Bonjour, à la Communauté Je suis un nouveau membre depuis ce jour. Voila, depuis une semaine je livre une bataille pour essayer éradiquer un Trojan ou virus vundo et monderb de mon système, mais en vain ! Je demande votre assistance SVP merci à vous. Je posterais mon rapport HijackThis, à la demande.

Virus ou trojan blq mon Ordi_ Vundo & Monder

Réponse 41 / 56

neverand7 Messages postés 66 Statut Membre 2

((((((((((((((((((((((((((((((((( Points de chargement Reg ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2008-04-14 1695232]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-03 68856]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
"AnyDVD"="C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe" [2008-10-31 2259904]
"gStart"="C:\Garmin\gStart.exe" [2005-07-25 1896448]
"Tunebite"="C:\Program Files\RapidSolution\Tunebite\Tunebite.exe" [2007-12-19 4961584]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 223984]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-07-07 2156368]
"BoostSpeed"="C:\Program Files\AusLogics BoostSpeed\boostspeed.exe" [2007-10-15 2016256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Ad-aware"="C:\Program Files\Lavasoft\Ad-aware 6\Ad-aware.exe" [2003-07-12 741888]
"TrojanScanner"="C:\Program Files\Trojan Remover\Trjscan.exe" [2008-10-06 967048]
"LVCOMSX"="C:\WINDOWS\system32\LVCOMSX.EXE" [2005-07-19 221184]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2003-07-28 4841472]
"Lexmark X6100 Series"="C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe" [2003-09-23 57344]
"HPHmon05"="C:\WINDOWS\system32\hphmon05.exe" [2003-08-21 483328]
"HP Software Update"="C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe" [2003-06-25 49152]
"HPHUPD05"="C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe" [2003-08-21 49152]
"HPDJ Taskbar Utility"="C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe" [2003-07-25 188416]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.EXE" [2001-01-23 817664]
"PrinTray"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe" [2001-01-23 36864]
"DAEMON Tools"="C:\Program Files\DAEMON Tools\daemon.exe" [2006-09-14 157592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 144784]
"YSearchProtection"="C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" [2008-01-10 223984]
"Ad-watch"="C:\Program Files\Lavasoft\Ad-aware 6\Ad-watch.exe" [2003-02-12 392192]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-05-27 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-07-10 289064]
"ccApp"="C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe" [2007-02-22 52840]
"Symantec PIF AlertEng"="C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-09-09 1168264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-04-14 15360]
"NvMediaCenter"="C:\WINDOWS\system32\NVMCTRAY.DLL" [2003-07-28 49152]

C:\Documents and Settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
Acrobat Assistant.lnk - C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2006-12-13 82026]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2007-12-17 67128]
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\KEM.exe [2007-12-10 581632]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 83360]
Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2008-05-26 123904]
WinZip Quick Pick.lnk - C:\Program Files\WinZip\WZQKPICK.EXE [2008-01-10 118784]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hgGyyawX]
[BU]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"vidc.I420"= i420vfw.dll
"vidc.X264"= x264vfw.dll
"vidc.DIV3"= DivXc32.dll
"vidc.DIV4"= DivXc32f.dll
"msacm.divxa32"= DivXa32.acm
"vidc.3IV2"= 3ivxVfWCodec.dll
"vidc.SEDG"= SamsungVfWCodec.dll
"vidc.DX50"= DivXVfWCodec.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Acrobat Assistant.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Image Transfer.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^Microsoft Office.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^RAID Manager.lnk]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Menu Démarrer^Programmes^Démarrage^WinZip Quick Pick.lnk]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AnyDVD]
--a------ 2008-10-31 17:12 89024 C:\Program Files\SlySoft\AnyDVD\AnyDVD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative MediaSource Go]
--a------ 2003-02-20 10:30 126976 C:\Program Files\Creative\MediaSource\Go\CTCMSGo.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
--a------ 2008-04-14 03:33 15360 C:\WINDOWS\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTSysVol]
--a------ 2003-05-02 09:53 57344 C:\Program Files\Creative\SBAudigy LS\Surround Mixer\CTSysVol.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DriveIcons]
--a------ 2006-03-16 21:07 655360 C:\Program Files\Realtek\Card Reader Software\DriveIcon\DriveIcon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-12-13 14:01 122368 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\InCD]
--a------ 2006-03-23 17:06 1398272 C:\Program Files\Ahead\InCD\InCD.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IncrediMail]
--a------ 2008-07-24 13:22 243072 C:\Program Files\IncrediMail\bin\IncMail.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechSoftwareUpdate]
--a------ 2005-06-08 14:44 196608 C:\Program Files\Logitech\Video\ManifestEngine.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoRepair]
--a------ 2005-06-08 15:24 458752 C:\Program Files\Logitech\Video\ISStart.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogitechVideoTray]
--a------ 2005-06-08 15:14 217088 C:\Program Files\Logitech\Video\LogiTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MediaDICO4Ut]
--a------ 2004-03-03 13:54 252416 C:\Program Files\Micro Application\Les 4 Dictionnaires Utiles\LanceMediaDICO4Ut.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
--------- 2008-04-14 03:34 1695232 C:\Program Files\Messenger\msmsgs.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 10:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2006-11-09 15:07 49263 C:\Program Files\Java\jre1.5.0_10\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdReg]
--a------ 2000-05-11 01:00 90112 C:\WINDOWS\Updreg.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-07-28 15:19 323584 C:\WINDOWS\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSSQLServer"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"=
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"=
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009

