PC marche/arrêt+clavier très lent+UC à 100%

salut :

Desactive ton antivirus le temps de la manip ainsi que ton parefeu si présent

▶ Télécharge List&Kill'em et enregistre le sur ton bureau</gras>

Il ne necessite pas d'installation

▶double clic (clic droit "executer en tant qu'administrateur" pour Vista) pour lancer le scan

choisis la langue puis choisis l'option 1 = Mode Recherche

▶laisse travailler l'outil

le rapport va s'afficher , une fois le scan fini

▶colle le contenu dans ta prochaine réponse

Salut,


edit ...


infection Tibs surement ... ;)


Bonne chasse Gen ...

oui je pense auusi salut ske

mon tool nous le dira peut-être ^^

hello!

J'ai réésayé, le prog à marché, le rapport dans le prochain msg.

Voici la rapport fait avec antivirus et pare feu inactif.

List'em by g3n-h@ckm@n 1.0.2.5

updated on 18.08.2009 ::::: 02.00


Microsoft Windows XP [version 5.1.2600]


18/08/2009 15:58:49,64

Infections :
==========


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
"C:\Program Files\VSAdd-in"
"C:\WINDOWS\antiv.exe"
"C:\WINDOWS\System32\mcrh.tmp"
C:\WINDOWS\System32\SETFD.tmp
C:\WINDOWS\System32\SET101.tmp
C:\WINDOWS\System32\SET109.tmp

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :


¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

DEFRAG.EXE-2858C7E2.pf
FOIENUM.EXE-256ECF41.pf
WMIPRVSE.EXE-0D449B4F.pf
SVCHOST.EXE-2D5FBD18.pf
TASKMGR.EXE-06144C13.pf
REGSVR32.EXE-396DEA2C.pf
UPDATE.EXE-08A48A3C.pf
UPDATE.EXE-05E8F498.pf
SPUPDSVC.EXE-07BA1E73.pf
UNREGMP2.EXE-0CFB0619.pf
UPDATE.EXE-0B5892F2.pf
DFRGFAT.EXE-22605FE5.pf
MONITOR.EXE-0693E15D.pf
MDM.EXE-1C8F90CC.pf
CCSVCHST.EXE-344824DF.pf
ADMSERV.EXE-098B4307.pf
LOGONUI.EXE-312BE1BF.pf
EDSLOADER.EXE-2A914953.pf
JQS.EXE-31B60334.pf
REGSRVC.EXE-1A4FEDDE.pf
SPOOLSV.EXE-3A613CE3.pf
WSCNTFY.EXE-0B14C27D.pf
EPM-DM.EXE-3472C0E6.pf
QTTASK.EXE-1876A1A1.pf
IMSCINST.EXE-2B626103.pf
IMJPMIG.EXE-32ABEE9A.pf
WUAUCLT.EXE-1360D60A.pf
PCMSERVICE.EXE-384B5F7A.pf
JUSCHED.EXE-04A13915.pf
ALG.EXE-275708CF.pf
HKCMD.EXE-0F06AE14.pf
VERCLSID.EXE-28F52AD2.pf
E_FATIBVE.EXE-3116AFAD.pf
WMIAPSRV.EXE-02740A4B.pf
ADMTRAY.EXE-261081D2.pf
IMAPI.EXE-201490BB.pf
ALAUNCH.EXE-145B15F4.pf
ACER EPOWER MANAGEMENT.EXE-269102ED.pf
SYNTPLPR.EXE-0340D8DF.pf
TINTSETP.EXE-2DD83AEF.pf
SYNTPENH.EXE-2B70B91C.pf
CONTROL.EXE-24FBF8B3.pf
EXPLORER.EXE-02121B1A.pf
RUNDLL32.EXE-419F288A.pf
RUNDLL32.EXE-4C50DFCF.pf
CCSVCHST.EXE-344824DE.pf
REGEDIT.EXE-2AE3423E.pf
SPYBOTSD.EXE-1702AD5F.pf
CCLEANER.EXE-09CFC2BC.pf
SERVICES.EXE-3019B50A.pf
LSASS.EXE-306A65C3.pf
CLTLMH.EXE-27C5E000.pf
ATI2EVXX.EXE-07A42849.pf
SYKNLU.EXE-3824A9F2.pf
HELPSVC.EXE-1C192440.pf
UPDATER.EXE-39006714.pf
HELPER.EXE-0324EC74.pf
HIJACKTHIS.EXE-241EE54E.pf
NOTEPAD.EXE-2F2D61E1.pf
IGFXPERS.EXE-19DA7B04.pf
MMC.EXE-3D339B16.pf
RUNDLL32.EXE-3D479208.pf
IGFXSRVC.EXE-1D88F978.pf
DWWIN.EXE-2C373FB7.pf
LIST_KILLEM.EXE-2B96FA7F.pf
DRWTSN32.EXE-01DDCF15.pf
MODE.COM-318FFE37.pf
CMD.EXE-034B0549.pf
REG.EXE-07FA5B3F.pf
HELPCTR.EXE-0BD5B31B.pf
DWTRIG20.EXE-1F73F0CD.pf
JQSNOTIFY.EXE-359F83C5.pf
Layout.ini
NTOSBOOT-B00DFAAD.pf
SCRNSAVE.SCR-22431769.pf
IGFXTRAY.EXE-0A23D403.pf
CTFMON.EXE-05E57A5E.pf
FIREFOX.EXE-06188867.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Ferme toutes tes fenetres(y compris internet et windows live messenger) , puis :

▶ Relance List&Kill'em comme tu as fait pour l'option 1 (soit en clic droit pour vista),

mais cette fois-ci :

▶ choisis l'option 2 = Mode Destruction

laisse travailler l'outil

apres les verifications , un rapport va s'ouvrir.

▶ ferme-le.

un deuxieme rapport va s'ouvrir ,

▶ colle son contenu dans ta reponse

Voici le rapport (fallait-il désactiver l'antivirus et le pare feu?)?


Kill'em by g3n-h@ckm@n 1.0.2.5

updated on 18.08.2009 ::::: 02.00


Microsoft Windows XP [version 5.1.2600]


18/08/2009 16:40:59,78

Fichiers analysés :
=================


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"
"C:\Program Files\VSAdd-in"
"C:\WINDOWS\antiv.exe"
"C:\WINDOWS\System32\mcrh.tmp"
C:\WINDOWS\System32\SETFD.tmp
C:\WINDOWS\System32\SET101.tmp
C:\WINDOWS\System32\SET109.tmp


¤¤¤¤¤¤¤¤¤¤ Action sur les fichiers :

Quarantaine :

VSAdd-in.Kill'em
AntiV.EXE.Kill'em
mcrh.tmp.Kill'em
SETFD.tmp.Kill'em
SET101.tmp.Kill'em
SET109.tmp.Kill'em





¤¤¤¤¤¤¤¤¤¤ Verification :
List'em by g3n-h@ckm@n 1.0.2.5

updated on 18.08.2009 ::::: 02.00


Microsoft Windows XP [version 5.1.2600]


18/08/2009 16:42:04,25

Infections :
==========


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :


¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

REG.EXE-07FA5B3F.pf
Layout.ini
NTOSBOOT-B00DFAAD.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤

Télécharge OTL de OLDTimer

▶ enregistre le sur ton Bureau.

