImagePath"="system32\DRIVERS\CCDECODE.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ccEvtMgr]
"ImagePath"="\"D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe\" /h ccCommon"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ccSetMgr]
"ImagePath"="\"D:\Program Files\Fichiers communs\Symantec Shared\ccSvcHst.exe\" /h ccCommon"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdfs]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Changer]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="D:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CmdIde]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\cmpci]
"ImagePath"="system32\drivers\cmaudio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\COMSysApp]
"ImagePath"="D:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\d347bus]
"ImagePath"="system32\DRIVERS\d347bus.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\d347prt]
"ImagePath"="System32\Drivers\d347prt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dac960nt]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DCamUSBEMPIA]
"ImagePath"="system32\DRIVERS\emDevice.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\dpti2o]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\emAudio]
"ImagePath"="system32\drivers\emAudio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\es1371]
"ImagePath"="system32\drivers\es1371mp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\EventSystem]
"ServiceDll"="D:\WINDOWS\system32\es.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fastfat]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fdc]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FiltUSBEMPIA]
"ImagePath"="system32\DRIVERS\emFilter.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fips]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\FltMgr]
"ImagePath"="system32\DRIVERS\fltMgr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ForceWare Intelligent Application Manager (IAM)]
"ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcAppFlt.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\gameenum]
"ImagePath"="system32\DRIVERS\gameenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hcarrjarfbyt]
"ImagePath"="system32\drivers\hcarrjarfbyt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\hpn]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i2omp]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IDriverT]
"ImagePath"="\"D:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ImapiService]
"ImagePath"="D:\WINDOWS\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\inetaccs]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ini910u]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Inport]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IntelIde]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ip6Fw]
"ImagePath"="system32\DRIVERS\Ip6Fw.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JGOGO]
"ImagePath"="system32\DRIVERS\JGOGO.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\JRAID]
"ImagePath"="system32\DRIVERS\jraid.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\KSecDD]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ldap]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LicenseService]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LiveUpdate]
"ImagePath"="\"D:\PROGRA~1\Symantec\LiveUpdate\LuComServer_3_2.EXE\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\LVUSBSta]
"ImagePath"="system32\drivers\lvusbsta.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MDM]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mnmdd]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mnmsrvc]
"ImagePath"="D:\WINDOWS\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Modem]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MountMgr]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mraid35x]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSDTC]
"ImagePath"="D:\WINDOWS\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Msfs]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSIServer]
"ImagePath"="D:\WINDOWS\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\MTsensor]
"ImagePath"="system32\DRIVERS\ASACPI.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Mup]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NDIS]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NDProxy]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NIC1394]
"ImagePath"="system32\DRIVERS\nic1394.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Npfs]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nSvcIp]
"ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nSvcLog]
"ImagePath"="D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ntfs]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Null]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NULLPROTO]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nvata]
"ImagePath"="system32\DRIVERS\nvata.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVENETFD]
"ImagePath"="system32\DRIVERS\NVENETFD.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\nvnetbus]
"ImagePath"="system32\DRIVERS\nvnetbus.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NVTCP]
"ImagePath"="System32\DRIVERS\NVTcp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ohci1394]
"ImagePath"="system32\DRIVERS\ohci1394.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PartMgr]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ParVdm]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCASp50]
"ImagePath"="System32\Drivers\PCASp50.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCIDump]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PCLEPCI]
"ImagePath"="\??\D:\WINDOWS\system32\drivers\pclepci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDRELI]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\perc2]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\perc2hib]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfNet]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfOS]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PerfProc]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PfModNT]
"ImagePath"="\??\D:\WINDOWS\system32\PfModNT.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\pfsvgae]
"ImagePath"="\??\D:\DOCUME~1\Dani\Local Settings\Temp\pfsvgae.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Pml Driver HPZ12]
"ImagePath"="D:\WINDOWS\system32\HPZipm12.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PnkBstrA]
"ImagePath"="D:\WINDOWS\system32\PnkBstrA.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PnkBstrB]
"ImagePath"="D:\WINDOWS\system32\PnkBstrB.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Processor]
"ImagePath"="system32\DRIVERS\processr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\PxHelp20]
"ImagePath"="system32\DRIVERS\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1080]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql12160]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1240]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ql1280]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPDD]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPNP]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDPWD]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RDSessMgr]
"ImagePath"="D:\WINDOWS\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ROOTMODEM]
"ImagePath"="System32\Drivers\RootMdm.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RpcSs]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASDIFSV]
"ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASENUM]
"ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASENUM.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SASKUTIL]
"ImagePath"="\??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ScanUSBEMPIA]
"ImagePath"="system32\DRIVERS\emScan.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SCardDrv]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SDTHOOK]
"ImagePath"="System32\DRIVERS\SDTHOOK.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Simbad]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\smp_lpt]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Sparrow]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\srescan]
"ImagePath"="system32\ZoneLabs\srescan.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\srservice]
"ServiceDll"="D:\WINDOWS\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdbus]
"ImagePath"="system32\DRIVERS\sscdbus.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdmdfl]
"ImagePath"="system32\DRIVERS\sscdmdfl.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sscdmdm]
"ImagePath"="system32\DRIVERS\sscdmdm.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ssmdrv]
"ImagePath"="system32\DRIVERS\ssmdrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\StarOpen]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SwPrv]
"ImagePath"="D:\WINDOWS\system32\dllhost.exe /Processid:{6635FEB7-5681-4234-8082-47CE48AD5412}"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\symc810]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\symc8xx]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sym_hi]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sym_u3]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TDTCP]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TlntSvr]
"ImagePath"="D:\WINDOWS\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TosIde]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\TSDDD]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Udfs]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ultra]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\uploadmgr]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbohci]
"ImagePath"="system32\DRIVERS\usbohci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usnjsvc]
"ImagePath"="\"D:\Program Files\MSN Messenger\usnsvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\usprserv]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ViaIde]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Vofsmpumt-d9]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VolSnap]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\vsdatant]
"ImagePath"="System32\vsdatant.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\vsmon]
"ImagePath"="D:\WINDOWS\system32\ZoneLabs\vsmon.exe -service"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\VxD]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\W32Time]
"ServiceDll"="D:\WINDOWS\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\W3SVC]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WDICA]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Winsock]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WinSock2]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WinTrust]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmdmPmSN]
"ServiceDll"="D:\WINDOWS\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WmiApSrv]
"ImagePath"="D:\WINDOWS\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WMPNetworkSvc]
"ImagePath"="\"D:\Program Files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\wuauserv]
"ServiceDll"="D:\WINDOWS\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\xvyuwczd]
"ImagePath"="system32\drivers\dyfnrdyf.dat"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\ZDPSp50]
"ImagePath"="System32\Drivers\ZDPSp50.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{01C11E6A-09DB-4C74-8A8F-4AF588705488}]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{213DC0AE-334E-493A-B328-FFE24A608305}]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{736A8DC2-D924-40CB-8DA8-493ABA0920C6}]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{7D2177A5-2ACD-4A0B-A914-5A9F1AE8E34A}]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{856AE575-12A9-418C-86BD-0F05D34E8680}]

