Infection multiple trojan, impossible à enlev

crouchinou 3Messages postés 21 janvier 2008Date d'inscription - Dernière réponse le 25 janv. 2008 à 00:06

Bonjour,
MOn ordi est infecté par divers trojans que je supprime avec mon antivirus et qui réapparaissent sans arrêt. Mon ordi rame à mort je ne sais plus quoi faire. Voilà le rapport hijack : Merci d'avance pour votre aide
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16:07:06, on 21/01/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\SYSTEM32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\windows\system\hpsysdrv.exe
C:\HP\KBD\KBD.EXE
C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\AGRSMMSG.exe
C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Logitech\Video\LogiTray.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE
C:\WINDOWS\system32\LVComS.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe
C:\Program Files\HP\HP Software Update\HPWuSchd.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\services.exe
C:\WINDOWS\mrofinu1148.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\snrb6.exe
C:\Program Files\Dot1XCfg\Dot1XCfg.exe
C:\Program Files\Words\Words.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WLLoginProxy.exe
c:\tuwwp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/...
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://ie.redirect.hp.com/...
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/...
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: e404 helper - {F10587E9-0E47-4CBE-84AE-7DD20B8684CC} - C:\Program Files\Helper\superfindout.dll
O2 - BHO: Microsoft copyright - {FFFFFFFF-F538-4f86-ABAF-E9D94D5C007C} - socketa.dll (file missing)
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
O4 - HKLM\..\Run: [hpsysdrv] c:\windows\system\hpsysdrv.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [KBD] C:\HP\KBD\KBD.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\FICHIE~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Fichiers communs\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [AGRSMMSG] AGRSMMSG.exe
O4 - HKLM\..\Run: [PS2] C:\WINDOWS\system32\ps2.exe
O4 - HKLM\..\Run: [AlcxMonitor] ALCXMNTR.EXE
O4 - HKLM\..\Run: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [BDSwitchAgent] "C:\progra~1\softwin\bitdef~1\bdswitch.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Fichiers communs\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus D78 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBGE.EXE /FU "C:\WINDOWS\TEMP\E_SB2.tmp" /EF "HKLM"
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\HP\HP Software Update\HPWuSchd.exe"
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [DXDllRegExe] dxdllreg.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [Flash Player2] C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\services.exe
O4 - HKLM\..\Run: [runner1] C:\WINDOWS\mrofinu1148.exe 61A847B5BBF72813339F30466188719AB689201522886B092CBD44BD8689220221DD3257
O4 - HKLM\..\Run: [Winupdates] snrb6.exe
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Dot1XCfg] C:\Program Files\Dot1XCfg\Dot1XCfg.exe
O4 - HKCU\..\Run: [Words] C:\Program Files\Words\Words.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: Lancement rapide d'Adobe Reader.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: Add to AMV Convert Tool... - C:\Program Files\MP3 Player Utilities 3.70\AMVConverter\grab.html
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: MediaManager tool grab multimedia file - C:\Program Files\MP3 Player Utilities 3.70\MediaManager\grab.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\j2re1.4.2_03\bin\npjpi142_03.dll
O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {2357B3CF-7F8D-4451-8D81-FD6097610AEE} (CamfrogWEB Advanced Unicode Control) - http://activex.camfrogweb.com/...
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zone.msn.com/binary/MineSweeper.cab31267.cab
O16 - DPF: {42E1F024-ECC3-456F-B98A-4CE5ACDBF25C} (ActiveFormX Contrôle) - http://selfcare.cegetel.net/templates/static/ocx/AFAutoConfig.ocx
O16 - DPF: {867E13F2-7F31-44FB-AC97-CD38E0DC46EF} (HardwareDetection Control) - http://fichiers.touslesdrivers.com/...
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMessengerSetupDownloader.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zone.msn.com/binary/ZIntro.cab32846.cab
O16 - DPF: {E6187999-9FEC-46A1-A20F-F4CA977D5643} (ZoneChess Object) - http://messenger.zone.msn.com/binary/Chess.cab31267.cab
O16 - DPF: {F6BF0D00-0B2A-4A75-BF7B-F385591623AF} (Solitaire Showdown Class) - http://messenger.zone.msn.com/binary/SolitaireShowdown.cab31267.cab
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: MSCSPTISRV - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\MSCSPTISRV.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Program Files\Fichiers communs\Sony Shared\AVLib\SPTISRV.exe
O23 - Service: SymWMI Service (SymWSC) - Symantec Corporation - c:\Program Files\Fichiers communs\Symantec Shared\Security Center\SymWSC.exe

Infection multiple trojan, impossible à enlev »

Suggestions

Infection multiple trojan, impossible à enlev
[virus] infections multiples trojans (Résolu) » Forum
Infecté multiples trojans !! » Forum
[virus] infecté par trojans multiples (Résolu) » Forum
Je suis infecté par de multiples TROJAN (Résolu) » Forum
Trojan multiples qui ne s enleve pas!!!! » Forum

Plus

Réponse

g!rly 18216Messages postés 17 août 2007Date d'inscription 17 mai 2012Dernière intervention 21 janv. 2008 à 16:53

salut crouchinou,

on va proceder comme ceci :

passe ces fix dans l´ordre et post les rapports :

1
Téléchargez MSNFix.zip (de !aur3n7) sur votre bureau:
http://sosvirus.changelog.fr/MSNFix.zip
Décompressez-le (clic droit >> Extraire ici) et double cliquer sur le fichier MSNFix.bat.
- Exécutez l'option R.
-- Si l'infection est détectée, un message l'indiquera et il suffira de presser une touche pour lancer le nettoyage

Note :
Si une erreur de suppression est détectée un message s'affichera demandant de redémarrer l'ordinateur afin de terminer les opérations. Dans ce cas il suffit de redémarrer l'ordinateur en mode normal

- Le rapport sera enregistré dans le même dossier que MSNFix sous forme date_heure.txt