▶ Double clic sur OTL.exe pour le lancer.

▶ Coche les 2 cases Lop et Purity

▶ Coche la case devant scan all users

▶ règle-le sur "60 Days"

▶ dans la colonne de gauche , mets tout sur all

▶Clic sur Run Scan.

A la fin du scan, le Bloc-Notes va s'ouvrir avec le rapport (OTL.txt).

Ce fichier est sur ton Bureau (en général C:\Documents and settings\le_nom_de_ta_session\OTL.txt)

▶▶▶ NE LE POSTE PAS SUR LE FORUM

Pour me le transmettre clique sur ce lien : http://www.cijoint.fr/

▶ Clique sur Parcourir et cherche le fichier ci-dessus.

▶ Clique sur Ouvrir.

▶ Clique sur "Cliquez ici pour déposer le fichier".

Un lien de cette forme :

http://www.cijoint.fr/cjlink.php?file=cjge368/cijSKAP5fU.txt

est ajouté dans la page.

▶ Copie ce lien dans ta réponse.

Tu feras la meme chose avec le "Extra.txt".

.

Bonjour,

Voici OTL:
http://www.cijoint.fr/cjlink.php?file=cj200908/cijqRVQSyT.txt

Et extra:
http://www.cijoint.fr/cjlink.php?file=cj200908/cijpTZyuxZ.txt

Merci

▶ Télécharge Zeb-Restoreet enregistre ce fichier sur le bureau.

▶-Clic droit Zeb-Restore.zip ==> Extraire tout choisis comme lieu d'enregistrement le bureau.

▶-Ouvre le dossier ZR_1.0.0.37 ==> double clic sur Zeb-Restore.exe

▶- Coche la case devant :sites de confiance

▶- Ne coche aucune autre case

▶-Clique sur Restaurer

▶-Redémarre ton PC

ensuite :


/!\ ATTENTION SUIVRE SCRUPULEUSEMENT A LA LETTRE CES INDICATIONS/!\

▶ Surtout , pense à l'enregistrement à renommer Combofix en "ton prenom.exe"

_________________________________________________________________
>Ce logiciel n'est à utiliser que prescrit par un helper qualifié et formé à l'outil.<
>>>>>>>Ne pas utiliser en dehors de ce cas de figure : dangereux!<<<<<<<<
=====================================================

▶ On va utiliser ComboFix.exe. Rends toi sur cette page web pour obtenir les liens de téléchargement, ainsi que des instructions pour exécuter l'outil:

http://www.bleepingcomputer.com/combofix/fr/comment-utiliser-combofix


Avant d'utiliser ComboFix :
______________________________________________________________________
>> referme les fenêtres de tous les programmes en cours.
>> Désactive provisoirement et seulement le temps de l'utilisation de ComboFix,
>>la protection en temps réel de ton Antivirus et de tes Antispywares,
>>qui peuvent gêner fortement la procédure de recherche et de nettoyage de l'outil.
°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°°

▶ !!!!!NE TOUCHE A RIEN PENDANT LE TRAVAIL DE COMBOFIX (SOURIS/CLAVIER.....)!!!!!

▶ n'oublie pas de reactiver la garde de ton Antivirus et de tes Antispywares, avant de te reconnecter à internet.

>> Reviens sur le forum, et

▶ copie et colle la totalité du contenu de C:\Combofix.txt dans ton prochain message.

Bonjour,

Ci dessous le rapport. Pour info, je n'ai pas eu le msg d'erreur pour la console mais apparemment, elle n'est pas installée. De +,le clavier est très lent...


ComboFix 09-08-10.06 - Samuel 18/08/2009 22:25.1.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.1014.596 [GMT 2:00]
Running from: c:\documents and settings\Samuel\Bureau\Virginie.exe.exe
AV: Norton AntiVirus *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\progra~1\FICHIE~1\{320D1~1
c:\program files\Fichiers communs\uninstall information
c:\program files\WinPCap
c:\program files\WinPCap\daemon_mgm.exe
c:\program files\WinPCap\npf_mgm.exe
c:\program files\WinPCap\rpcapd.exe
C:\System
c:\windows\Installer\2888a5.msp
c:\windows\Installer\7367f.msp
c:\windows\system32\cfhkj.bak1
c:\windows\system32\cfhkj.bak2
c:\windows\system32\cfhkj.ini
c:\windows\system32\cfhkj.ini2
c:\windows\system32\cfhkj.tmp
c:\windows\system32\components
c:\windows\system32\drivers\npf.sys
c:\windows\system32\nykiiijw.ini
c:\windows\system32\nykiiijw.ini2
c:\windows\system32\nykiiijw.tmp
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wnsapisv.exe
c:\windows\system32\wpcap.dll
c:\windows\system32\yycdd.bak1
c:\windows\system32\yycdd.bak2
c:\windows\system32\yycdd.ini
c:\windows\system32\yycdd.ini2
c:\windows\system32\yycdd.tmp
D:\install.exe


.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_NPF


((((((((((((((((((((((((( Files Created from 2009-07-18 to 2009-08-18 )))))))))))))))))))))))))))))))
.