[HKEY_LOCAL_MACHINE\system\ControlSet003\Services\{F1EB8025-376C-4AB5-A5D8-5049338D9EC3}]
.
Temps d'accomplissement: 2008-08-17 0:08:52
ComboFix-quarantined-files.txt 2008-08-16 22:08:48

Pre-Run: 3,805,642,752 octets libres
Post-Run: 8,481,525,760 octets libres

848

Destrio5 · Answer

Fais un scan en ligne :
https://www.malekal.com/scan-antivirus-ligne-nod32/#mozTocId291566

Christian Nt · Answer

Voici le rapport fait par kapersky en ligne:

   KASPERSKY ON-LINE SCANNER REPORT
Sunday, August 17, 2008 8:46:47 PM
Système d'exploitation : Microsoft Windows XP Professional, Service Pack 2 (Build 2600)
Kaspersky On-line Scanner version : 5.0.84.2
Dernière mise à jour de la base antivirus Kaspersky : 17/08/2008
Enregistrements dans la base antivirus Kaspersky : 979331
Paramètres d'analyse
Analyser avec la base antivirus suivante 	standard
Analyser les archives 	vrai
Analyser les bases de messagerie 	vrai
Cible de l'analyse 	Poste de travail
C:\
D:\
E:\
F:\
H:\
J:\
Statistiques de l'analyse
Total d'objets analysés 	236289
Nombre de virus trouvés 	3
Nombre d'objets infectés 	6 / 0
Nombre d'objets suspects 	0
Durée de l'analyse 	06:06:02