2
Télécharge SDFix (créé par AndyManchesta) et sauvegarde le sur ton Bureau.
http://downloads.andymanchesta.com/RemovalTools/SDFix.exe
Double clique sur SDFix.exe et choisis Install pour l'extraire dans un dossier dédié sur le Bureau. Redémarre ton ordinateur en mode sans échec en suivant la procédure que voici :
• Redémarre ton ordinateur
• Après avoir entendu l'ordinateur biper lors du démarrage, mais avant que l'icône Windows apparaisse, tapote la touche F8 (une pression par seconde).
• A la place du chargement normal de Windows, un menu avec différentes options devrait apparaître.
• Choisis la première option, pour exécuter Windows en mode sans échec, puis appuie sur "Entrée".
• Choisis ton compte.
Déroule la liste des instructions ci-dessous :
• Ouvre le dossier SDFix qui vient d'être créé dans le répertoire C:\ et double clique sur RunThis.bat pour lancer le script.
• Appuie sur Y pour commencer le processus de nettoyage.
• Il va supprimer les services et les entrées du Registre de certains trojans trouvés puis te demandera d'appuyer sur une touche pour redémarrer.
• Appuie sur une touche pour redémarrer le PC.
• Ton système sera plus long pour redémarrer qu'à l'accoutumée car l'outil va continuer à s'exécuter et supprimer des fichiers.
• Après le chargement du Bureau, l'outil terminera son travail et affichera Finished.
• Appuie sur une touche pour finir l'exécution du script et charger les icônes de ton Bureau.
• Les icônes du Bureau affichées, le rapport SDFix s'ouvrira à l'écran et s'enregistrera aussi dans le dossier SDFix sous le nom Report.txt.
• Enfin, copie/colle le contenu du fichier Report.txt dans ta prochaine réponse sur le forum

3
Télécharge combofix.exe (par sUBs) sur ton Bureau.

-> http://download.bleepingcomputer.com/sUBs/ComboFix.exe

-> Double clique combofix.exe.
-> Tape sur la touche 1 (Yes) pour démarrer le scan.
-> Lorsque le scan sera complété, un rapport apparaîtra. Copie/colle ce rapport dans ta prochaine réponse.

NOTE : Le rapport se trouve également ici : C:\Combofix.txt

et repost egalement un hijack this dans ta réponse

bon courrage

@+

Ajouter un commentaire - Site web

Réponse

crouchinou 3Messages postés 21 janvier 2008Date d'inscription 24 janv. 2008 à 23:26

Salut g!rly, alors avant tout merci pour tout, désolée pour le retard. Voici les rapports :

Rapport msnfix :
MSNFix 1.639-2

C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\MSNFix
Fix exécuté le 21/01/2008 - 17:16:37,32 By Compaq_Propri‚taire
mode normal

************************ Recherche les fichiers présents

... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
... C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\*.dmp
... C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\services.exe
... C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\services.exe
... C:\Documents and Settings\Compaq_Propri‚taire\??????.exe
... C:\WINDOWS\b???.exe
... C:\WINDOWS\b122.exe
... C:\WINDOWS\mrofinu*.exe
... C:\WINDOWS\mrofinu*.exe.tmp

************************ Recherche les dossiers présents

... C:\Program Files\Dot1XCfg\
... C:\Program Files\InetGet2\
... C:\Program Files\Temporary\

************************ Suppression des fichiers

.. OK ... C:\Program Files\Dot1XCfg\Dot1XCfg.exe
.. OK ... C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\*.dmp
/!\ ... C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\services.exe
/!\ ... C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\Compaq_Propri‚taire\??????.exe
.. OK ... C:\WINDOWS\b???.exe
.. OK ... C:\WINDOWS\b122.exe
/!\ ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp

************************ Suppression des dossiers

.. OK ... C:\Program Files\Dot1XCfg\
/!\ ... C:\Program Files\InetGet2\
/!\ ... C:\Program Files\Temporary\

************************ Nettoyage du registre

Les fichiers encore présents seront supprimés au prochain redémarrage

************************ Suppression des fichiers

.. OK ... C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\services.exe
.. OK ... C:\DOCUME~1\COMPAQ~1\LOCALS~1\Temp\services.exe
.. OK ... C:\Documents and Settings\Compaq_Propri‚taire\??????.exe
.. OK ... C:\WINDOWS\17PHolmes1148.exe
.. OK ... C:\WINDOWS\mrofinu*.exe
.. OK ... C:\WINDOWS\mrofinu*.exe.tmp

************************ Fichiers suspects

Aucun Fichier trouvé

Les fichiers et clés de registre supprimés ont été sauvegardés dans le fichier 21012008_17245890.zip

------------------------------------------------------------------------
Auteur : !aur3n7 Contact: http://changelog.fr
------------------------------------------------------------------------

--------------------------------------------- END ---------------------------------------------

Rapport SDfix :

SDFix: Version 1.129

Run by Administrateur on 21/01/2008 at 17:35

Microsoft Windows XP [version 5.1.2600]

Running From: C:\SDFix

Safe Mode:
Checking Services:

Name:
ldrsvc
runtime
smtpdrv

Path:
%SystemRoot%\System32\svchost.exe -k netsvcs
\??\C:\WINDOWS\System32\drivers\runtime.sys
System32\DRIVERS\smtpdrv.sys

ldrsvc - Deleted
runtime - Deleted
smtpdrv - Deleted

Infected ip6fw.sys Found!

ip6fw.sys File Locations:

"C:\WINDOWS\system32\dllcache\ip6fw.sys" 29056 05/08/2004 04:00
"C:\WINDOWS\system32\drivers\ip6fw.sys" 29056 05/08/2004 04:00

Infected File Listed Below:

C:\WINDOWS\system32\drivers\ip6fw.sys

File copied to Backups Folder
Attempting to replace ip6fw.sys with original version...

Original ip6fw.sys Restored

Restoring Windows Registry Values
Restoring Windows Default Hosts File

Rebooting...