2009-08-18 20:44 . 2009-04-24 21:39 165240 ----a-r- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
2009-08-18 14:40 . 2009-08-18 14:41 -------- d-----w- C:\Kill'em
2009-08-18 14:29 . 2009-07-13 08:00 87888 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.003\NAVENG.SYS
2009-08-18 14:29 . 2009-07-13 08:00 875728 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.003\NAVEX15.SYS
2009-08-18 14:29 . 2009-04-24 21:39 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.003\NAVENG32.DLL
2009-08-18 14:29 . 2009-04-24 21:39 1181040 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.003\NAVEX32A.DLL
2009-08-18 14:29 . 2009-04-24 21:39 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.003\EECTRL.SYS
2009-08-18 14:29 . 2009-04-24 21:39 101936 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.003\ERASER.SYS
2009-08-18 14:29 . 2009-04-24 21:39 259368 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.003\ECMSVR32.DLL
2009-08-18 14:29 . 2009-04-24 21:38 2414128 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.003\CCERASER.DLL
2009-08-16 13:49 . 2009-07-10 13:27 1315328 ------w- c:\windows\system32\dllcache\msoe.dll
2009-08-14 19:48 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\Scxpx86.dll
2009-08-14 19:48 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSXpx86.sys
2009-08-14 19:48 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSxpx86.dll
2009-08-14 19:48 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSvix86.sys
2009-08-14 19:48 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090810.001\IDSviA64.sys
2009-08-07 05:52 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\Scxpx86.dll
2009-08-07 05:52 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSXpx86.sys
2009-08-07 05:52 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSxpx86.dll
2009-08-07 05:52 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSvix86.sys
2009-08-07 05:52 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20090730.003\IDSviA64.sys
2009-08-05 09:00 . 2009-08-05 09:00 205312 ------w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-21 17:59 . 2009-07-21 17:59 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-07-21 17:59 . 2009-07-21 17:59 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-07-21 17:59 . 2009-07-21 17:59 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2009-07-21 17:59 . 2009-07-21 17:59 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-05 09:00 . 2004-08-05 03:00 205312 ----a-w- c:\windows\system32\mswebdvd.dll
2009-07-17 19:03 . 2004-08-05 03:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-12 10:21 . 2004-08-05 03:00 233472 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-11 19:34 . 2009-07-11 19:34 276344 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-07-11 19:34 . 2009-07-11 19:34 293424 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-07-11 19:34 . 2009-07-11 19:34 533880 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 451960 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-07-11 19:34 . 2009-07-11 19:34 397360 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys
2009-07-04 22:03 . 2009-07-04 22:03 -------- d-----w- c:\documents and settings\Samuel\Application Data\Mumble
2009-07-04 22:00 . 2009-07-04 22:00 -------- d-----w- c:\program files\Mumble
2009-07-01 21:25 . 2009-07-01 21:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Cyberlink
2009-06-30 07:58 . 2009-06-30 07:58 -------- d-----w- c:\program files\Trend Micro
2009-06-29 23:21 . 2009-06-29 23:21 -------- d-----w- c:\program files\Windows Defender
2009-06-29 15:57 . 2004-08-05 03:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 15:57 . 2004-08-05 03:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 15:57 . 2004-08-05 03:00 17408 ----a-w- c:\windows\system32\corpol.dll
2009-06-16 14:40 . 2004-08-05 03:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:40 . 2004-08-05 03:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-15 10:44 . 2004-08-05 03:00 78848 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:14 . 2004-08-05 03:00 85504 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 07:21 . 2004-08-05 03:00 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 06:15 . 2004-08-05 03:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:10 . 2004-08-05 03:00 1297408 ----a-w- c:\windows\system32\quartz.dll
2008-08-17 16:26 . 2008-08-17 16:26 19024384 ----a-w- c:\program files\Memeo AutoSync.msi
2008-08-17 16:26 . 2008-08-17 16:26 56832 ----a-w- c:\program files\1036.MST
2008-08-17 16:26 . 2008-08-17 16:26 7242 ----a-w- c:\program files\0x040c.ini
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"epm-dm"="c:\acer\Empowering Technology\ePower\epm-dm.exe" [2005-11-25 212992]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-01-07 692315]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-05 455168]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-01-13 135168]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-08-31 147456]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-05 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-05 208952]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-01-13 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-01-13 163840]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-19 69632]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-09 3084288]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\FICHIE~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
Contents of the 'Scheduled Tasks' folder

2009-08-15 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-03 17:20]
.
- - - - ORPHANS REMOVED - - - -

URLSearchHooks-{CBC6AE7B-38CB-3E17-EC54-367666355997} - (no file)
BHO-{17F50BC6-5A44-E505-9ACC-0509DB44788B} - (no file)
BHO-{65FEAD7E-83DC-4773-BAB4-A920023ECF44} - (no file)
BHO-{CBC6AE7B-38CB-3E17-EC54-367666355997} - (no file)
Notify-ddcyy - c:\windows\system32\ddcyy.dll