R0 m5228;m5228;C:\WINDOWS\system32\DRIVERS\m5228.sys [2004-01-07 44925]
R0 m5281;m5281;C:\WINDOWS\system32\DRIVERS\m5281.sys [2004-01-15 49357]
R0 SI3112r;Silicon Image SiI 3112 SATARaid Controller;C:\WINDOWS\system32\DRIVERS\SI3112r.sys [2007-08-29 116264]
R3 SaiHFF0C;SaiHFF0C;C:\WINDOWS\system32\DRIVERS\SaiHFF0C.sys [2004-06-11 56576]
R3 SaiUFF0C;SaiUFF0C;C:\WINDOWS\system32\DRIVERS\SaiUFF0C.sys [2004-06-11 19584]
S3 maconfservice;Ma-Config Service;C:\Program Files\ma-config.com\maconfservice.exe [2008-07-25 191656]

*Newly Created Service* - COMHOST

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{621FCD24-4498-4324-A81E-07D331376EDF}]
C:\Program Files\PixiePack Codec Pack\InstallerHelper.exe
.
Contenu du dossier 'Tâches planifiées'

2008-10-31 C:\WINDOWS\Tasks\Norton AntiVirus - Effectuer une analyse complète du système - Colette.job
- C:\PROGRA~1\NORTON~1\NORTON~1\Navw32.exe [2007-05-28 11:00]
.
- - - - ORPHELINS SUPPRIMES - - - -

BHO-{104A56C9-AEF2-4446-8556-AC73FE02E12A} - (no file)
BHO-{2576DE89-F6A9-4884-A17A-1AC617D6BF9B} - (no file)
BHO-{39422FBF-D593-46A9-AB66-1A1B1C60A084} - (no file)
BHO-{61A05982-3B88-4C80-9432-29C7FEEF4C15} - (no file)
BHO-{75ABCF92-9764-4DFA-A83F-5142C3905052} - (no file)
BHO-{858FDE05-345A-4182-B40A-FC23A3A56924} - (no file)
BHO-{FB4DBEFD-26D2-4195-AF35-8E77FD643596} - (no file)

.
------- Examen supplémentaire -------
.
FireFox -: Profile - C:\Documents and Settings\Colette\Application Data\Mozilla\Firefox\Profiles\u4ked7bl.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://club-internet.fr
FF -: plugin - C:\Documents and Settings\Colette\Application Data\Mozilla\Firefox\Profiles\u4ked7bl.default\extensions\{bb628310-0ab7-11db-9cd8-0800200c9a66}\plugins\nphardwaredetection.dll
FF -: plugin - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\browser\nppdf32.dll
FF -: plugin - C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\ma-config.com\nphardwaredetection.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.1.0.30716.0.dll
FF -: plugin - c:\Program Files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npExentCtl.dll
FF -: plugin - F:\Program Files\VLC\npvlc.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-11-04 18:30:45
Windows 5.1.2600 Service Pack 3 NTFS

Recherche de processus cachés ...

Recherche d'éléments en démarrage automatique cachés ...

Recherche de fichiers cachés ...