Normal Mode:
Checking Files:

Trojan Files Found:

C:\-58935~1 - Deleted
C:\Program Files\Helper\superfindout.dll - Deleted
C:\Program Files\InetGet2\YazzleBundle-1560.exe - Deleted
C:\Program Files\Temporary\kernInst.exe - Deleted
C:\Program Files\Words\list.txt - Deleted
C:\Program Files\Words\script.txt - Deleted
C:\Program Files\Words\UnInstall.exe - Deleted
C:\Program Files\Words\Words.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinAdmin.exe - Deleted
C:\Program Files\Fichiers communs\Yazzle1560OinUninstaller.exe - Deleted
C:\WINDOWS\system32\*_exception.nls - Deleted
C:\WINDOWS\system32\adult.txt - Deleted
C:\WINDOWS\system32\finance.txt - Deleted
C:\WINDOWS\system32\lt.res - Deleted
C:\WINDOWS\system32\msvcrtd.exe - Deleted
C:\WINDOWS\system32\other.txt - Deleted
C:\WINDOWS\system32\pharma.txt - Deleted
C:\WINDOWS\system32\sft.res - Deleted

Folder C:\Program Files\Helper - Removed
Folder C:\Program Files\InetGet2 - Removed
Folder C:\Program Files\Temporary - Removed
Folder C:\Program Files\Words - Removed

Removing Temp Files...

ADS Check:

C:\WINDOWS
No streams found.

C:\WINDOWS\system32
No streams found.

C:\WINDOWS\system32\svchost.exe
No streams found.

C:\WINDOWS\system32\ntoskrnl.exe
No streams found.

Final Check:

catchme 0.3.1344.2 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-21 17:47:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden services & system hive ...