.
------- Supplementary Scan -------
.
uStart Page = hxxp://google.huddi.com
uInternet Settings,ProxyOverride = localhost
IE: &Sample Toolband Serach - c:\windows\system32\ToolBand.dll/MENUSEARCH.HTM
IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\Office10\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Samuel\Application Data\Mozilla\Firefox\Profiles\d7dtph0d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.fr
FF - component: c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\IPSFFPlgn\components\IPSFFPl.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-18 22:45
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Data]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET CLR Networking]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for Oracle]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NET Data Provider for SqlServer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\.NETFramework]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Abiosdsk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\abp480n5]
"ImagePath"="system32\DRIVERS\ABP480N5.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPI]
"ImagePath"="system32\DRIVERS\ACPI.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ACPIEC]
"ImagePath"="system32\DRIVERS\ACPIEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\adpu160m]
"ImagePath"="system32\DRIVERS\adpu160m.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aec]
"ImagePath"="system32\drivers\aec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AegisP]
"ImagePath"="system32\DRIVERS\AegisP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Afc]
"ImagePath"="system32\drivers\Afc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AFD]
"ImagePath"="\SystemRoot\System32\drivers\afd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agp440]
"ImagePath"="system32\DRIVERS\agp440.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\agpCPQ]
"ImagePath"="system32\DRIVERS\agpCPQ.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Aha154x]
"ImagePath"="system32\DRIVERS\aha154x.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78u2]
"ImagePath"="system32\DRIVERS\aic78u2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aic78xx]
"ImagePath"="system32\DRIVERS\aic78xx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Alerter]
"ServiceDll"="%SystemRoot%\system32\alrsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ALG]
"ImagePath"="%SystemRoot%\System32\alg.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AliIde]
"ImagePath"="system32\DRIVERS\aliide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\alim1541]
"ImagePath"="system32\DRIVERS\alim1541.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amdagp]
"ImagePath"="system32\DRIVERS\amdagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\amsint]
"ImagePath"="system32\DRIVERS\amsint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AppMgmt]
"ServiceDll"="%SystemRoot%\System32\appmgmts.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc]
"ImagePath"="system32\DRIVERS\asc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3350p]
"ImagePath"="system32\DRIVERS\asc3350p.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\asc3550]
"ImagePath"="system32\DRIVERS\asc3550.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_1.1.4322]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ASP.NET_2.0.50727]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aspnet_state]
"ImagePath"="%SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\aswTdi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AsyncMac]
"ImagePath"="system32\DRIVERS\asyncmac.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\atapi]
"ImagePath"="system32\DRIVERS\atapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atdisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ati HotKey Poller]
"ImagePath"="%SystemRoot%\system32\Ati2evxx.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ati2mtag]
"ImagePath"="system32\DRIVERS\ati2mtag.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atierecord]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Atmarpc]
"ImagePath"="system32\DRIVERS\atmarpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AudioSrv]
"ServiceDll"="%SystemRoot%\System32\audiosrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\audstub]
"ImagePath"="system32\DRIVERS\audstub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\AWService]
"ImagePath"="\"c:\acer\Empowering Technology\admServ.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BattC]
"MofImagePath"="System32\Drivers\battc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Beep]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BHDrvx86]
"ImagePath"="\??\c:\windows\system32\drivers\NAV\1005000.086\BHDrvx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\BITS]
"ServiceDll"="%systemroot%\system32\qmgr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Browser]
"ServiceDll"="%SystemRoot%\System32\browser.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\catchme]
"ImagePath"="\??\c:\docume~1\Samuel\LOCALS~1\Temp\catchme.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf]
"ImagePath"="system32\DRIVERS\cbidf2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cbidf2k]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CCDECODE]
"ImagePath"="system32\DRIVERS\CCDECODE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ccHP]
"ImagePath"="\??\c:\windows\system32\drivers\NAV\1005000.086\ccHPx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\cd20xrnt]
"ImagePath"="system32\DRIVERS\cd20xrnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdaudio]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cdrom]
"ImagePath"="system32\DRIVERS\cdrom.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Changer]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CiSvc]
"ImagePath"="%SystemRoot%\system32\cisvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CLCapSvc]
"ImagePath"="\"c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe\"\00|\00\00\00\00\08OX\02\00\00\00\00¨âZ\02\00\00S\02pè\13\00pè\13\00ˆ\01\15\00 Ô\\02 ›
[\02\18\02\15\00æ\1b€|\00\00\15\00\00\00\00\00ö\1b"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ClipSrv]
"ImagePath"="%SystemRoot%\system32\clipsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\clr_optimization_v2.0.50727_32]
"ImagePath"="c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CLSched]
"ImagePath"="\"c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe\"\00c\00a\00d\00e\00\\00K\00e\00r\00n\00e\00l\00\\00T\00V\00\\00C\00L\00C\00a\00p\00S\00v\00c\00.\00e\00x\00e\00\00\00×a"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmBatt]
"ImagePath"="system32\DRIVERS\CmBatt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CmdIde]
"ImagePath"="system32\DRIVERS\cmdide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Compbatt]
"ImagePath"="system32\DRIVERS\compbatt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\COMSysApp]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{02D4B3F1-FD88-11D1-960D-00805FC79235}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentFilter]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ContentIndex]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Cpqarray]
"ImagePath"="system32\DRIVERS\cpqarray.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CryptSvc]
"ServiceDll"="%SystemRoot%\System32\cryptsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\CyberLink Media Library Service]
"ImagePath"="\"c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac2w2k]
"ImagePath"="system32\DRIVERS\dac2w2k.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dac960nt]
"ImagePath"="system32\DRIVERS\dac960nt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DcomLaunch]
"ServiceDll"="%SystemRoot%\system32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dhcp]
"ServiceDll"="%SystemRoot%\System32\dhcpcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Disk]
"ImagePath"="system32\DRIVERS\disk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmadmin]
"ImagePath"="%SystemRoot%\System32\dmadmin.exe /com"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmboot]
"ImagePath"="System32\drivers\dmboot.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmio]
"ImagePath"="System32\drivers\dmio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmload]
"ImagePath"="System32\drivers\dmload.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dmserver]
"ServiceDll"="%SystemRoot%\System32\dmserver.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\DMusic]
"ImagePath"="system32\drivers\DMusic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dnscache]
"ServiceDll"="%SystemRoot%\System32\dnsrslvr.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Dot3svc]
"ServiceDll"="%SystemRoot%\System32\dot3svc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\dpti2o]
"ImagePath"="system32\DRIVERS\dpti2o.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\drmkaud]
"ImagePath"="system32\drivers\drmkaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EapHost]
"ServiceDll"="%SystemRoot%\System32\eapsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\eeCtrl]
"ImagePath"="\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\eeCtrl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EpmPsd]
"ImagePath"="\??\c:\windows\system32\drivers\epm-psd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EpmShd]
"ImagePath"="\??\c:\windows\system32\drivers\epm-shd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EraserUtilRebootDrv]
"ImagePath"="\??\c:\program files\Fichiers communs\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ERSvc]
"ServiceDll"="%SystemRoot%\System32\ersvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Eventlog]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EventSystem]
"ServiceDll"="c:\windows\system32\es.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EvtEng]
"ImagePath"="c:\program files\Intel\Wireless\Bin\EvtEng.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fastfat]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FastUserSwitchingCompatibility]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fax]
"ImagePath"="%systemroot%\system32\fxssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\fbxusb]
"ImagePath"="system32\DRIVERS\fbxusb32.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fips]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Flpydisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FltMgr]
"ImagePath"="system32\drivers\fltmgr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\FontCache3.0.0.0]
"ImagePath"="c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Fs_Rec]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ftdisk]
"ImagePath"="system32\DRIVERS\ftdisk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Gpc]
"ImagePath"="system32\DRIVERS\msgpc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HDAudBus]
"ImagePath"="system32\DRIVERS\HDAudBus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\helpsvc]
"ServiceDll"="%WINDIR%\PCHealth\HelpCtr\Binaries\pchsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidServ]
"ServiceDll"="%SystemRoot%\System32\hidserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HidUsb]