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\agp440]
"ImagePath"="system32\DRIVERS\agp440.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Aha154x]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\aic78u2]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\aic78xx]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\AliIde]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\amsint]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\AnyDVD]
"ImagePath"="System32\Drivers\AnyDVD.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Apple Mobile Device]
"ImagePath"="\"C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\asc]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\asc3350p]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\asc3550]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ASP.NET_1.1.4322]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ASPI32]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Atdisk]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\atksgt]
"ImagePath"="system32\DRIVERS\atksgt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\AVG Anti-Spyware Driver]
"ImagePath"="\??\F:\Program Files\AVG Anti-Spyware 7.5\guard.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\AVG Anti-Spyware Guard]
"ImagePath"="F:\Program Files\AVG Anti-Spyware 7.5\guard.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\AvgAsCln]
"ImagePath"="System32\DRIVERS\AvgAsCln.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Beep]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Bonjour Service]
"ImagePath"="\"C:\Program Files\Bonjour\mDNSResponder.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\catchme]
"ImagePath"="\??\C:\DOCUME~1\Colette\LOCALS~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\CCDECODE]
"ImagePath"="system32\DRIVERS\CCDECODE.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ccEvtMgr]
"ImagePath"="\"C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ccISPwdSvc]
"ImagePath"="\"C:\Program Files\Norton Internet Security\ccPwdSvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ccProxy]
"ImagePath"="\"C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ccSetMgr]
"ImagePath"="\"C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\cd20xrnt]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Cdfs]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Changer]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\CmdIde]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\comHost]
"ImagePath"="\"C:\Program Files\Norton Internet Security\comHost.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\COMSysApp]
"ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Cpqarray]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Creative Service for CDROM Access]
"ImagePath"="C:\WINDOWS\system32\CTsvcCDA.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ctsfm2k]
"ImagePath"="system32\DRIVERS\ctsfm2k.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\dac2w2k]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\dac960nt]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\dmio]
"ImagePath"="system32\DRIVERS\dmio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\dmload]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\dpti2o]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\driverhardwarev2]
"ImagePath"="\??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\eeCtrl]
"ImagePath"="\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ElbyCDIO]
"ImagePath"="System32\Drivers\ElbyCDIO.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\EraserUtilRebootDrv]
"ImagePath"="\??\C:\Program Files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\EventSystem]
"ServiceDll"="C:\WINDOWS\system32\es.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Fastfat]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Fdc]
"ImagePath"="system32\DRIVERS\fdc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Fips]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Flpydisk]
"ImagePath"="system32\DRIVERS\flpydisk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\FontCache3.0.0.0]
"ImagePath"="C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\gameenum]
"ImagePath"="system32\DRIVERS\gameenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\GEARAspiWDM]
"ImagePath"="System32\Drivers\GEARAspiWDM.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\grmnusb]
"ImagePath"="system32\drivers\grmnusb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\gusvc]
"ImagePath"="\"C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\HCF_MSFT]
"ImagePath"="system32\DRIVERS\HCF_MSFT.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\HidServ]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\hidusb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\hpn]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\HPZid412]
"ImagePath"="system32\DRIVERS\HPZid412.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\HPZipr12]
"ImagePath"="system32\DRIVERS\HPZipr12.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\HPZius12]
"ImagePath"="system32\DRIVERS\HPZius12.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\i2omp]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ICSharing]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\IDriverT]
"ImagePath"="\"C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\idsvc]
"ImagePath"="\"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\IKFileSec]
"ImagePath"="\SystemRoot\system32\drivers\ikfilesec.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\IKSysFlt]
"ImagePath"="system32\drivers\iksysflt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\IKSysSec]
"ImagePath"="system32\drivers\iksyssec.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\InCDfs]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\InCDPass]
"ImagePath"="System32\DRIVERS\InCDPass.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\InCDrec]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\incdrm]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\InCDsrv]
"ImagePath"="C:\Program Files\Ahead\InCD\InCDsrv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\inetaccs]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ini910u]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Inport]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\iPod Service]
"ImagePath"="\"C:\Program Files\iPod\bin\iPodService.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\IviRegMgr]
"ImagePath"="C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\KSecDD]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\L8042Kbd]
"ImagePath"="system32\DRIVERS\L8042Kbd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\L8042mou]
"ImagePath"="system32\DRIVERS\L8042mou.Sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ldap]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\LexBceS]
"ImagePath"="C:\WINDOWS\system32\LEXBCES.EXE"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\LHidKe]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\LicenseService]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\LightScribeService]
"ImagePath"="\"C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\lirsgt]
"ImagePath"="system32\DRIVERS\lirsgt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\LiveUpdate]
"ImagePath"="\"C:\PROGRA~1\Symantec\LIVEUP~3\LUCOMS~1.EXE\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\LiveUpdate Notice Service]
"ImagePath"="\"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe\" /m \"C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PifEng.dll\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\LMouKE]
"ImagePath"="system32\DRIVERS\LMouKE.Sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\m5228]
"ImagePath"="system32\DRIVERS\m5228.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\m5281]
"ImagePath"="system32\DRIVERS\m5281.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\maconfservice]
"ImagePath"="\"C:\Program Files\ma-config.com\maconfservice.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\MASPINT]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\MDM]
"ImagePath"="\"C:\Program Files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\mnmdd]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\mnmsrvc]
"ImagePath"="C:\WINDOWS\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Modem]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\MountMgr]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\mraid35x]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\MSDTC]
"ImagePath"="C:\WINDOWS\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Msfs]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\MSSCNTRS]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Mup]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\navapsvc]
"ImagePath"="\"C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NAVENG]
"ImagePath"="\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20081103.003\NAVENG.Sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NAVEX15]
"ImagePath"="\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\VIRUSD~1\20081103.003\NavEx15.Sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NDIS]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NDProxy]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NetTcpPortSharing]
"ImagePath"="\"C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Npfs]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NSCService]
"ImagePath"="C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Ntfs]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Null]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\nv]
"ImagePath"="system32\DRIVERS\nv4_mini.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NVSvc]
"ImagePath"="%SystemRoot%\system32\nvsvc32.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ossrv]
"ImagePath"="system32\DRIVERS\ctoss2k.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\P17]
"ImagePath"="system32\drivers\P17.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\P3]
"ImagePath"="system32\DRIVERS\p3.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Parport]
"ImagePath"="system32\DRIVERS\parport.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PartMgr]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ParVdm]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PCIDump]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Pcmcia]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\pcouffin]
"ImagePath"="System32\Drivers\pcouffin.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PDRELI]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\perc2]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\perc2hib]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PerfNet]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PerfOS]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PerfProc]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Planificateur LiveUpdate automatique]
"ImagePath"="\"C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Pml Driver HPZ12]
"ImagePath"="C:\WINDOWS\system32\HPZipm12.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PnP64x]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PQNTDrv]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\PxHelp20]
"ImagePath"="System32\Drivers\PxHelp20.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\QCDonner]
"ImagePath"="system32\DRIVERS\LVCD.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ql1080]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Ql10wnt]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ql12160]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ql1240]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ql1280]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\RDPDD]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\RDPWD]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\RDSessMgr]
"ImagePath"="C:\WINDOWS\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\RemoteRegistry]
"ServiceDll"="%SystemRoot%\system32\regsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\rtl8139]
"ImagePath"="system32\DRIVERS\RTL8139.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SaiHFF0C]
"ImagePath"="system32\DRIVERS\SaiHFF0C.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SaiUFF0C]
"ImagePath"="system32\DRIVERS\SaiUFF0C.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SAVRT]
"ImagePath"="\??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRT.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SAVRTPEL]
"ImagePath"="\??\C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVRTPEL.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SAVScan]
"ImagePath"="\"C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\sdAuxService]
"ImagePath"="C:\Program Files\Spyware Doctor\pctsAuxs.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\sdCoreService]
"ImagePath"="C:\Program Files\Spyware Doctor\pctsSvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\serenum]
"ImagePath"="system32\DRIVERS\serenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Serial]
"ImagePath"="system32\DRIVERS\serial.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SI3112r]
"ImagePath"="system32\DRIVERS\SI3112r.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SiFilter]
"ImagePath"="system32\DRIVERS\SiWinAcc.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Simbad]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SNDSrvc]
"ImagePath"="\"C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SONYPVU1]
"ImagePath"="system32\DRIVERS\SONYPVU1.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Sparrow]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SPBBCDrv]
"ImagePath"="\??\C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCDrv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SPBBCSvc]
"ImagePath"="\"C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\sptd]
"ImagePath"="System32\Drivers\sptd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\srservice]
"ServiceDll"="C:\WINDOWS\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\StillCam]
"ImagePath"="system32\DRIVERS\serscan.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SwPrv]
"ImagePath"="C:\WINDOWS\system32\dllhost.exe /Processid:{9338F532-7F0A-49A5-9200-45FC9B40E934}"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\swwd]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Symantec Core LC]
"ImagePath"="\"C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\symc810]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\symc8xx]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SYMDNS]
"ImagePath"="\SystemRoot\System32\Drivers\SYMDNS.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SymEvent]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\SYMEVENT.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SYMFW]
"ImagePath"="\SystemRoot\System32\Drivers\SYMFW.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SYMIDS]
"ImagePath"="\SystemRoot\System32\Drivers\SYMIDS.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SYMIDSCO]
"ImagePath"="\??\C:\PROGRA~1\FICHIE~1\SYMANT~1\SymcData\idsdefs\20081031.001\symidsco.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\symlcbrd]
"ImagePath"="\??\C:\WINDOWS\system32\drivers\symlcbrd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SYMNDIS]
"ImagePath"="\SystemRoot\System32\Drivers\SYMNDIS.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SYMREDRV]
"ImagePath"="\SystemRoot\System32\Drivers\SYMREDRV.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SYMTDI]
"ImagePath"="\SystemRoot\System32\Drivers\SYMTDI.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\sym_hi]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\sym_u3]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\tbhsd]
"ImagePath"="system32\drivers\tbhsd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\TDTCP]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\TlntSvr]
"ImagePath"="C:\WINDOWS\system32\tlntsvr.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\TosIde]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\TSDDD]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Udfs]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\UGatherer]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\UGTHRSVC]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ultra]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\usbstor]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\ViaIde]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\VolSnap]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\vulfnths]
"ImagePath"="\SystemRoot\System32\Drivers\vulfnth.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\vulfntrs]
"ImagePath"="\SystemRoot\System32\Drivers\vulfntr.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\VxD]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\W3SVC]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\WDICA]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Winsock]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Winsock - Google Desktop Search Backup Before First Install]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Winsock - Google Desktop Search Backup Before Last Install]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\WinSock2]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Winsock2 - Google Desktop Search Backup Before First Install]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Winsock2 - Google Desktop Search Backup Before Last Install]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\WinTrust]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\WMDM PMSP Service]
"ImagePath"="C:\WINDOWS\system32\MsPMSPSv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\WmdmPmSN]
"ServiceDll"="C:\WINDOWS\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\Wmi]
"ServiceDll"="%SystemRoot%\System32\advapi32.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\WmiApSrv]
"ImagePath"="C:\WINDOWS\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\WMPNetworkSvc]
"ImagePath"="\"C:\Program Files\Windows Media Player\WMPNetwk.exe\""