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{9CA5E0D1-9B30-4DBA-B77D-8766937F359C}\Ndi]
"ClsID"="{57C06EAA-8784-11D0-83D4-00A0C911E5DF}"
"Service"="LanmanWorkstation"
"CoServices"=str(7):"LanmanWorkstation\0Alerter\0Browser\0Netlogon\0Messenger\0NtLmSsp\0RpcLocator\0"
"ExcludeSetupStartServices"=str(7):"Alerter\0Browser\0Netlogon\0Messenger\0NtLmSsp\0RpcLocator\0"
"HelpText"="@netcfgx.dll,-50002"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{9CA5E0D1-9B30-4DBA-B77D-8766937F359C}\Ndi\Interfaces]
"UpperRange"="winnet5"
"LowerRange"="netbios,netbios_smb"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{E070D3C4-01F7-46B2-8232-451EB525C6FC}\Ndi]
"Service"="WebClient"
"CoServices"=str(7):"WebClient\0MRxDAV\0"
"HelpText"="Le service WebClient permet \xe0 des applications Win32 d'acc\x00e9der \xe0 des documents sur Internet."
"ExcludeSetupStartServices"=str(7):"MRxDAV\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{E070D3C4-01F7-46B2-8232-451EB525C6FC}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{02CE6097-C2C1-4FCE-9BAE-7E46EB7C5A2E}\Ndi]
"ClsID"="{6e65cbc1-926d-11d0-8e27-00c04fc99dcf}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{02CE6097-C2C1-4FCE-9BAE-7E46EB7C5A2E}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{03E034CB-4063-4319-A913-51A9661E5B04}\Ndi]
"Service"="RSVP"
"HelpText"="Le protocole RSVP est utilis\xe9 pour fournir une bande passante r\xe9serv\x00e9e sur le r\xe9seau."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{03E034CB-4063-4319-A913-51A9661E5B04}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0C3307DB-CF3E-4C98-9E23-C4612F6F76BB}\Ndi]
"Service"="wzcsvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0C3307DB-CF3E-4C98-9E23-C4612F6F76BB}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0EA2E77E-A594-460F-A43F-81C3872186DE}\Ndi]
"Service"="Gpc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0EA2E77E-A594-460F-A43F-81C3872186DE}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{17AC437F-B513-46B7-A687-6E90EF07EAEF}\Ndi]
"Service"="NetBIOS"
"CoServices"=str(7):"NetBIOS\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{17AC437F-B513-46B7-A687-6E90EF07EAEF}\Ndi\Interfaces]
"UpperRange"="winnet5"
"LowerRange"="netbios"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{24C8386D-BAF1-442C-8AD0-F3BE2529831D}\Ndi]
"ClsID"="{7F368827-9516-11d0-83D9-00A0C911E5DF}"
"Service"="LanmanServer"
"CoServices"=str(7):"LanmanServer\0Browser\0Srv\0"
"ExcludeSetupStartServices"=str(7):"LanmanServer\0Browser\0Srv\0"
"HelpText"="@netcfgx.dll,-50003"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{24C8386D-BAF1-442C-8AD0-F3BE2529831D}\Ndi\Interfaces]
"UpperRange"="winnet5"
"LowerRange"="netbios,ipx,netbios_smb"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{5B14B650-A2B4-4A03-8070-F9FCB761C4A1}\Ndi]
"ClsID"="{6e65cbc5-926d-11d0-8e27-00c04fc99dcf}"
"Service"="RemoteAccess"
"CoServices"=str(7):"RemoteAccess\0"
"ExcludeSetupStartServices"=str(7):"RemoteAccess\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{5B14B650-A2B4-4A03-8070-F9FCB761C4A1}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{5F38634A-B890-4D1D-A87F-E70EFE297079}\Ndi]
"ClsID"="{6e65cbc0-926d-11d0-8e27-00c04fc99dcf}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{5F38634A-B890-4D1D-A87F-E70EFE297079}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{BBBBD3C2-0566-41E5-BEF7-962D6EA229A7}\Ndi]
"HelpText"="@netcfgx.dll,-50015"
"FilterClass"="scheduler"
"FilterDeviceInfId"="ms_pschedmp"
"Service"="PSched"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{BBBBD3C2-0566-41E5-BEF7-962D6EA229A7}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
"LowerExclude"="ndisatm, ndiscowan, ndiswan, ndiswanasync, ndiswanipx, ndiswannbf"
"FilterMediaTypes"="ethernet, tokenring, fddi, wan"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CFA2E21E-DB28-46FE-B961-678EAC269444}\Ndi]
"Service"="ALG"
"CoServices"=str(7):"ALG\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CFA2E21E-DB28-46FE-B961-678EAC269444}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{FB9774F8-E71F-4E78-BE80-C3F1BB58D987}\Ndi]
"Service"="RasMan"
"CoServices"=str(7):"RasAcd\0RasAuto\0"
"ExcludeSetupStartServices"=str(7):"RasAcd\0RasAuto\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{FB9774F8-E71F-4E78-BE80-C3F1BB58D987}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{174DC2CA-8648-4B53-AEAA-A4098C150B27}\Ndi]
"BindForm"="NetbiosSmb"
"HelpText"="Un protocole associ\xe9 \xe0 la couche TCP/IP qui maintient les limites de messages. Cette instance du protocole est pr\xe9vue pour \xeatre utilis\x00e9e par le protocole de partage de fichiers."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{174DC2CA-8648-4B53-AEAA-A4098C150B27}\Ndi\Interfaces]
"UpperRange"="netbios_smb"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{37F8B364-7131-44A6-926D-257944FDF4DE}\Ndi]
"ClsId"="{A907657F-6FDF-11D0-8EFB-00C04FD912B2}"
"HelpText"="@netcfgx.dll,-50001"
"Service"="Tcpip"
"CoServices"=str(7):"Tcpip\0Netbt\0Lmhosts\0Dhcp\0Dnscache\0PolicyAgent\0Nla\0"
"ExcludeSetupStartServices"=str(7):"PolicyAgent\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{37F8B364-7131-44A6-926D-257944FDF4DE}\Ndi\Interfaces]
"UpperRange"="tdi"
"LowerRange"="ndis4,ndis5,ndisatm,ndiswanip,ndis5_ip,ndis1394"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{6211F234-FDAC-4F73-BFCD-2B099199BA10}\Ndi]
"Service"="NetBT"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{6211F234-FDAC-4F73-BFCD-2B099199BA10}\Ndi\Interfaces]
"UpperRange"="netbios"
"LowerRange"="tdi"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{71429ACF-63F4-4102-B243-6C5A60B2234D}\Ndi]
"ClsID"="{6e65cbc3-926d-11d0-8e27-00c04fc99dcf}"
"Service"="NdisWan"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{71429ACF-63F4-4102-B243-6C5A60B2234D}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="ndisatm,ndiscowan,ndiswan,ndiswanasync"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{B19BDF4E-19C7-45FF-BE35-2B48265480E4}\Ndi]
"ClsID"="{6e65cbc6-926d-11d0-8e27-00c04fc99dcf}"
"HelpText"="Vous permet de vous connecter en toute s\x00e9curit\xe9 \xe0 un r\xe9seau priv\xe9 en utilisant Internet."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{B19BDF4E-19C7-45FF-BE35-2B48265480E4}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{C555C1FC-B606-4799-B4E3-320E8B65DDDB}\Ndi]
"ClsID"="{6e65cbc4-926d-11d0-8e27-00c04fc99dcf}"
"HelpText"="Vous permet de vous connecter en toute s\x00e9curit\xe9 \xe0 un r\xe9seau priv\xe9 en utilisant Internet."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{C555C1FC-B606-4799-B4E3-320E8B65DDDB}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{F535BC93-3BE3-44FC-ADAC-A2C432887F8E}\Ndi]
"Service"="Ndisuio"
"HelpText"="Un pilote pour prendre en charge le mode utilisateur E/S sur les p\xe9riph\xe9riques NDIS"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{F535BC93-3BE3-44FC-ADAC-A2C432887F8E}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="ndis5,ndis4,ndis5_uio"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{FF08937F-ED7D-4F1A-A8C9-43C018A2F576}\Ndi]
"ClsID"="{e949da38-c39d-4460-8ea7-a39152c56836}"
"Service"="RasPppoe"
"HelpText"="Fournit la possibilit\xe9 de connecter un h\xf4te \xe0 un concentrateur d'acc\xe8s distant qui prend en charge RFC2516."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{FF08937F-ED7D-4F1A-A8C9-43C018A2F576}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="ndis4,ndis5"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\NDIS]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\astq]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"="\??\C:\WINDOWS\system32\drivers\astq.tga"
"DisplayName"="df22\0Base\0explorer.ex"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\astq\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Eventlog\System\ndis]
"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS]
"DisplayName"="Pilote syst\xe8me NDIS"
"ErrorControl"=dword:00000001