"ImagePath"="system32\DRIVERS\hidusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hkmsvc]
"ServiceDll"="%SystemRoot%\System32\kmsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\hpn]
"ImagePath"="system32\DRIVERS\hpn.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HSFHWAZL]
"ImagePath"="system32\DRIVERS\HSFHWAZL.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HSF_DPV]
"ImagePath"="system32\DRIVERS\HSF_DPV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTP]
"ImagePath"="System32\Drivers\HTTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\HTTPFilter]
"ServiceDll"="%SystemRoot%\System32\w3ssl.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omgmt]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i2omp]
"ImagePath"="system32\DRIVERS\i2omp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\i8042prt]
"ImagePath"="system32\DRIVERS\i8042prt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ialm]
"ImagePath"="system32\DRIVERS\igxpmp32.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDriverT]
"ImagePath"="\"c:\program files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\idsvc]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IDSxpx86]
"ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\ipsdefs\20090810.001\IDSxpx86.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Imapi]
"ImagePath"="system32\DRIVERS\imapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ImapiService]
"ImagePath"="%systemroot%\system32\imapi.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\inetaccs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ini910u]
"ImagePath"="system32\DRIVERS\ini910u.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Inport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\int15.sys]
"ImagePath"="\??\c:\acer\Empowering Technology\eRecovery\int15.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntcAzAudAddService]
"ImagePath"="system32\drivers\RtkHDAud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IntelIde]
"ImagePath"="system32\DRIVERS\intelide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\intelppm]
"ImagePath"="system32\DRIVERS\intelppm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ip6Fw]
"ImagePath"="system32\drivers\ip6fw.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpFilterDriver]
"ImagePath"="system32\DRIVERS\ipfltdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpInIp]
"ImagePath"="system32\DRIVERS\ipinip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IpNat]
"ImagePath"="system32\DRIVERS\ipnat.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IPSec]
"ImagePath"="system32\DRIVERS\ipsec.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\IRENUM]
"ImagePath"="system32\DRIVERS\irenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ISAPISearch]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\isapnp]
"ImagePath"="system32\DRIVERS\isapnp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\JavaQuickStarterService]
"ImagePath"="\"c:\program files\Java\jre6\bin\jqs.exe\" -service -config \"c:\program files\Java\jre6\lib\deploy\jqs\jqs.conf\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Kbdclass]
"ImagePath"="system32\DRIVERS\kbdclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\kmixer]
"ImagePath"="system32\drivers\kmixer.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\KSecDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanserver]
"ServiceDll"="%SystemRoot%\System32\srvsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lanmanworkstation]
"ServiceDll"="%SystemRoot%\System32\wkssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\lbrtfdc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ldap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LicenseService]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\LmHosts]
"ServiceDll"="%SystemRoot%\System32\lmhsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MDM]
"ImagePath"="\"c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mdmxsdk]
"ImagePath"="system32\DRIVERS\mdmxsdk.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Messenger]
"ServiceDll"="%SystemRoot%\System32\msgsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmdd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mnmsrvc]
"ImagePath"="c:\windows\system32\mnmsrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Modem]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mouclass]
"ImagePath"="system32\DRIVERS\mouclass.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mouhid]
"ImagePath"="system32\DRIVERS\mouhid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MountMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mraid35x]
"ImagePath"="system32\DRIVERS\mraid35x.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxDAV]
"ImagePath"="system32\DRIVERS\mrxdav.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MRxSmb]
"ImagePath"="system32\DRIVERS\mrxsmb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC]
"ImagePath"="c:\windows\system32\msdtc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSDTC Bridge 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Msfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSIServer]
"ImagePath"="%systemroot%\system32\msiexec.exe /V"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSKSSRV]
"ImagePath"="system32\drivers\MSKSSRV.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPCLOCK]
"ImagePath"="system32\drivers\MSPCLOCK.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSPQM]
"ImagePath"="system32\drivers\MSPQM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mssmbios]
"ImagePath"="system32\DRIVERS\mssmbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MSTEE]
"ImagePath"="system32\drivers\MSTEE.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Mup]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NABTSFEC]
"ImagePath"="system32\DRIVERS\NABTSFEC.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\napagent]
"ServiceDll"="%SystemRoot%\System32\qagentrt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVENG]
"ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.003\NAVENG.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NAVEX15]
"ImagePath"="\??\c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20090818.003\NAVEX15.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDIS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisFilt]
"ImagePath"="System32\Drivers\NdisFilt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisIP]
"ImagePath"="system32\DRIVERS\NdisIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisTapi]
"ImagePath"="system32\DRIVERS\ndistapi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ndisuio]
"ImagePath"="system32\DRIVERS\ndisuio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NdisWan]
"ImagePath"="system32\DRIVERS\ndiswan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NDProxy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBIOS]
"ImagePath"="system32\DRIVERS\netbios.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetBT]
"ImagePath"="system32\DRIVERS\netbt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDE]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetDDEdsdm]
"ImagePath"="%SystemRoot%\system32\netdde.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netlogon]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Netman]
"ServiceDll"="%SystemRoot%\System32\netman.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NETMNT]
"ImagePath"="system32\DRIVERS\NETMNT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NetTcpPortSharing]
"ImagePath"="\"c:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Nla]
"ServiceDll"="%SystemRoot%\System32\mswsock.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton AntiVirus]
"ImagePath"="\"c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe\" /s \"Norton AntiVirus\" /m \"c:\program files\Norton AntiVirus\Engine\16.5.0.134\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Npfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ntfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NTIDrvr]
"ImagePath"="system32\DRIVERS\NTIDrvr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtLmSsp]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NtmsSvc]
"ServiceDll"="%SystemRoot%\system32\ntmssvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Null]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFlt]
"ImagePath"="system32\DRIVERS\nwlnkflt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\NwlnkFwd]
"ImagePath"="system32\DRIVERS\nwlnkfwd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\OsaFsLoc]
"ImagePath"="\??\c:\windows\system32\drivers\OsaFsLoc.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\osaio]
"ImagePath"="\??\c:\windows\system32\drivers\osaio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\osanbm]
"ImagePath"="\??\c:\windows\system32\drivers\osanbm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ovt530]
"ImagePath"="System32\Drivers\ov530vid.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Parport]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PartMgr]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ParVdm]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCI]
"ImagePath"="system32\DRIVERS\pci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIDump]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PCIIde]
"ImagePath"="system32\DRIVERS\pciide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Pcmcia]
"ImagePath"="system32\DRIVERS\pcmcia.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDCOMP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRELI]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PDRFRAME]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2]
"ImagePath"="system32\DRIVERS\perc2.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\perc2hib]
"ImagePath"="system32\DRIVERS\perc2hib.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfDisk]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfNet]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfOS]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PerfProc]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PID_0920]
"ImagePath"="system32\DRIVERS\LV532AV.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PlugPlay]
"ImagePath"="%SystemRoot%\system32\services.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PolicyAgent]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PptpMiniport]
"ImagePath"="system32\DRIVERS\raspptp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ProtectedStorage]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PSched]
"ImagePath"="system32\DRIVERS\psched.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ptilink]
"ImagePath"="system32\DRIVERS\ptilink.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1080]
"ImagePath"="system32\DRIVERS\ql1080.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Ql10wnt]
"ImagePath"="system32\DRIVERS\ql10wnt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql12160]
"ImagePath"="system32\DRIVERS\ql12160.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1240]
"ImagePath"="system32\DRIVERS\ql1240.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ql1280]
"ImagePath"="system32\DRIVERS\ql1280.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAcd]