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\WS2IFSL]
"ImagePath"="\SystemRoot\System32\drivers\ws2ifsl.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\WSearch]
"ImagePath"="%systemroot%\system32\SearchIndexer.exe /Embedding"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\WSearchIdxPi]

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\wuauserv]
"ServiceDll"="C:\WINDOWS\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\X4HSX32]
"ImagePath"="\??\C:\Program Files\Metaboli Player\X4HSX32.Sys"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\system\ControlSet017\Services\{47005A3A-734F-4605-AF0B-5579F177C9B4}]

[HKEY_LOCAL_MACHINE

Réponse 42 / 56

anthony5151 Messages postés 10927 Statut Contributeur sécurité 790

Pourquoi est-ce que tu as tout recommencé ?

Le rapport hijackthis est ancien, postes-en un nouveau stp

Réponse 43 / 56

neverand7 Messages postés 66 Statut Membre 2

Bonjour, Anthony,

Je n'ai pas pu redemarré en mode Normale aujourd'hui lordi plante !

j' ai toujours le virus : Trojan VUNDO. & VUNDO.H sur l'ordi ainsi qu' un ROOTKIT.Agent qui reste ???
impossible de les supprimés.

Que dois-je faire SVP merci à vous.

anthony5151 Messages postés 10927 Statut Contributeur sécurité 790

"j' ai toujours le virus : Trojan VUNDO. & VUNDO.H sur l'ordi ainsi qu' un ROOTKIT.Agent qui reste ???
impossible de les supprimés. "

Comment le sais-tu ? Ton antivirus affiche une alerte ?
Si oui, où sont situés les fichiers détectés ?

Poste le rapport hijackthis depuis le mode sans échec si tu n'as pas accès au mode normal.
N'essaye surtout pas de faire une restauration du système (sinon tous les fichiers infectés qu'on a supprimé depuis vont revenir).

Réponse 44 / 56

neverand7 Messages postés 66 Statut Membre 2

Bonsoir Anthony,

Bon, j'ai refais toutes les manips mais rien n'y fait, je n'arrive pas à redémarré en mode normal XP se lance et puis l'écran reste NOIR, il ne fonctionne qu'en mode sans échec que simplement .

il y a un virus "RootKit Agent qui bloc le système de redémarrage"

Que Faire SVP Merci pour votre aide....!!!!

A+

Réponse 45 / 56

neverand7 Messages postés 66 Statut Membre 2

Bsr Anthony,

Merci, mais impossible d'executer les manips car impossible d'ouvrir windos, l'ordi ne repond plus...
Je crois que je suis dans le caca !... Snifff !...

Réponse 46 / 56

anthony5151 Messages postés 10927 Statut Contributeur sécurité 790

"RootKit Agent qui bloc le système de redémarrage"

Je reposte ce que j'ai mis plus haut...

==> Comment le sais-tu ? Ton antivirus affiche une alerte ? Si oui, où sont situés les fichiers détectés ?

Poste le rapport hijackthis depuis le mode sans échec si tu n'as pas accès au mode normal.
N'essaye surtout pas de faire une restauration du système (sinon tous les fichiers infectés qu'on a supprimé depuis vont revenir).

neverand7 Messages postés 66 Statut Membre 2

Bonsoir Anthony5151,

J'étais absent ses jours ci, alors je n'ai pas pu voir les msgs postés sur les deux forums,

Pour répondre à ta Question sur ROOTKIT.Agent : c'est le scan effectué sur le web en ligne par kaspersky qui l'a décelé car norton la découvert aussi mais il ne fonctionne pas en mode sans échec.

je refais un Log HIJK... et je le poste.

merci A +

neverand7 Messages postés 66 Statut Membre 2

Anthony,

Même si je doit restaurer, Je ne peux pas restaurer le système car il n'a plus de point de restauration! capout ! disparu ????

voilà

A+ merci

Réponse 47 / 56

anthony5151 Messages postés 10927 Statut Contributeur sécurité 790

Peux-tu poster ce fameux rapport de Kaspersky qui t'indiquent des infections ? Sans ça, je manque d'infos pour t'aider...

Tes points de restauration ont dû être supprimés par Kaspersky parce qu'ils étaient infectés.

Réponse 48 / 56

neverand7 Messages postés 66 Statut Membre 2

Bonjour Anthony 5151,

J'ai fais une erreur de rapport c'est sur KASPERSKY mais sur MBM pour le RootKit.Agent.

Voici tous les rapports depuis le 02 11 2008 (MBM)

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1306
Windows 5.1.2600 Service Pack 3

02/11/2008 19:26:49
mbam-log-2008-11-02 (19-26-39).txt

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 198425
Temps écoulé: 2 hour(s), 16 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 1
Clé(s) du Registre infectée(s): 4
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 5

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\wvUlljgE.dll (Trojan.Vundo.H) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{4e603aed-d1a6-4722-b582-479999d2e6b7} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4e603aed-d1a6-4722-b582-479999d2e6b7} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvulljge -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\wvulljge -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\wvUlljgE.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\EgjllUvw.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\EgjllUvw.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\TDSSktpa.dll (Rootkit.Agent) -> No action taken.
C:\WINDOWS\system32\drivers\TDSSmxoe.sys (Rootkit.Agent) -> No action taken.
___________________________________________________________________

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1357
Windows 5.1.2600 Service Pack 3

02/11/2008 23:28:25
mbam-log-2008-11-02 (23-28-02).txt

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 199325
Temps écoulé: 2 hour(s), 17 minute(s), 40 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 2
Clé(s) du Registre infectée(s): 7
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 2
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 8

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
C:\WINDOWS\system32\ssqNExUn.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nnnljjHY.dll (Trojan.Vundo) -> No action taken.

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{858066e4-5b74-40de-8a51-4bc0e1ae1da9} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{858066e4-5b74-40de-8a51-4bc0e1ae1da9} (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\nnnljjhy (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\{75abcf92-9764-4dfa-a83f-5142c3905052} (Trojan.Vundo) -> No action taken.

Elément(s) de données du Registre infecté(s):
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Notification Packages (Trojan.Vundo.H) -> Data: c:\windows\system32\ssqnexun -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\LSA\Authentication Packages (Trojan.Vundo) -> Data: c:\windows\system32\ssqnexun -> No action taken.

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\ssqNExUn.dll (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nUxENqss.ini (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nUxENqss.ini2 (Trojan.Vundo.H) -> No action taken.
C:\WINDOWS\system32\nnnljjHY.dll (Trojan.Vundo) -> No action taken.
C:\Documents and Settings\Colette\Local Settings\Temporary Internet Files\Content.IE5\TBR9OLGC\cntr[1] (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FDDF965-D4F9-47C4-982E-B9050E5B3CC9}\RP587\A0369773.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{1FDDF965-D4F9-47C4-982E-B9050E5B3CC9}\RP587\A0369778.dll (Trojan.Vundo) -> No action taken.
C:\WINDOWS\system32\vtUlLCro.dll (Trojan.Vundo) -> No action taken.

_________________________________________________________________

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1357
Windows 5.1.2600 Service Pack 3

04/11/2008 13:46:08
mbam-log-2008-11-04 (13-45-53).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 178061
Temps écoulé: 2 hour(s), 8 minute(s), 2 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 4

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{1FDDF965-D4F9-47C4-982E-B9050E5B3CC9}\RP588\A0369815.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FDDF965-D4F9-47C4-982E-B9050E5B3CC9}\RP588\A0369817.sys (Rootkit.Agent) -> No action taken.
C:\System Volume Information\_restore{1FDDF965-D4F9-47C4-982E-B9050E5B3CC9}\RP588\A0369822.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FDDF965-D4F9-47C4-982E-B9050E5B3CC9}\RP588\A0369823.dll (Trojan.Vundo) -> No action taken.

______________________________________________________________________

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1366
Windows 5.1.2600 Service Pack 3

07/11/2008 18:07:02
mbam-log-2008-11-07 (18-06-50).txt

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 199992
Temps écoulé: 2 hour(s), 17 minute(s), 4 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{1FDDF965-D4F9-47C4-982E-B9050E5B3CC9}\RP588\A0372168.sys (Rootkit.Agent) -> No action taken.

____________________________________________________________

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1366
Windows 5.1.2600 Service Pack 3

09/11/2008 16:34:49
mbam-log-2008-11-09 (16-34-22)_16h34

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 200189
Temps écoulé: 2 hour(s), 17 minute(s), 24 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 1

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\System Volume Information\_restore{1FDDF965-D4F9-47C4-982E-B9050E5B3CC9}\RP588\A0374295.sys (Rootkit.Agent) -> No action taken.

________________________________________________________________________________

Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1286
Windows 5.1.2600 Service Pack 3

19/10/2008 00:42:06
mbam-log-2008-10-19 (00-41-57).txt

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 240277
Temps écoulé: 2 hour(s), 45 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{858fde05-345a-4182-b40a-fc23a3a56924} (Trojan.Vundo.H) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggyyawx (Trojan.Vundo.H) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{858fde05-345a-4182-b40a-fc23a3a56924} (Trojan.Vundo.H) -> No action taken.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{65bbf06c-ea06-4818-92a3-f3550d0e1004} (Trojan.Zlob) -> No action taken.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\hgGyyawX.dll (Trojan.Vundo.H) -> No action taken.
C:\System Volume Information\_restore{1FDDF965-D4F9-47C4-982E-B9050E5B3CC9}\RP560\A0360370.dll (Trojan.Vundo) -> No action taken.
C:\System Volume Information\_restore{1FDDF965-D4F9-47C4-982E-B9050E5B3CC9}\RP563\A0361522.dll (Trojan.Vundo) -> No action taken.