"Group"="NDIS Wrapper"
"Start"=dword:00000000
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS\MediaTypes]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\NDIS\Parameters]
"ProcessorAffinityMask"=dword:ffffffff
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ndisaluo]
"Type"=dword:00000001
"Start"=dword:00000004
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\Drivers\ndisaluo.sys"
"DeleteFlag"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ndisaluo\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntio922]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"system32\Drivers\ntio922.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\ntio922\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{9CA5E0D1-9B30-4DBA-B77D-8766937F359C}\Ndi]
"ClsID"="{57C06EAA-8784-11D0-83D4-00A0C911E5DF}"
"Service"="LanmanWorkstation"
"CoServices"=str(7):"LanmanWorkstation\0Alerter\0Browser\0Netlogon\0Messenger\0NtLmSsp\0RpcLocator\0"
"ExcludeSetupStartServices"=str(7):"Alerter\0Browser\0Netlogon\0Messenger\0NtLmSsp\0RpcLocator\0"
"HelpText"="@netcfgx.dll,-50002"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{9CA5E0D1-9B30-4DBA-B77D-8766937F359C}\Ndi\Interfaces]
"UpperRange"="winnet5"
"LowerRange"="netbios,netbios_smb"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{E070D3C4-01F7-46B2-8232-451EB525C6FC}\Ndi]
"Service"="WebClient"
"CoServices"=str(7):"WebClient\0MRxDAV\0"
"HelpText"="Le service WebClient permet \xe0 des applications Win32 d'acc\x00e9der \xe0 des documents sur Internet."
"ExcludeSetupStartServices"=str(7):"MRxDAV\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{E070D3C4-01F7-46B2-8232-451EB525C6FC}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{02CE6097-C2C1-4FCE-9BAE-7E46EB7C5A2E}\Ndi]
"ClsID"="{6e65cbc1-926d-11d0-8e27-00c04fc99dcf}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{02CE6097-C2C1-4FCE-9BAE-7E46EB7C5A2E}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{03E034CB-4063-4319-A913-51A9661E5B04}\Ndi]
"Service"="RSVP"
"HelpText"="Le protocole RSVP est utilis\xe9 pour fournir une bande passante r\xe9serv\x00e9e sur le r\xe9seau."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{03E034CB-4063-4319-A913-51A9661E5B04}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0C3307DB-CF3E-4C98-9E23-C4612F6F76BB}\Ndi]
"Service"="wzcsvc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0C3307DB-CF3E-4C98-9E23-C4612F6F76BB}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0EA2E77E-A594-460F-A43F-81C3872186DE}\Ndi]
"Service"="Gpc"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0EA2E77E-A594-460F-A43F-81C3872186DE}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{17AC437F-B513-46B7-A687-6E90EF07EAEF}\Ndi]
"Service"="NetBIOS"
"CoServices"=str(7):"NetBIOS\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{17AC437F-B513-46B7-A687-6E90EF07EAEF}\Ndi\Interfaces]
"UpperRange"="winnet5"
"LowerRange"="netbios"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{24C8386D-BAF1-442C-8AD0-F3BE2529831D}\Ndi]
"ClsID"="{7F368827-9516-11d0-83D9-00A0C911E5DF}"
"Service"="LanmanServer"
"CoServices"=str(7):"LanmanServer\0Browser\0Srv\0"
"ExcludeSetupStartServices"=str(7):"LanmanServer\0Browser\0Srv\0"
"HelpText"="@netcfgx.dll,-50003"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{24C8386D-BAF1-442C-8AD0-F3BE2529831D}\Ndi\Interfaces]
"UpperRange"="winnet5"
"LowerRange"="netbios,ipx,netbios_smb"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{5B14B650-A2B4-4A03-8070-F9FCB761C4A1}\Ndi]
"ClsID"="{6e65cbc5-926d-11d0-8e27-00c04fc99dcf}"
"Service"="RemoteAccess"
"CoServices"=str(7):"RemoteAccess\0"
"ExcludeSetupStartServices"=str(7):"RemoteAccess\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{5B14B650-A2B4-4A03-8070-F9FCB761C4A1}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{5F38634A-B890-4D1D-A87F-E70EFE297079}\Ndi]
"ClsID"="{6e65cbc0-926d-11d0-8e27-00c04fc99dcf}"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{5F38634A-B890-4D1D-A87F-E70EFE297079}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{BBBBD3C2-0566-41E5-BEF7-962D6EA229A7}\Ndi]
"HelpText"="@netcfgx.dll,-50015"
"FilterClass"="scheduler"
"FilterDeviceInfId"="ms_pschedmp"
"Service"="PSched"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{BBBBD3C2-0566-41E5-BEF7-962D6EA229A7}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
"LowerExclude"="ndisatm, ndiscowan, ndiswan, ndiswanasync, ndiswanipx, ndiswannbf"
"FilterMediaTypes"="ethernet, tokenring, fddi, wan"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CFA2E21E-DB28-46FE-B961-678EAC269444}\Ndi]
"Service"="ALG"
"CoServices"=str(7):"ALG\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CFA2E21E-DB28-46FE-B961-678EAC269444}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{FB9774F8-E71F-4E78-BE80-C3F1BB58D987}\Ndi]
"Service"="RasMan"
"CoServices"=str(7):"RasAcd\0RasAuto\0"
"ExcludeSetupStartServices"=str(7):"RasAcd\0RasAuto\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{FB9774F8-E71F-4E78-BE80-C3F1BB58D987}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{174DC2CA-8648-4B53-AEAA-A4098C150B27}\Ndi]
"BindForm"="NetbiosSmb"
"HelpText"="Un protocole associ\xe9 \xe0 la couche TCP/IP qui maintient les limites de messages. Cette instance du protocole est pr\xe9vue pour \xeatre utilis\x00e9e par le protocole de partage de fichiers."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{174DC2CA-8648-4B53-AEAA-A4098C150B27}\Ndi\Interfaces]
"UpperRange"="netbios_smb"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{37F8B364-7131-44A6-926D-257944FDF4DE}\Ndi]
"ClsId"="{A907657F-6FDF-11D0-8EFB-00C04FD912B2}"
"HelpText"="@netcfgx.dll,-50001"
"Service"="Tcpip"
"CoServices"=str(7):"Tcpip\0Netbt\0Lmhosts\0Dhcp\0Dnscache\0PolicyAgent\0Nla\0"
"ExcludeSetupStartServices"=str(7):"PolicyAgent\0"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{37F8B364-7131-44A6-926D-257944FDF4DE}\Ndi\Interfaces]
"UpperRange"="tdi"
"LowerRange"="ndis4,ndis5,ndisatm,ndiswanip,ndis5_ip,ndis1394"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{6211F234-FDAC-4F73-BFCD-2B099199BA10}\Ndi]
"Service"="NetBT"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{6211F234-FDAC-4F73-BFCD-2B099199BA10}\Ndi\Interfaces]
"UpperRange"="netbios"
"LowerRange"="tdi"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{71429ACF-63F4-4102-B243-6C5A60B2234D}\Ndi]
"ClsID"="{6e65cbc3-926d-11d0-8e27-00c04fc99dcf}"
"Service"="NdisWan"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{71429ACF-63F4-4102-B243-6C5A60B2234D}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="ndisatm,ndiscowan,ndiswan,ndiswanasync"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{B19BDF4E-19C7-45FF-BE35-2B48265480E4}\Ndi]
"ClsID"="{6e65cbc6-926d-11d0-8e27-00c04fc99dcf}"
"HelpText"="Vous permet de vous connecter en toute s\x00e9curit\xe9 \xe0 un r\xe9seau priv\xe9 en utilisant Internet."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{B19BDF4E-19C7-45FF-BE35-2B48265480E4}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{C555C1FC-B606-4799-B4E3-320E8B65DDDB}\Ndi]
"ClsID"="{6e65cbc4-926d-11d0-8e27-00c04fc99dcf}"
"HelpText"="Vous permet de vous connecter en toute s\x00e9curit\xe9 \xe0 un r\xe9seau priv\xe9 en utilisant Internet."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{C555C1FC-B606-4799-B4E3-320E8B65DDDB}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{F535BC93-3BE3-44FC-ADAC-A2C432887F8E}\Ndi]
"Service"="Ndisuio"
"HelpText"="Un pilote pour prendre en charge le mode utilisateur E/S sur les p\xe9riph\xe9riques NDIS"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{F535BC93-3BE3-44FC-ADAC-A2C432887F8E}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="ndis5,ndis4,ndis5_uio"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{FF08937F-ED7D-4F1A-A8C9-43C018A2F576}\Ndi]
"ClsID"="{e949da38-c39d-4460-8ea7-a39152c56836}"
"Service"="RasPppoe"
"HelpText"="Fournit la possibilit\xe9 de connecter un h\xf4te \xe0 un concentrateur d'acc\xe8s distant qui prend en charge RFC2516."