"ImagePath"="system32\DRIVERS\rasacd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasAuto]
"ServiceDll"="%SystemRoot%\System32\rasauto.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rasl2tp]
"ImagePath"="system32\DRIVERS\rasl2tp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasMan]
"ServiceDll"="%SystemRoot%\System32\rasmans.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RasPppoe]
"ImagePath"="system32\DRIVERS\raspppoe.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Raspti]
"ImagePath"="system32\DRIVERS\raspti.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Rdbss]
"ImagePath"="system32\DRIVERS\rdbss.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPCDD]
"ImagePath"="System32\DRIVERS\RDPCDD.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rdpdr]
"ImagePath"="system32\DRIVERS\rdpdr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPNP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDPWD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RDSessMgr]
"ImagePath"="c:\windows\system32\sessmgr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\redbook]
"ImagePath"="system32\DRIVERS\redbook.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RegSrvc]
"ImagePath"="c:\program files\Intel\Wireless\Bin\RegSrvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RemoteAccess]
"ServiceDll"="%SystemRoot%\System32\mprdim.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\rpcapd]
"ImagePath"="\"%ProgramFiles%\WinPcap\rpcapd.exe\" -d -f \"%ProgramFiles%\WinPcap\rpcapd.ini\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcLocator]
"ImagePath"="%SystemRoot%\system32\locator.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RpcSs]
"ServiceDll"="%SystemRoot%\System32\rpcss.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RSVP]
"ImagePath"="%SystemRoot%\system32\rsvp.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\RTL8023xp]
"ImagePath"="system32\DRIVERS\Rtnicxp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s0017bus]
"ImagePath"="system32\DRIVERS\s0017bus.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s0017mdfl]
"ImagePath"="system32\DRIVERS\s0017mdfl.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s0017mdm]
"ImagePath"="system32\DRIVERS\s0017mdm.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s0017mgmt]
"ImagePath"="system32\DRIVERS\s0017mgmt.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s0017nd5]
"ImagePath"="system32\DRIVERS\s0017nd5.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s0017obex]
"ImagePath"="system32\DRIVERS\s0017obex.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s0017unic]
"ImagePath"="system32\DRIVERS\s0017unic.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\S24EventMonitor]
"ImagePath"="c:\program files\Intel\Wireless\Bin\S24EvMon.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\s24trans]
"ImagePath"="system32\DRIVERS\s24trans.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SamSs]
"ImagePath"="%SystemRoot%\system32\lsass.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SCardSvr]
"ImagePath"="%SystemRoot%\System32\SCardSvr.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Schedule]
"ServiceDll"="%SystemRoot%\system32\schedsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ScsiPort]
"ImagePath"="%SystemRoot%\system32\drivers\scsiport.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Secdrv]
"ImagePath"="system32\DRIVERS\secdrv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\seclogon]
"ServiceDll"="%SystemRoot%\System32\seclogon.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SENS]
"ServiceDll"="%SystemRoot%\system32\sens.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Serial]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceLayer]
"ImagePath"="\"c:\program files\PC Connectivity Solution\ServiceLayer.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelEndpoint 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelOperation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ServiceModelService 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sfloppy]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SharedAccess]
"ServiceDll"="%SystemRoot%\System32\ipnathlp.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ShellHWDetection]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Simbad]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sisagp]
"ImagePath"="system32\DRIVERS\sisagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SLIP]
"ImagePath"="system32\DRIVERS\SLIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SMSvcHost 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Sparrow]
"ImagePath"="system32\DRIVERS\sparrow.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\splitter]
"ImagePath"="system32\drivers\splitter.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Spooler]
"ImagePath"="%SystemRoot%\system32\spoolsv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sr]
"ImagePath"="system32\DRIVERS\sr.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\srservice]
"ServiceDll"="%SystemRoot%\system32\srsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SRTSP]
"ImagePath"="\??\c:\windows\system32\drivers\NAV\1005000.086\SRTSP.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SRTSPX]
"ImagePath"="\??\c:\windows\system32\drivers\NAV\1005000.086\SRTSPX.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Srv]
"ImagePath"="system32\DRIVERS\srv.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SSDPSRV]
"ServiceDll"="%SystemRoot%\System32\ssdpsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\stisvc]
"ServiceDll"="%SystemRoot%\system32\wiaservc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\streamip]
"ImagePath"="system32\DRIVERS\StreamIP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swenum]
"ImagePath"="system32\DRIVERS\swenum.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swmidi]
"ImagePath"="system32\drivers\swmidi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SwPrv]
"ImagePath"="c:\windows\system32\dllhost.exe /Processid:{6A122898-AD7D-4856-A3C0-28FE569EA0DD}"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\swwd]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc810]
"ImagePath"="system32\DRIVERS\symc810.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\symc8xx]
"ImagePath"="system32\DRIVERS\symc8xx.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymEFA]
"ImagePath"="system32\drivers\NAV\1005000.086\SYMEFA.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymEvent]
"ImagePath"="\??\c:\windows\system32\Drivers\SYMEVENT.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMFW]
"ImagePath"="\??\c:\windows\system32\drivers\NAV\1005000.086\SYMFW.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMIDS]
"ImagePath"="\??\c:\windows\system32\drivers\NAV\1005000.086\SYMIDS.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymIM]
"ImagePath"="system32\DRIVERS\SymIM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SymIMMP]
"ImagePath"="system32\DRIVERS\SymIM.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMNDIS]
"ImagePath"="\??\c:\windows\system32\drivers\NAV\1005000.086\SYMNDIS.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SYMTDI]
"ImagePath"="\??\c:\windows\system32\drivers\NAV\1005000.086\SYMTDI.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_hi]
"ImagePath"="system32\DRIVERS\sym_hi.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sym_u3]
"ImagePath"="system32\DRIVERS\sym_u3.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SynTP]
"ImagePath"="system32\DRIVERS\SynTP.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\sysaudio]
"ImagePath"="system32\drivers\sysaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\SysmonLog]
"ImagePath"="%SystemRoot%\system32\smlogsvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TapiSrv]
"ServiceDll"="%SystemRoot%\System32\tapisrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip]
"ImagePath"="system32\DRIVERS\tcpip.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDPIPE]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TDTCP]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermDD]
"ImagePath"="system32\DRIVERS\termdd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TermService]
"ServiceDll"="%SystemRoot%\System32\termsrv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Themes]
"ServiceDll"="%SystemRoot%\System32\shsvcs.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TosIde]
"ImagePath"="system32\DRIVERS\toside.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TrkWks]
"ServiceDll"="%SystemRoot%\system32\trkwks.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\TSDDD]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UBHelper]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Udfs]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ultra]
"ImagePath"="system32\DRIVERS\ultra.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Update]
"ImagePath"="system32\DRIVERS\update.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\upnphost]
"ServiceDll"="%SystemRoot%\System32\upnphost.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\UPS]
"ImagePath"="%SystemRoot%\System32\ups.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbaudio]
"ImagePath"="system32\drivers\usbaudio.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbccgp]
"ImagePath"="system32\DRIVERS\usbccgp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbehci]
"ImagePath"="system32\DRIVERS\usbehci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbhub]
"ImagePath"="system32\DRIVERS\usbhub.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbprint]
"ImagePath"="system32\DRIVERS\usbprint.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbscan]
"ImagePath"="system32\DRIVERS\usbscan.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\USBSTOR]
"ImagePath"="system32\DRIVERS\USBSTOR.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\usbuhci]
"ImagePath"="system32\DRIVERS\usbuhci.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VgaSave]
"ImagePath"="\SystemRoot\System32\drivers\vga.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\viaagp]
"ImagePath"="system32\DRIVERS\viaagp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\ViaIde]
"ImagePath"="system32\DRIVERS\viaide.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VolSnap]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\VSS]
"ImagePath"="%SystemRoot%\System32\vssvc.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\w29n51]
"ImagePath"="system32\DRIVERS\w29n51.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W32Time]
"ServiceDll"="%systemroot%\system32\w32time.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\W3SVC]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wanarp]
"ImagePath"="system32\DRIVERS\wanarp.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WDICA]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wdmaud]
"ImagePath"="system32\drivers\wdmaud.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WebClient]
"ServiceDll"="%SystemRoot%\System32\webclnt.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winachsf]
"ImagePath"="system32\DRIVERS\HSF_CNXT.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinDefend]
"ImagePath"="\"c:\program files\Windows Defender\MsMpEng.exe\""