Nom de l'objet infecté 	Nom du virus 	Dernière action
C:\System Volume Information\MountPointManagerRemoteDatabase 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip/kernelwind32.exe 	Infecté : Email-Worm.Win32.Zhelatin.fp 	ignoré
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC.zip 	ZIP: infecté - 1 	ignoré
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip/vedxga4me1.exe 	Infecté : Trojan-Proxy.Win32.Xorpix.be 	ignoré
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SmitfraudC5.zip 	ZIP: infecté - 1 	ignoré
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff.zip/vx3dt2.game 	Infecté : Packed.Win32.Tibs.ar 	ignoré
D:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\SpySheriff.zip 	ZIP: infecté - 1 	ignoré
D:\Documents and Settings\All Users\Application Data\Symantec\Common Client\settings.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Application Data\BitTorrent\bittorrent.log 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Application Data\Microsoft\Modèles\Normal.dot 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\cert8.db 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\formhistory.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\history.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\key3.db 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\parent.lock 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\search.sqlite 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\urlclassifier2.sqlite 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\AppLogs\SUPERANTISPYWARE-8-17-2008( 0-12-23 ).LOG 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Cookies\index.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\Cache\184AC5D0d01 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\Cache\_CACHE_001_ 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\Cache\_CACHE_002_ 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\Cache\_CACHE_003_ 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Application Data\Mozilla\Firefox\Profiles\lexro0y8.default\Cache\_CACHE_MAP_ 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Historique\History.IE5\index.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Historique\History.IE5\MSHist012008081720080818\index.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Temp\hpodvd09.log 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Temp\IMG91.tmp 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Temp\_hphtra07.log 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Temp\~DF5428.tmp 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Temp\~DF686.tmp 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Temp\~DFABCF.tmp 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Temp\~DFAE6D.tmp 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Temp\~WRS0854.tmp 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Temporary Internet Files\AntiPhishing\B3BB5BBA-E7D5-40AB-A041-A5B1C0B26C8F.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Local Settings\Temporary Internet Files\Content.IE5\index.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Mes documents\Mes fichiers reçus\dossier nanterre\personnel\Delonder la bible.doc 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\Mes documents\Mes fichiers reçus\dossier nanterre\personnel\~WRL0004.tmp 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys\NTUSER.DAT 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\krys
tuser.dat.LOG 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\LocalService\Cookies\index.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\LocalService\NTUSER.DAT 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\LocalService
tuser.dat.LOG 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\NetworkService\NTUSER.DAT 	L'objet est verrouillé 	ignoré
D:\Documents and Settings\NetworkService
tuser.dat.LOG 	L'objet est verrouillé 	ignoré
D:\System Volume Information\MountPointManagerRemoteDatabase 	L'objet est verrouillé 	ignoré
D:\WINDOWS\Debug\PASSWD.LOG 	L'objet est verrouillé 	ignoré
D:\WINDOWS\Internet Logs\fwpktlog.txt 	L'objet est verrouillé 	ignoré
D:\WINDOWS\Internet Logs\IAMDB.RDB 	L'objet est verrouillé 	ignoré
D:\WINDOWS\Internet Logs\PNX.ldb 	L'objet est verrouillé 	ignoré
D:\WINDOWS\Internet Logs	vDebug.log 	L'objet est verrouillé 	ignoré
D:\WINDOWS\SchedLgU.Txt 	L'objet est verrouillé 	ignoré
D:\WINDOWS\SoftwareDistribution\ReportingEvents.log 	L'objet est verrouillé 	ignoré
D:\WINDOWS\Sti_Trace.log 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\CatRoot2\edb.log 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\CatRoot2	mp.edb 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\config\AppEvent.Evt 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\config\default 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\config\default.LOG 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\config\Internet.evt 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\config\SAM 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\config\SAM.LOG 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\config\SecEvent.Evt 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\config\SECURITY 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\config\SECURITY.LOG 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\config\software 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\config\software.LOG 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\config\SysEvent.Evt 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\config\system 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\config\system.LOG 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\drivers\sptd.sys 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\h323log.txt 	L'objet est verrouillé 	ignoré
D:\WINDOWS\system32\LogFiles\WUDF\WUDFTrace.etl 	L'objet est verrouillé 	ignoré
D:\WINDOWS	emp\ZLT00940.TMP 	L'objet est verrouillé 	ignoré
D:\WINDOWS	emp\ZLT00943.TMP 	L'objet est verrouillé 	ignoré
D:\WINDOWS\wiadebug.log 	L'objet est verrouillé 	ignoré
D:\WINDOWS\wiaservc.log 	L'objet est verrouillé 	ignoré
D:\WINDOWS\WindowsUpdate.log 	L'objet est verrouillé 	ignoré
J:\System Volume Information\MountPointManagerRemoteDatabase 	L'objet est verrouillé 	ignoré
Analyse terminée.

Je n'arrive pas à suppromer tr/bho.czo

23 réponses

Votre réponse

Discussions similaires

Newsletters