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{FF08937F-ED7D-4F1A-A8C9-43C018A2F576}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="ndis4,ndis5"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\NDIS]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\astq]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"="\??\C:\WINDOWS\system32\drivers\astq.tga"
"DisplayName"="df22\0Base\0explorer.ex"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\astq\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System\ndis]
"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDIS]
"DisplayName"="Pilote syst\xe8me NDIS"
"ErrorControl"=dword:00000001
"Group"="NDIS Wrapper"
"Start"=dword:00000000
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDIS\MediaTypes]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\NDIS\Parameters]
"ProcessorAffinityMask"=dword:ffffffff
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisaluo]
"Type"=dword:00000001
"Start"=dword:00000004
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\Drivers\ndisaluo.sys"
"DeleteFlag"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ndisaluo\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntio922]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"system32\Drivers\ntio922.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ntio922\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{9CA5E0D1-9B30-4DBA-B77D-8766937F359C}\Ndi]
"ClsID"="{57C06EAA-8784-11D0-83D4-00A0C911E5DF}"
"Service"="LanmanWorkstation"
"CoServices"=str(7):"LanmanWorkstation\0Alerter\0Browser\0Netlogon\0Messenger\0NtLmSsp\0RpcLocator\0"
"ExcludeSetupStartServices"=str(7):"Alerter\0Browser\0Netlogon\0Messenger\0NtLmSsp\0RpcLocator\0"
"HelpText"="@netcfgx.dll,-50002"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{9CA5E0D1-9B30-4DBA-B77D-8766937F359C}\Ndi\Interfaces]
"UpperRange"="winnet5"
"LowerRange"="netbios,netbios_smb"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{E070D3C4-01F7-46B2-8232-451EB525C6FC}\Ndi]
"Service"="WebClient"
"CoServices"=str(7):"WebClient\0MRxDAV\0"
"HelpText"="Le service WebClient permet \xe0 des applications Win32 d'acc\x00e9der \xe0 des documents sur Internet."
"ExcludeSetupStartServices"=str(7):"MRxDAV\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E973-E325-11CE-BFC1-08002BE10318}\{E070D3C4-01F7-46B2-8232-451EB525C6FC}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{02CE6097-C2C1-4FCE-9BAE-7E46EB7C5A2E}\Ndi]
"ClsID"="{6e65cbc1-926d-11d0-8e27-00c04fc99dcf}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{02CE6097-C2C1-4FCE-9BAE-7E46EB7C5A2E}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{03E034CB-4063-4319-A913-51A9661E5B04}\Ndi]
"Service"="RSVP"
"HelpText"="Le protocole RSVP est utilis\xe9 pour fournir une bande passante r\xe9serv\x00e9e sur le r\xe9seau."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{03E034CB-4063-4319-A913-51A9661E5B04}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0C3307DB-CF3E-4C98-9E23-C4612F6F76BB}\Ndi]
"Service"="wzcsvc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0C3307DB-CF3E-4C98-9E23-C4612F6F76BB}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0EA2E77E-A594-460F-A43F-81C3872186DE}\Ndi]
"Service"="Gpc"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{0EA2E77E-A594-460F-A43F-81C3872186DE}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{17AC437F-B513-46B7-A687-6E90EF07EAEF}\Ndi]
"Service"="NetBIOS"
"CoServices"=str(7):"NetBIOS\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{17AC437F-B513-46B7-A687-6E90EF07EAEF}\Ndi\Interfaces]
"UpperRange"="winnet5"
"LowerRange"="netbios"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{24C8386D-BAF1-442C-8AD0-F3BE2529831D}\Ndi]
"ClsID"="{7F368827-9516-11d0-83D9-00A0C911E5DF}"
"Service"="LanmanServer"
"CoServices"=str(7):"LanmanServer\0Browser\0Srv\0"
"ExcludeSetupStartServices"=str(7):"LanmanServer\0Browser\0Srv\0"
"HelpText"="@netcfgx.dll,-50003"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{24C8386D-BAF1-442C-8AD0-F3BE2529831D}\Ndi\Interfaces]
"UpperRange"="winnet5"
"LowerRange"="netbios,ipx,netbios_smb"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{5B14B650-A2B4-4A03-8070-F9FCB761C4A1}\Ndi]
"ClsID"="{6e65cbc5-926d-11d0-8e27-00c04fc99dcf}"
"Service"="RemoteAccess"
"CoServices"=str(7):"RemoteAccess\0"
"ExcludeSetupStartServices"=str(7):"RemoteAccess\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{5B14B650-A2B4-4A03-8070-F9FCB761C4A1}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{5F38634A-B890-4D1D-A87F-E70EFE297079}\Ndi]
"ClsID"="{6e65cbc0-926d-11d0-8e27-00c04fc99dcf}"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{5F38634A-B890-4D1D-A87F-E70EFE297079}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{BBBBD3C2-0566-41E5-BEF7-962D6EA229A7}\Ndi]
"HelpText"="@netcfgx.dll,-50015"
"FilterClass"="scheduler"
"FilterDeviceInfId"="ms_pschedmp"
"Service"="PSched"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{BBBBD3C2-0566-41E5-BEF7-962D6EA229A7}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
"LowerExclude"="ndisatm, ndiscowan, ndiswan, ndiswanasync, ndiswanipx, ndiswannbf"
"FilterMediaTypes"="ethernet, tokenring, fddi, wan"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CFA2E21E-DB28-46FE-B961-678EAC269444}\Ndi]
"Service"="ALG"
"CoServices"=str(7):"ALG\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{CFA2E21E-DB28-46FE-B961-678EAC269444}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{FB9774F8-E71F-4E78-BE80-C3F1BB58D987}\Ndi]
"Service"="RasMan"
"CoServices"=str(7):"RasAcd\0RasAuto\0"
"ExcludeSetupStartServices"=str(7):"RasAcd\0RasAuto\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E974-E325-11CE-BFC1-08002BE10318}\{FB9774F8-E71F-4E78-BE80-C3F1BB58D987}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{174DC2CA-8648-4B53-AEAA-A4098C150B27}\Ndi]
"BindForm"="NetbiosSmb"
"HelpText"="Un protocole associ\xe9 \xe0 la couche TCP/IP qui maintient les limites de messages. Cette instance du protocole est pr\xe9vue pour \xeatre utilis\x00e9e par le protocole de partage de fichiers."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{174DC2CA-8648-4B53-AEAA-A4098C150B27}\Ndi\Interfaces]
"UpperRange"="netbios_smb"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{37F8B364-7131-44A6-926D-257944FDF4DE}\Ndi]
"ClsId"="{A907657F-6FDF-11D0-8EFB-00C04FD912B2}"
"HelpText"="@netcfgx.dll,-50001"
"Service"="Tcpip"
"CoServices"=str(7):"Tcpip\0Netbt\0Lmhosts\0Dhcp\0Dnscache\0PolicyAgent\0Nla\0"
"ExcludeSetupStartServices"=str(7):"PolicyAgent\0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{37F8B364-7131-44A6-926D-257944FDF4DE}\Ndi\Interfaces]
"UpperRange"="tdi"
"LowerRange"="ndis4,ndis5,ndisatm,ndiswanip,ndis5_ip,ndis1394"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{6211F234-FDAC-4F73-BFCD-2B099199BA10}\Ndi]
"Service"="NetBT"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{6211F234-FDAC-4F73-BFCD-2B099199BA10}\Ndi\Interfaces]
"UpperRange"="netbios"
"LowerRange"="tdi"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{71429ACF-63F4-4102-B243-6C5A60B2234D}\Ndi]
"ClsID"="{6e65cbc3-926d-11d0-8e27-00c04fc99dcf}"
"Service"="NdisWan"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{71429ACF-63F4-4102-B243-6C5A60B2234D}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="ndisatm,ndiscowan,ndiswan,ndiswanasync"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{B19BDF4E-19C7-45FF-BE35-2B48265480E4}\Ndi]
"ClsID"="{6e65cbc6-926d-11d0-8e27-00c04fc99dcf}"
"HelpText"="Vous permet de vous connecter en toute s\x00e9curit\xe9 \xe0 un r\xe9seau priv\xe9 en utilisant Internet."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{B19BDF4E-19C7-45FF-BE35-2B48265480E4}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{C555C1FC-B606-4799-B4E3-320E8B65DDDB}\Ndi]
"ClsID"="{6e65cbc4-926d-11d0-8e27-00c04fc99dcf}"
"HelpText"="Vous permet de vous connecter en toute s\x00e9curit\xe9 \xe0 un r\xe9seau priv\xe9 en utilisant Internet."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{C555C1FC-B606-4799-B4E3-320E8B65DDDB}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="nolower"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{F535BC93-3BE3-44FC-ADAC-A2C432887F8E}\Ndi]
"Service"="Ndisuio"
"HelpText"="Un pilote pour prendre en charge le mode utilisateur E/S sur les p\xe9riph\xe9riques NDIS"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{F535BC93-3BE3-44FC-ADAC-A2C432887F8E}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="ndis5,ndis4,ndis5_uio"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{FF08937F-ED7D-4F1A-A8C9-43C018A2F576}\Ndi]
"ClsID"="{e949da38-c39d-4460-8ea7-a39152c56836}"
"Service"="RasPppoe"
"HelpText"="Fournit la possibilit\xe9 de connecter un h\xf4te \xe0 un concentrateur d'acc\xe8s distant qui prend en charge RFC2516."