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Windows Workflow Foundation 3.0.0.0]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\winmgmt]
"ServiceDll"="%SystemRoot%\system32\wbem\WMIsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Winsock]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinSock2]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WinTrust]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmdmPmSN]
"ServiceDll"="c:\windows\system32\MsPMSNSv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Wmi]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApRpl]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WmiApSrv]
"ImagePath"="c:\windows\system32\wbem\wmiapsrv.exe"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WpdUsb]
"ImagePath"="system32\DRIVERS\wpdusb.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WS2IFSL]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wscsvc]
"ServiceDll"="%SYSTEMROOT%\system32\wscsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WSTCODEC]
"ImagePath"="system32\DRIVERS\WSTCODEC.SYS"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\wuauserv]
"ServiceDll"="c:\windows\system32\wuauserv.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfPf]
"ImagePath"="system32\DRIVERS\WudfPf.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfRd]
"ImagePath"="system32\DRIVERS\wudfrd.sys"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Servi

La suite (ça ne rentrait pas dans un post):

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WudfSvc]
"ServiceDll"="%SystemRoot%\System32\WUDFSvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\WZCSVC]
"ServiceDll"="%SystemRoot%\System32\wzcsvc.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\xmlprov]
"ServiceDll"="%SystemRoot%\System32\xmlprov.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{99215581-0698-4F2E-9968-393224790D6A}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{A9F0A966-0F3B-4755-BE8E-D827ACB3DC60}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{C69BEACD-3C23-42D1-8DB5-1AD1565497FD}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{DA4656F9-6F62-423D-BF21-158513710614}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{E43D6701-8194-49A5-BD12-7E76468CD738}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{E799E40C-FD6C-451C-BF4D-92CB22009370}]

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\{EFCACC95-E353-4E43-93DC-47A226A05214}]
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1208)
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2256)
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\windows\system32\eappprxy.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression 5\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\acer\Empowering Technology\admServ.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Fichiers communs\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
c:\windows\system32\wscntfy.exe
c:\program files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe
.
**************************************************************************
.
Completion time: 2009-08-18 22:58 - machine was rebooted
ComboFix-quarantined-files.txt 2009-08-18 20:58

Pre-Run: 8 019 443 712 octets libres
Post-Run: 8 059 912 192 octets libres

865 --- E O F --- 2009-08-16 23:05

hello


Imprime ces instructions car il faudra fermer toutes les fenêtres et applications lors de l'installation et de l'analyse.



▶ Télécharge :

Malwarebytes

ou :

Malwarebytes

▶ Installe le ( choisis bien "francais" ; ne modifie pas les paramètres d'installe ) et mets le à jour .

(NB : Si tu as un message d'erreur t'indiquant qu'il te manque "COMCTL32.OCX" lors de l'installe, alors télécharge le ici : COMCTL32.OCX

▶ Potasses le Tuto pour te familiariser avec le prg :


( cela dit, il est très simple d'utilisation ).

relance malwarebytes en suivant scrupuleusement ces consignes :

! Déconnecte toi et ferme toutes applications en cours !

▶ Lance Malwarebyte's .

Fais un examen dit "Complet" .

▶ Laisse le programme travailler ( et ne rien faire d'autre avec le PC durant le scan ).
▶ à la fin tu cliques sur "résultat" .
▶ Vérifie que tous les objets infectés soient validés, puis clique sur " suppression " .

▶ Note : si il faut redémarrer ton PC pour finir le nettoyage, fais le !


▶ Poste le rapport sauvegardé après la suppression des objets infectés (dans l'onglet "rapport/log"de Malwarebytes, le dernier en date)

Bonjour,

Voici le rapport du scan qui a pris de longues heures à se faire!

Malwarebytes' Anti-Malware 1.40
Version de la base de données: 2653
Windows 5.1.2600 Service Pack 3

19/08/2009 16:44:03
mbam-log-2009-08-19 (16-44-03).txt

Type de recherche: Examen complet (C:\|D:\|)
Eléments examinés: 170449
Temps écoulé: 4 hour(s), 10 minute(s), 3 second(s)

Processus mémoire infecté(s): 0
Module(s) mémoire infecté(s): 0
Clé(s) du Registre infectée(s): 0
Valeur(s) du Registre infectée(s): 0
Elément(s) de données du Registre infecté(s): 0
Dossier(s) infecté(s): 0
Fichier(s) infecté(s): 0

Processus mémoire infecté(s):
(Aucun élément nuisible détecté)

Module(s) mémoire infecté(s):
(Aucun élément nuisible détecté)

Clé(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Valeur(s) du Registre infectée(s):
(Aucun élément nuisible détecté)

Elément(s) de données du Registre infecté(s):
(Aucun élément nuisible détecté)

Dossier(s) infecté(s):
(Aucun élément nuisible détecté)

Fichier(s) infecté(s):
(Aucun élément nuisible détecté)

A la fin, il m'a dit que tout était ok.
Merci par avance.

tu n'as plus les soucis du depart ?

Bonjour,

Alors, petit bilan:

- il met toujours 10 minutes à s'allumer
- system représente toujours entre 50 et 70% du processeur
- l'UC est toujours à 100%

En revanche:

- le clavier remarche
- le PC s'éteint rapidement

Y'a t-il autre chose à faire? Pour l'UC surtout?

Merci par avance et merci déjà pour ton aide.