_____________________________________________________________________________________

Malwarebytes' Anti-Malware 1.29
Version de la base de données: 1286
Windows 5.1.2600 Service Pack 3

19/10/2008 00:42:21
mbam-log-2008-10-19 (00-42-21).txt

Type de recherche: Examen complet (C:\|F:\|)
Eléments examinés: 240277
Temps écoulé: 2 hour(s), 45 minute(s), 23 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 3
Valeur(s) du Registre infectée(s): 1
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 3

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{858fde05-345a-4182-b40a-fc23a3a56924} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\hggyyawx (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{858fde05-345a-4182-b40a-fc23a3a56924} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Valeur(s) du Registre infectée(s):
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{65bbf06c-ea06-4818-92a3-f3550d0e1004} (Trojan.Zlob) -> Quarantined and deleted successfully.

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
C:\WINDOWS\system32\hgGyyawX.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FDDF965-D4F9-47C4-982E-B9050E5B3CC9}\RP560\A0360370.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1FDDF965-D4F9-47C4-982E-B9050E5B3CC9}\RP563\A0361522.dll (Trojan.Vundo) -> Quarantined and deleted successfully.

________________________________________________________________________________

fin et le raprt Virus Kaspersky

not-a-virus:RemoteAdmin.Win32.WinVNC-based.c
not-a-virus:RemoteAdmin.Win32.WinVNC-based.c
not-a-virus:RiskTool.Win32.Reboot.f
Trojan.Win32.Buzus.ztx
Trojan.Win32.Monderb.sgr

not-a-virus:RiskTool.Win32.Reboot.f
not-a-virus:WebToolbar.Win32.MyWebSearch.bm
not-a-virus:PSWTool.Win32.PdfCracker.b
not-a-virus:RemoteAdmin.Win32.RAdmin.22

--------------------------------------------------------------

Voilà merci A+

Réponse 49 / 56

anthony5151 Messages postés 10927 Statut Contributeur sécurité 790

Le scan le plus récent date du 09/11/2008, c'est normal qu'il y ait des détections, on n'avait pas encore tout fait...
Poste un nouveau rapport stp

Réponse 50 / 56

neverand7 Messages postés 66 Statut Membre 2

Bonsoir Anthony,

Le Dernier Rapport est d'hier !

Malwarebytes' Anti-Malware 1.30
Version de la base de données: 1416
Windows 5.1.2600 Service Pack 3

22/11/2008 22:00:48
mbam-log-2008-11-22 (22-00-48).txt

Type de recherche: Examen complet (C:\|)
Eléments examinés: 178247
Temps écoulé: 1 hour(s), 6 minute(s), 29 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)
________________________________

je suis entrain de refaire une récup avec le cd Windows XP Pro SP2 mais j'ai la version SP3 installée faut il désinstaller SP3 pour faire la récup ?

A +

Réponse 51 / 56

anthony5151 Messages postés 10927 Statut Contributeur sécurité 790

Ce dernier rapport n'indique plus d'infection, tu vois ;)
Poste un nouveau rapport hijackthis stp, je vais te donner les derniers conseils pour finir le nettoyage et sécuriser ton ordinateur.

Réponse 52 / 56

neverand7 Messages postés 66 Statut Membre 2

Voilà le rapport Hijack

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 01:27:25, on 23/11/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16735)
Boot mode: Safe mode

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://actus.sfr.fr
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = https://www.bing.com/?toHttps=1&redig=5FC791212101479BAFBE1A679848B1AF
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Acrobat\ActiveX\AcroIEHelper.ocx
O2 - BHO: (no name) - {104A56C9-AEF2-4446-8556-AC73FE02E12A} - (no file)
O2 - BHO: (no name) - {2576DE89-F6A9-4884-A17A-1AC617D6BF9B} - (no file)
O2 - BHO: (no name) - {39422FBF-D593-46A9-AB66-1A1B1C60A084} - (no file)
O2 - BHO: (no name) - {61A05982-3B88-4C80-9432-29C7FEEF4C15} - (no file)
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Norton Internet Security 2006 - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O2 - BHO: NAV Helper - {A8F38D8D-E480-4D52-B7A2-731BB6995FDD} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar3.dll
O2 - BHO: (no name) - {FB4DBEFD-26D2-4195-AF35-8E77FD643596} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar3.dll
O3 - Toolbar: Norton Internet Security 2006 - {0B53EAC3-8D69-4b9e-9B19-A37C9A5676A7} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll
O3 - Toolbar: Norton AntiVirus - {C4069E3A-68F1-403E-B40E-20066696354B} - C:\Program Files\Norton Internet Security\Norton AntiVirus\NavShExt.dll
O4 - HKLM\..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Lexmark X6100 Series] "C:\Program Files\Lexmark X6100 Series\lxbfbmgr.exe"
O4 - HKLM\..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HPHUPD05] C:\Program Files\Hewlett-Packard\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [PrinTray] C:\WINDOWS\System32\spool\DRIVERS\W32X86\2\printray.exe
O4 - HKLM\..\Run: [DAEMON Tools] "C:\Program Files\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Fichiers communs\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Symantec PIF AlertEng] "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [AnyDVD] C:\Program Files\SlySoft\AnyDVD\AnyDVDtray.exe
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - HKCU\..\Run: [Tunebite] C:\Program Files\RapidSolution\Tunebite\Tunebite.exe -tray
O4 - HKCU\..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [BoostSpeed] "C:\Program Files\AusLogics BoostSpeed\boostspeed.exe" /Q
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Acrobat Assistant.lnk = C:\Program Files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\KEM.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O4 - Global Startup: WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Fichiers communs\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.euro.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - https://www.kaspersky.fr/?domain=webscanner.kaspersky.fr
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} (Symantec AntiVirus scanner) - http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab
O16 - DPF: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://www.bitdefender.fr/scan_fr/scan8/oscan8.cab
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6662.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} (HpProductDetection Class) - http://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/...
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - https://www.touslesdrivers.com/index.php?v_page=29
O16 - DPF: {88764F69-3831-4EC1-B40B-FF21D8381345} (AdVerifierADPCtrl Class) - https://static.impots.gouv.fr/tdir/static/adpform/AdSignerADP-1.1.cab
O16 - DPF: {AB86CE53-AC9F-449F-9399-D8ABCA09EC09} (Get_ActiveX Control) - https://h17000.www1.hp.com/ewfrf-JAVA/Secure/HPGetDownloadManager.ocx
O17 - HKLM\System\CCS\Services\Tcpip\..\{D48D1661-A915-4580-9D9F-880932020444}: NameServer = 194.117.200.10,194.117.200.15
O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Fichiers communs\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Service Bonjour (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Internet Security Password Validation (ccISPwdSvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\ccPwdSvc.exe
O23 - Service: Symantec Network Proxy (ccProxy) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccProxy.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\ccSetMgr.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - C:\Program Files\Norton Internet Security\comHost.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: InCD Helper (InCDsrv) - Nero AG - C:\Program Files\Ahead\InCD\InCDsrv.exe
O23 - Service: Service de l'iPod (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Fichiers communs\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Fichiers communs\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~3\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe
O23 - Service: Service Norton AntiVirus Auto-Protect (navapsvc) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\navapsvc.exe
O23 - Service: Service Norton Protection Center (NSCService) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\Security Console\NSCSRVCE.EXE
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Planificateur LiveUpdate automatique - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Symantec AVScan (SAVScan) - Symantec Corporation - C:\Program Files\Norton Internet Security\Norton AntiVirus\SAVScan.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe

Réponse 53 / 56

anthony5151 Messages postés 10927 Statut Contributeur sécurité 790

Ton accès au mode normal ne fonctionne toujours pas ?

Réponse 54 / 56

neverand7 Messages postés 66 Statut Membre 2

Bonjour Anthony5151,

Je n'ai pas le deuxieme écran comme dans le tuto pour réparer XP PRO SP2, lorsque je suis les instructions il examine le système et puis, il me demande de réinstaller ou de d'éffacer la partition
déjà éxistante.

l'ecran :

la liste suivante affiche les partitions existantes et l'espace non-partitionné sur cet ordinateur.
utiliser les flèches haut et bas pour selectionner un élément dans la liste.

- pour installer Windows XP sur l'emplacement selectionné, appuyer sur entré
- pour créer une partition dans l'espace non partitionné appuyez sur C
- pour supprimer la partition sélectionnez et appuez sur S

A l'intérieur du cadre :

Le disque 0 de 78160 MO ayant l'ID 0 dubus 0 sur ATAPI [MBR ]

C : partition 1 (DSK 1_volume 1) [NTFS] 78160 MO (34725 MO libres)

dernière ligne du bas
ENTREE = Installation S=supprimer une partition F3=quitter

Je n'ai pas la ligne R=récupération

Si je réinstalle cela va refaire une nouvelle installation et je perdrais les éléments du PC.

Question :[b] que dois-je faire ?

Merci A+

Réponse 55 / 56

neverand7 Messages postés 66 Statut Membre 2

Bonsoir Anthony5151,

Bon alors j'ai suivi les instructions mais en mode sans échec avec "cmd enter, puis xaphege>sfc/scannow ! il ne connait pas !!!!

il dit : le chemin d'accès spécifié est introuvable !!! ????

Que faire ? puisque je ne peux toujours pas redémarrer en mode normal.

merci de me tenir informer.

A+

anthony5151 Messages postés 10927 Statut Contributeur sécurité 790

Je te conseille d'ouvrir un nouveau sujet dans la partie "Windows" du forum, pour demander comment réparer Windows, on pourra mieux t'y aider que moi à ce sujet (désolé).

Bon courage

Réponse 56 / 56

neverand7 Messages postés 66 Statut Membre 2

Bonsoir Anthony5151,

Encore merci pour ton aide.

Merci, merci.

Virus ou trojan blq mon Ordi_ Vundo & Monder - Page 3

Discussions similaires

Newsletters