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\Network\{4D36E975-E325-11CE-BFC1-08002BE10318}\{FF08937F-ED7D-4F1A-A8C9-43C018A2F576}\Ndi\Interfaces]
"UpperRange"="noupper"
"LowerRange"="ndis4,ndis5"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Control\SafeBoot\Network\NDIS]
@="Driver Group"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\astq]
"Type"=dword:00000001
"Start"=dword:00000001
"ErrorControl"=dword:00000000
"ImagePath"="\??\C:\WINDOWS\system32\drivers\astq.tga"
"DisplayName"="df22\0Base\0explorer.ex"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\astq\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\Eventlog\System\ndis]
"EventMessageFile"=str(2):"%SystemRoot%\System32\netevent.dll"
"TypesSupported"=dword:00000007
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NDIS]
"DisplayName"="Pilote syst\xe8me NDIS"
"ErrorControl"=dword:00000001
"Group"="NDIS Wrapper"
"Start"=dword:00000000
"Type"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NDIS\MediaTypes]

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\NDIS\Parameters]
"ProcessorAffinityMask"=dword:ffffffff
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ndisaluo]
"Type"=dword:00000001
"Start"=dword:00000004
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"\??\C:\WINDOWS\system32\Drivers\ndisaluo.sys"
"DeleteFlag"=dword:00000001

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ndisaluo\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ntio922]
"Type"=dword:00000001
"Start"=dword:00000000
"ErrorControl"=dword:00000000
"ImagePath"=str(2):"system32\Drivers\ntio922.sys"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet004\Services\ntio922\Security]
"Security"=hex:01,00,14,80,90,00,00,00,9c,00,00,00,14,00,00,00,30,00,00,00,02,..

scanning hidden registry entries ...

scanning hidden files ...

C:\WINDOWS\system32\drivers\ntio922.sys 37632 bytes executable
C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}\amulet-jslib\sandbox.js 3825 bytes
C:\Program Files\OpenOffice.org 1.9.126\program\classes\sandbox.jar 41705 bytes

scan completed successfully
hidden processes: 0
hidden services: 3
hidden files: 399

Remaining Services:
------------------

Authorized Application Key Export:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\\Program Files\\AOL 9.0\\waol.exe"="C:\\Program Files\\AOL 9.0\\waol.exe:*:Disabled:AOL France"
"C:\\Program Files\\IncrediMail\\bin\\IMApp.exe"="C:\\Program Files\\IncrediMail\\bin\\IMApp.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\IncMail.exe"="C:\\Program Files\\IncrediMail\\bin\\IncMail.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe"="C:\\Program Files\\IncrediMail\\bin\\ImpCnt.exe:*:Enabled:IncrediMail"
"C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp"="C:\\Program Files\\Kazaa Lite K++\\KazaaLite.kpp:*:Enabled:KazaaLite"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Messenger\\msmsgs.exe"="C:\\Program Files\\Messenger\\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD"="C:\\Program Files\\Microsoft Games\\Age of Empires II\\EMPIRES2.ICD:*:Enabled:Age of Empires II"
"C:\\Program Files\\eMule\\eMule.exe"="C:\\Program Files\\eMule\\eMule.exe:*:Enabled:eMule Plus"
"C:\\Program Files\\Ma‹do Production\\IziSpot 4\\IziSpot.exe"="C:\\Program Files\\Ma‹do Production\\IziSpot 4\\IziSpot.exe:*:Enabled:IziSpot"
"C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE"="C:\\Program Files\\Internet Explorer\\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"
"C:\\DOCUME~1\\COMPAQ~1\\LOCALS~1\\Temp\\services.exe"="C:\\DOCUME~1\\COMPAQ~1\\LOCALS~1\\Temp\\services.exe:*:Enabled:Flash Player2"
"c:\\windows\\system32\\snrb6.exe"="c:\\windows\\system32\\snrb6.exe:*:Enabled:snrb6"
"C:\\Documents and Settings\\Compaq_Propri‚taire\\ppuemj.exe"="C:\\Documents and Settings\\Compaq_Propri‚taire\\ppuemj.exe:*:Enabled:Windows Service"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%ProgramFiles%\\iTunes\\iTunes.exe"="%ProgramFiles%\\iTunes\\iTunes.exe:*:enabled:iTunes"
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"="C:\\Program Files\\MSN Messenger\\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1"
"C:\\Program Files\\MSN Messenger\\livecall.exe"="C:\\Program Files\\MSN Messenger\\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone)"

Remaining Files:
---------------

File Backups: - C:\SDFix\backups\backups.zip

Files with Hidden Attributes:

Sat 5 Mar 2005 218 A.SHR --- "C:\BOOT.BAK"
Sun 12 Mar 2006 10,311,680 ..SH. --- "C:\Program Files\AVIConverter\mencoder.exe"
Sun 8 Jan 2006 4,348 A.SH. --- "C:\Documents and Settings\All Users\DRM\DRMv1.bak"
Wed 22 Jun 2005 43,008 ...H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\~WRL0408.tmp"
Wed 22 Jun 2005 43,520 ...H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\~WRL0601.tmp"
Tue 21 Jun 2005 39,424 ...H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\~WRL1709.tmp"
Wed 22 Jun 2005 46,592 ...H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\~WRL2864.tmp"
Wed 22 Jun 2005 45,056 ...H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\~WRL2898.tmp"
Wed 22 Jun 2005 47,104 ...H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\~WRL3152.tmp"
Wed 22 Jun 2005 46,080 ...H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\~WRL3450.tmp"
Tue 25 Sep 2007 47,616 ...H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\~WRL1501.tmp"
Tue 11 Sep 2007 53,760 ...H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Mes documents\Amelta\~WRL0391.tmp"
Sat 11 Jun 2005 30,208 A..H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\NE PAS EFFACER fichiers Serge\Ecole CHARPIEU\ECOLE MATERNELLE CHARPIEU au 2_9_05\EVENEMENTS\voyage\~WRL2564.tmp"
Wed 8 Jun 2005 19,968 A..H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\NE PAS EFFACER fichiers Serge\Ecole CHARPIEU\ECOLE MATERNELLE CHARPIEU au 2_9_05\EVENEMENTS\voyage\~WRL3214.tmp"
Fri 3 Jun 2005 19,968 A..H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\NE PAS EFFACER fichiers Serge\Ecole CHARPIEU\ECOLE MATERNELLE CHARPIEU au 2_9_05\Les conseils & Projets\2 CM\04\~WRL0949.tmp"
Tue 31 May 2005 218,112 A..H. --- "C:\Documents and Settings\Compaq_Propri‚taire\Bureau\NE PAS EFFACER fichiers Serge\Ecole CHARPIEU\ECOLE MATERNELLE CHARPIEU au 2_9_05\Les conseils & Projets\3 Conseil ecole\Convocation\~WRL3217.tmp"

Finished!

Je retrouve pas le rapport Combofix... :(

Ajouter un commentaire

Réponse

g!rly 18216Messages postés 17 août 2007Date d'inscription 17 mai 2012Dernière intervention 25 janv. 2008 à 00:06

salut crouchinou,

les deux fix ont bien travaillés ;-)

le rapport combofix est situé ici :

C:\Combofix.txt

post aussi un nouveau rapport hijack this

@+

Ajouter un commentaire - Site web

Répondre au sujet

Posez votre question

Dossier à la une

Passage au tout numérique : quel coût pour les particuliers ?

Passage au tout numérique : quel coût pour les particuliers ?

Combien cela coûte-t-il au total ? Quelles aides apportent l'état et les acteurs du marché pour alléger cette charge non choisie ? Tous les détails sur Commentçamarche.net.

Infection multiple trojan, impossible à enlev

Infection multiple trojan, impossible à enlev »

Passage au tout numérique : quel coût pour les particuliers ?