JE rectifie ,le clavier est tjs aussi lent...

supprime ListéKill'em , retelecharge-le et refais l'option 1 stp

Bonjour

Voici:
List'em by g3n-h@ckm@n 1.0.2.6

updated on 20.08.2009 ::::: 00.30


Microsoft Windows XP [version 5.1.2600]


21/08/2009 9:56:14,60


Infections :
==========


¤¤¤¤¤¤¤¤¤¤ Fichiers et dossiers presents :

"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat"
"C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat"

¤¤¤¤¤¤¤¤¤¤ Clés de registre Presentes :


¤¤¤¤¤¤¤¤¤¤ C:\WINDOWS\Prefetch :

REG.EXE-07FA5B3F.pf
NOTEPAD.EXE-2F2D61E1.pf
FIREFOX.EXE-06188867.pf
JQSNOTIFY.EXE-359F83C5.pf
WUAUCLT.EXE-1360D60A.pf
EXPLORER.EXE-02121B1A.pf
OTL.EXE-1140FF94.pf
NOTEPAD.EXE-2DAE2DE6.pf
SCRNSAVE.SCR-22431769.pf
DEFRAG.EXE-2858C7E2.pf
DFRGFAT.EXE-22605FE5.pf
WINRAR.EXE-0AA31BB9.pf
VERCLSID.EXE-28F52AD2.pf
ZEB-RESTORE.EXE-003FC0F3.pf
REGEDIT.EXE-2AE3423E.pf
LOGONUI.EXE-312BE1BF.pf
SVCHOST.EXE-2D5FBD18.pf
ADMSERV.EXE-098B4307.pf
JQS.EXE-31B60334.pf
MDM.EXE-1C8F90CC.pf
CCSVCHST.EXE-344824DF.pf
REGSRVC.EXE-1A4FEDDE.pf
CCSVCHST.EXE-344824DE.pf
WSCNTFY.EXE-0B14C27D.pf
WMIPRVSE.EXE-0D449B4F.pf
QTTASK.EXE-1876A1A1.pf
EPM-DM.EXE-3472C0E6.pf
SYNTPENH.EXE-2B70B91C.pf
TINTSETP.EXE-2DD83AEF.pf
IGFXPERS.EXE-19DA7B04.pf
WMIAPSRV.EXE-02740A4B.pf
IMSCINST.EXE-2B626103.pf
PCMSERVICE.EXE-384B5F7A.pf
ALAUNCH.EXE-145B15F4.pf
IMJPMIG.EXE-32ABEE9A.pf
IGFXTRAY.EXE-0A23D403.pf
HKCMD.EXE-0F06AE14.pf
MONITOR.EXE-0693E15D.pf
ALG.EXE-275708CF.pf
E_FATIBVE.EXE-3116AFAD.pf
EDSLOADER.EXE-2A914953.pf
ADMTRAY.EXE-261081D2.pf
IGFXSRVC.EXE-1D88F978.pf
IMAPI.EXE-201490BB.pf
ACER EPOWER MANAGEMENT.EXE-269102ED.pf
REGSVR32.EXE-396DEA2C.pf
CTFMON.EXE-05E57A5E.pf
DWTRIG20.EXE-1F73F0CD.pf
CLTLMH.EXE-27C5E000.pf
FOIENUM.EXE-256ECF41.pf
SYKNLU.EXE-3824A9F2.pf
HELPSVC.EXE-1C192440.pf
ACRORD32INFO.EXE-10255AA7.pf
CONTROL.EXE-24FBF8B3.pf
RUNDLL32.EXE-419F288A.pf
RUNDLL32.EXE-3D479208.pf
LSM.EXE-00866257.pf
N.PIF-2ACDD654.pf
HIDEC.EXE-110154A1.pf
VIRGINIE.EXE.EXE-3AC45946.pf
SWREG.EXE-20DD5B9B.pf
SWXCACLS.CFEXE-2F0993CC.pf
GRPCONV.EXE-375690AD.pf
RUNONCE.EXE-01CA3A2F.pf
RUNDLL32.EXE-4853FA67.pf
GSAR.CFEXE-093F9079.pf
NIRCMD.CFEXE-3A4B1D21.pf
PEV.EXE-0AB51BE4.pf
PV.EXE-00B0D7A9.pf
PVB31C~1.CFE-07658C55.pf
GREP.CFEXE-2C6C0099.pf
SED.CFEXE-3B25863A.pf
CMD.EXECF-04239AFE.pf
NIRCMDB.EXE-1464644A.pf
PEV.CFEXE-380B7C23.pf
CHCP.COM-17EDBDC9.pf
ATTRIB.EXE-15ACDFFE.pf
CSCRIPT.EXE-0A13A05C.pf
GREP.CFEXE-0FFD1A61.pf
PVB31C~1.CFE-2F2C81BE.pf
CF14520.EXE-1EEC4AEF.pf
NIRCMD.CFEXE-23AD8949.pf
NIRCMDC.CFEXE-0AB9DEFE.pf
SWREG.EXE-30E0D4F7.pf
SED.CFEXE-04194ADA.pf
ATTRIB.CFEXE-2A47B470.pf
PEV.CFEXE-00FF40C3.pf
HIDEC.EXE-260AE6BF.pf
PING.EXE-30F9CA9D.pf
SWREG.CFEXE-0220DC68.pf
Layout.ini
SORT.EXE-19728AC5.pf
COMBOFIX-DOWNLOAD.CFEXE-27D4E926.pf
SWSC.CFEXE-0FFC30CF.pf
GSAR.CFEXE-25AE76B1.pf
NTOSBOOT-B00DFAAD.pf
PEV.EXE-3A6913E5.pf
REGT.CFEXE-059447D6.pf
SETPATH.CFEXE-38CDA014.pf
SED.EXE-1EFB2ADD.pf
GREP.EXE-1C6A2624.pf
NIRCMDB.EXE-01B46C48.pf
PV.CFEXE-15474620.pf
NIRCMD.EXE-3789D3CC.pf
SPOOLSV.EXE-3A613CE3.pf
FINDSTR.CFEXE-02D238A5.pf
SWXCACLS.CFEXE-36901137.pf
CMD.EXE-034B0549.pf
CATCHME.TMP-2707257B.pf
WGATRAY.EXE-350D4455.pf
RUNDLL32.EXE-4D5D6CC3.pf
IPCONFIG.EXE-05D7908C.pf
DUMPHIVE.CFEXE-12F8CFEC.pf
ERUNT.CFEXE-2D6D9B40.pf
CATCHME.CFEXE-090EA070.pf
MTEE.CFEXE-03D571F5.pf
HANDLE.CFEXE-1CF0C09A.pf
TASKMGR.EXE-06144C13.pf
HELPER.EXE-0324EC74.pf
S24EVMON.EXE-2EB33684.pf
MBAM-SETUP.EXE-27CAD62D.pf
MBAM-SETUP.TMP-2C6C1BD1.pf
MBAMGUI.EXE-17BFFE8F.pf
MBAM.EXE-0D37CDF0.pf
LIST_KILLEM.EXE-2B96FA7F.pf
MODE.COM-318FFE37.pf




¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤( EOF )¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤¤