Aller au contenu

Guy du Québec

Membres
 Afficher le profil  Afficher son activité

  • Compteur de contenus

    68

  • Inscription

  • Dernière visite

 Type de contenu 

Tout ce qui a été posté par Guy du Québec

  1. Guy du Québec
    salut Régis Ca va mal ..lol il est surement trop tard pour mpi ...il n y a pas de next .... juste quarantine select ... ?
  2. Guy du Québec
    salut Régis executer spy sweep en mode sans echec ...je ne peux pas ? je suis en train de scanner en mode normal ....
  3. Guy du Québec
    salut Régis Excuse moi si c est long pour poster mes rapports ééémais depuis que j ai installé spy sweeper ...mon dd se cherche beaucoup , il travaille sans arret ... meme un pop up de la compagnie est apparu ....
  4. Guy du Québec
    tu es un leve tot ? il est 7 am chez toi ?...
  5. Guy du Québec
    salut Régis ok juste pour etre certain ...quand je vérifie dans démarrage (dans msconfig ) est ce que je doit enlever le crochet pour les applications qui s y retrouvent ? @+
  6. Guy du Québec
    salut Régis Désoler mais je n ai aucun de ces fichiers ou dossier et j affiche les fichies et dossier cachés et protegés ? Fais le pour ces fichiers en gras : C:\WINDOWS\system32\explorer..exe => ne confond pas avec explorer.exe qui se trouve dans C:\WINDOWS\ C:\Program Files\WinAntiVirus Pro 2006\winav.exe C:\WINDOWS\system32\msmsgs.exe C:\WINDOWS\s?curity\?serinit.exe Ensuite supprime ces dossiers : C:\Program Files\WinAntiVirus Pro 2006\ C:\WINDOWS\s?curity\ @+
  7. Guy du Québec
    salut Régis bon a premiere vu pour moi ca l air de ne pas avoir fonctionnés plus ...ce que je voulais dire c est que quand j enregistrais pour exemple cleaner tu me disait de l enregister en cleaner.bfu ... ce que j avais par default etait cleaber.bfu.rtf j enlevais le .rtf ... dans celui que tu m a envoyer egdacces.bfu c etait un .txt ...surement pour que le script fonctionne .... je pensais l avoir trouver mais bon ....désolé ! Logfile of HijackThis v1.99.1 Scan saved at 15:40:32, on 2006-09-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\userinit.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe F:\Program Files\ewido anti-spyware 4.0\guard.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe F:\Program Files\Hijackthis Version Française\Guy.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.canoe.com/index.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKCU\..\Run: [winsys] C:\WINDOWS\system32\msmsgs.exe O4 - HKCU\..\Run: [Lsepr] C:\WINDOWS\s?curity\?serinit.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
  8. Guy du Québec
    salut Régis je crois maintenant savoir d ou proviens mon erreur....quand j enregistrais les .bfu j enlevais l extenton .rtf pour qu il reste seulement un .bfu ! j ai bien vu dans ce dernier l extention .txt etais toujours la ... excuse moi je ne savais pas .... Windows Registry Editor Version 5.00 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMan"="SOUNDMAN.EXE" "Lexmark 4200 Series"="\"C:\\Program Files\\Lexmark 4200 Series\\lxbmbmgr.exe\"" "FaxCenterServer4_in_1"="\"C:\\Program Files\\Lexmark 4200 Series\\Fax\\fm3032.exe\" /s" "QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime" "Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" "startkey"="C:\\WINDOWS\\system32\\explorer..exe" "WinAntiVirusPro2006"="C:\\Program Files\\WinAntiVirus Pro 2006\\winav.exe /min" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL] "Installed"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI] "Installed"="1" "NoChange"="1" [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS] "Installed"="1" Logfile of HijackThis v1.99.1 Scan saved at 14:58:32, on 2006-09-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe F:\Program Files\ewido anti-spyware 4.0\guard.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe F:\Program Files\Hijackthis Version Française\Guy.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.canoe.com/index.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKCU\..\Run: [winsys] C:\WINDOWS\system32\msmsgs.exe O4 - HKCU\..\Run: [Lsepr] C:\WINDOWS\s?curity\?serinit.exe O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
  9. Guy du Québec
    je crois que c est ce qui te manques ...dur de savoir c est toutes pareils...lol Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP_POWER 862C3738 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE 865573B0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CREATE_NAMED_PIPE 865573B0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_CLOSEIRP_MJ_READ 865573B0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_WRITE 864C03B8 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_INFORMATION 865573B0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_SET_INFORMATION 865573B0 Device \FileSystem\Npfs \Device\NamedPipe IRP_MJ_QUERY_EA 865573B0 Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 867D20E8 Device \Driver\usbstor \Device\0000008a IRP_MJ_CREATE 86562400 Device \FileSystem\Msfs \Device\Mailslot IRP_MJ_CREATE 862A5380 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_CREATE 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_WRITE 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_SET_INFORMATION 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_QUERY_EA 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_SET_EA 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_SHUTDOWN 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_CLEANUP 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_SET_SECURITY 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_POWER 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_SET_QUOTA 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_PNP 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1Port5Path0Target0Lun0 IRP_MJ_PNP_POWER 86564330 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_NAMED_PIPE 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLOSEIRP_MJ_READ 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_WRITE 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_INFORMATION 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_INFORMATION 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_EA 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_EA 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FLUSH_BUFFERS 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_VOLUME_INFORMATION 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DIRECTORY_CONTROL 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_FILE_SYSTEM_CONTROL 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CONTROL 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SHUTDOWN 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_LOCK_CONTROL 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CLEANUP 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_CREATE_MAILSLOT 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_SECURITY 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_SECURITY 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_POWER 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SYSTEM_CONTROL 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_DEVICE_CHANGE 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_QUERY_QUOTA 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_SET_QUOTA 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1 IRP_MJ_PNP_POWER 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_CREATE 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_WRITE 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SET_INFORMATION 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_QUERY_EA 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SET_EA 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SHUTDOWN 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_CLEANUP 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SET_SECURITY 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_POWER 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_SET_QUOTA 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_PNP 85C54D30 Device \Driver\a347scsi \Device\Scsi\a347scsi1Port6Path0Target0Lun0 IRP_MJ_PNP_POWER 85C54D30 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE_NAMED_PIPE 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CLOSEIRP_MJ_READ 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_WRITE 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_INFORMATION 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_INFORMATION 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_EA 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_EA 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_FLUSH_BUFFERS 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_VOLUME_INFORMATION 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_VOLUME_INFORMATION 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DIRECTORY_CONTROL 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_FILE_SYSTEM_CONTROL 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DEVICE_CONTROL 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SHUTDOWN 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_LOCK_CONTROL 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CLEANUP 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_CREATE_MAILSLOT 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_SECURITY 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_SECURITY 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_POWER 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SYSTEM_CONTROL 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_DEVICE_CHANGE 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_QUERY_QUOTA 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_SET_QUOTA 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_PNP 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1 IRP_MJ_PNP_POWER 8631B0C8 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE_NAMED_PIPE 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLOSEIRP_MJ_READ 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_WRITE 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_INFORMATION 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_INFORMATION 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_EA 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_EA 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_FLUSH_BUFFERS 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_VOLUME_INFORMATION 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_VOLUME_INFORMATION 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DIRECTORY_CONTROL 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_FILE_SYSTEM_CONTROL 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CONTROL 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SHUTDOWN 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_LOCK_CONTROL 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CLEANUP 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_CREATE_MAILSLOT 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_SECURITY 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_SECURITY 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_POWER 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SYSTEM_CONTROL 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_DEVICE_CHANGE 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_QUERY_QUOTA 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_SET_QUOTA 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP 86564330 Device \Driver\dtscsi \Device\Scsi\dtscsi1 IRP_MJ_PNP_POWER 86564330 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_CREATE 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_CREATE_NAMED_PIPE 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_CLOSEIRP_MJ_READ 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_WRITE 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_QUERY_INFORMATION 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SET_INFORMATION 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_QUERY_EA 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SET_EA 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_FLUSH_BUFFERS 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_QUERY_VOLUME_INFORMATION 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SET_VOLUME_INFORMATION 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_DIRECTORY_CONTROL 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_FILE_SYSTEM_CONTROL 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SHUTDOWN 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_LOCK_CONTROL 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_CLEANUP 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_CREATE_MAILSLOT 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_QUERY_SECURITY 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SET_SECURITY 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_POWER 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_DEVICE_CHANGE 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_QUERY_QUOTA 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_SET_QUOTA 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_PNP 8631B0C8 Device \Driver\imagedrv \Device\Scsi\imagedrv1Port4Path0Target0Lun0 IRP_MJ_PNP_POWER 8631B0C8 Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE 862DB240 Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 86553878 ---- Modules - GMER 1.0.10 ---- Module _________ F7640000 ---- Files - GMER 1.0.10 ---- File C:\System Volume Information\MountPointManagerRemoteDatabase File C:\System Volume Information\tracking.log File C:\System Volume Information\_restore{E19380FD-2977-462F-9D74-11C27F5F4864} File D:\System Volume Information\MountPointManagerRemoteDatabase File D:\System Volume Information\tracking.log File D:\System Volume Information\_restore{E19380FD-2977-462F-9D74-11C27F5F4864} File D:\System Volume Information\_restore{EBB35AA6-833F-4222-939A-D8F9BF79B645} File E:\System Volume Information\MountPointManagerRemoteDatabase File E:\System Volume Information\tracking.log File E:\System Volume Information\_restore{2316E5A9-B858-40B0-B86E-15BE9E6FFB38} File E:\System Volume Information\_restore{E19380FD-2977-462F-9D74-11C27F5F4864} File E:\System Volume Information\_restore{EBB35AA6-833F-4222-939A-D8F9BF79B645} File F:\System Volume Information\MountPointManagerRemoteDatabase File F:\System Volume Information\tracking.log File F:\System Volume Information\_restore{E19380FD-2977-462F-9D74-11C27F5F4864} File F:\System Volume Information\_restore{EBB35AA6-833F-4222-939A-D8F9BF79B645} ---- EOF - GMER 1.0.10 ----
  10. Guy du Québec
    Salut Régis , je pense a ouvrir une bonne bouteille de vin ! histoire de me calmer .... tu veus un verre ou la bouteiile ? bon du sérieux ....lol GMER 1.0.10.10122 - http://www.gmer.net Rootkit 2006-09-15 14:20:29 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.10 ---- SSDT a347bus.sys ZwClose SSDT a347bus.sys ZwCreateKey SSDT a347bus.sys ZwCreatePagingFile SSDT a347bus.sys ZwEnumerateKey SSDT a347bus.sys ZwEnumerateValueKey SSDT a347bus.sys ZwOpenFile SSDT a347bus.sys ZwOpenKey SSDT \??\F:\Program Files\ewido anti-spyware 4.0\guard.sys ZwOpenProcess SSDT a347bus.sys ZwQueryKey SSDT a347bus.sys ZwQueryValueKey SSDT a347bus.sys ZwSetSystemPowerState SSDT sptd.sys ZwSetValueKey SSDT \??\F:\Program Files\ewido anti-spyware 4.0\guard.sys ZwTerminateProcess ---- Devices - GMER 1.0.10 ---- Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 867860E8 Device \Driver\dmio \Device\DmControl\DmIoDaemon IRP_MJ_CREATE 867D2EB0 Device \Driver\dmio \Device\DmControl\DmConfig IRP_MJ_CREATE 867D2EB0 Device \Driver\dmio \Device\DmControl\DmPnP IRP_MJ_CREATE 867D2EB0 Device \Driver\dmio \Device\DmControl\DmInfo IRP_MJ_CREATE 867D2EB0 Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867D20E8 Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867D20E8 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_NAMED_PIPE 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSEIRP_MJ_READ 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_EA 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_EA 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_VOLUME_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_VOLUME_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DIRECTORY_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FILE_SYSTEM_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_LOCK_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLEANUP 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE_MAILSLOT 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_SECURITY 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_SECURITY 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CHANGE 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_QUERY_QUOTA 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SET_QUOTA 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 86516050 Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP_POWER 86516050 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_NAMED_PIPE 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLOSEIRP_MJ_READ 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_WRITE 863C1CE8 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_INFORMATION 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_INFORMATION 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_EA 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_EA 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FLUSH_BUFFERS 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_VOLUME_INFORMATION 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_VOLUME_INFORMATION 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DIRECTORY_CONTROL 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_FILE_SYSTEM_CONTROL 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CONTROL 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_INTERNAL_DEVICE_CONTROL 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SHUTDOWN 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_LOCK_CONTROL 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CLEANUP 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_CREATE_MAILSLOT 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_SECURITY 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_SECURITY 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_POWER 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SYSTEM_CONTROL 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_DEVICE_CHANGE 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_QUERY_QUOTA 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_SET_QUOTA 862A9310 Device \FileSystem\Rdbss \Device\FsWrap IRP_MJ_PNP 862A9310 Device \Driver\Ftdisk \Device\HarddiskVolume3 IRP_MJ_CREATE 867D20E8 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_NAMED_PIPE 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSEIRP_MJ_READ 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_EA 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_EA 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_VOLUME_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_VOLUME_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DIRECTORY_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FILE_SYSTEM_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_LOCK_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLEANUP 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE_MAILSLOT 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_SECURITY 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_SECURITY 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CHANGE 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_QUERY_QUOTA 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SET_QUOTA 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 86516050 Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP_POWER 86516050 Device \Driver\NetBT \Device\NetBT_Tcpip_{79C5122D-EBFA-4D19-9A42-77718E79878F} IRP_MJ_CREATE 865660E8 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_NAMED_PIPE 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSEIRP_MJ_READ 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_WRITE 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_EA 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_EA 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FLUSH_BUFFERS 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_VOLUME_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_VOLUME_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DIRECTORY_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_FILE_SYSTEM_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SHUTDOWN 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_LOCK_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLEANUP 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE_MAILSLOT 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_SECURITY 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_SECURITY 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CHANGE 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_QUERY_QUOTA 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SET_QUOTA 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 862E9008 Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP_POWER 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_NAMED_PIPE 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLOSEIRP_MJ_READ 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_WRITE 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_EA 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_EA 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FLUSH_BUFFERS 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_VOLUME_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_VOLUME_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DIRECTORY_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_FILE_SYSTEM_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SHUTDOWN 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_LOCK_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CLEANUP 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_CREATE_MAILSLOT 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_SECURITY 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_SECURITY 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_POWER 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SYSTEM_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_DEVICE_CHANGE 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_QUERY_QUOTA 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_SET_QUOTA 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-4 IRP_MJ_PNP_POWER 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_CREATE 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_CREATE_NAMED_PIPE 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_CLOSEIRP_MJ_READ 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_WRITE 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_QUERY_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_SET_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_QUERY_EA 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_SET_EA 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_FLUSH_BUFFERS 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_QUERY_VOLUME_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_SET_VOLUME_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_DIRECTORY_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_FILE_SYSTEM_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_DEVICE_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_INTERNAL_DEVICE_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_SHUTDOWN 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_LOCK_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_CLEANUP 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_CREATE_MAILSLOT 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_QUERY_SECURITY 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_SET_SECURITY 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_POWER 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_SYSTEM_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_DEVICE_CHANGE 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_QUERY_QUOTA 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_SET_QUOTA 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_PNP 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP3T0L0-22 IRP_MJ_PNP_POWER 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_NAMED_PIPE 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSEIRP_MJ_READ 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_WRITE 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_EA 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_EA 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FLUSH_BUFFERS 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_VOLUME_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_VOLUME_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DIRECTORY_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_FILE_SYSTEM_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SHUTDOWN 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_LOCK_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLEANUP 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE_MAILSLOT 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_SECURITY 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_SECURITY 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CHANGE 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_QUERY_QUOTA 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SET_QUOTA 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 862E9008 Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP_POWER 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_NAMED_PIPE 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSEIRP_MJ_READ 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_WRITE 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_EA 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_EA 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FLUSH_BUFFERS 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_VOLUME_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_VOLUME_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DIRECTORY_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_FILE_SYSTEM_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SHUTDOWN 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_LOCK_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLEANUP 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE_MAILSLOT 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_SECURITY 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_SECURITY 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CHANGE 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_QUERY_QUOTA 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SET_QUOTA 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 862E9008 Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP_POWER 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_NAMED_PIPE 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLOSEIRP_MJ_READ 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_WRITE 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_EA 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_EA 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FLUSH_BUFFERS 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_VOLUME_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_VOLUME_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DIRECTORY_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_FILE_SYSTEM_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_INTERNAL_DEVICE_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SHUTDOWN 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_LOCK_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CLEANUP 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_CREATE_MAILSLOT 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_SECURITY 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_SECURITY 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_POWER 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SYSTEM_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_DEVICE_CHANGE 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_QUERY_QUOTA 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_SET_QUOTA 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP0T1L0-c IRP_MJ_PNP_POWER 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_NAMED_PIPE 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSEIRP_MJ_READ 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_WRITE 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_EA 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_EA 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FLUSH_BUFFERS 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_VOLUME_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_VOLUME_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DIRECTORY_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_FILE_SYSTEM_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SHUTDOWN 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_LOCK_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLEANUP 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE_MAILSLOT 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_SECURITY 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_SECURITY 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CHANGE 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_QUERY_QUOTA 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SET_QUOTA 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 862E9008 Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP_POWER 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CREATE 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CREATE_NAMED_PIPE 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CLOSEIRP_MJ_READ 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_WRITE 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_EA 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_EA 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_FLUSH_BUFFERS 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_VOLUME_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_VOLUME_INFORMATION 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_DIRECTORY_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_FILE_SYSTEM_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_DEVICE_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_INTERNAL_DEVICE_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SHUTDOWN 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_LOCK_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CLEANUP 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_CREATE_MAILSLOT 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_SECURITY 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_SECURITY 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_POWER 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SYSTEM_CONTROL 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_DEVICE_CHANGE 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_QUERY_QUOTA 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_SET_QUOTA 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_PNP 862E9008 Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-17 IRP_MJ_PNP_POWER 862E9008 Device \Driver\Ftdisk \Device\HarddiskVolume4 IRP_MJ_CREATE 867D20E8 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_NAMED_PIPE 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSEIRP_MJ_READ 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_EA 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_EA 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_VOLUME_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_VOLUME_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DIRECTORY_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FILE_SYSTEM_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_LOCK_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLEANUP 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE_MAILSLOT 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_SECURITY 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_SECURITY 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CHANGE 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_QUERY_QUOTA 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SET_QUOTA 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 86516050 Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP_POWER 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_NAMED_PIPE 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLOSEIRP_MJ_READ 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_WRITE 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_EA 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_EA 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FLUSH_BUFFERS 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_VOLUME_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_VOLUME_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DIRECTORY_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_FILE_SYSTEM_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_INTERNAL_DEVICE_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SHUTDOWN 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_LOCK_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CLEANUP 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_CREATE_MAILSLOT 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_SECURITY 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_SECURITY 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_POWER 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SYSTEM_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_DEVICE_CHANGE 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_QUERY_QUOTA 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_SET_QUOTA 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP 86516050 Device \Driver\Cdrom \Device\CdRom3 IRP_MJ_PNP_POWER 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE_NAMED_PIPE 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLOSEIRP_MJ_READ 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_WRITE 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_EA 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_EA 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FLUSH_BUFFERS 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_VOLUME_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_VOLUME_INFORMATION 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DIRECTORY_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_FILE_SYSTEM_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_INTERNAL_DEVICE_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SHUTDOWN 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_LOCK_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CLEANUP 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_CREATE_MAILSLOT 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_SECURITY 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_SECURITY 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_POWER 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SYSTEM_CONTROL 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_DEVICE_CHANGE 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_QUERY_QUOTA 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_SET_QUOTA 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_PNP 86516050 Device \Driver\Cdrom \Device\CdRom4 IRP_MJ_PNP_POWER 86516050 Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 865660E8 Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 865660E8 Device \Driver\usbstor \Device\00000088 IRP_MJ_CREATE 86562400 Device \Driver\00000071 \Device\0000005c IRP_MJ_SYSTEM_CONTROL [F7749EA8] sptd.sys Device \Driver\00000071 \Device\0000005c IRP_MJ_DEVICE_CHANGE [F775DA70] sptd.sys Device \Driver\00000071 \Device\0000005c IRP_MJ_PNP_POWER [F7756728] sptd.sys Device \Driver\usbstor \Device\00000089 IRP_MJ_CREATE 86562400 Device \Driver\Disk \Device\Harddisk0\DR0 IRP_MJ_CREATE 867D2450 Device \Driver\Disk \Device\Harddisk1\DR1 IRP_MJ_CREATE 867D2450 Device \Driver\Disk \Device\Harddisk2\DR6 IRP_MJ_CREATE 867D2450 Device \Driver\Disk \Device\Harddisk2\DP(1)0-0+8 IRP_MJ_CREATE 867D2450 Device \Driver\Disk \Device\Harddisk3\DR7 IRP_MJ_CREATE 867D2450 Device \Driver\Disk \Device\Harddisk3\DP(1)0-0+9 IRP_MJ_CREATE 867D2450 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSEIRP_MJ_READ 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 8649EDA8 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 862C3738 Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP_POWER 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSEIRP_MJ_READ 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 8649EDA8 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 862C3738 Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL
  11. Guy du Québec
    encore moi...si ca peus t aider .... cleaner a supprimer tous sauf .... 1- c:/documents and setting/temporary files/content.ies 1- c:/documents and setting/temporary files/content.ies/index.dat @+
  12. Guy du Québec
    salut Régis .... qu est ce que je fait de pas correct ? ... Logfile of HijackThis v1.99.1 Scan saved at 13:46:07, on 2006-09-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe F:\Program Files\ewido anti-spyware 4.0\guard.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe F:\Program Files\Hijackthis Version Française\Guy.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.canoe.com/index.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKCU\..\Run: [winsys] C:\WINDOWS\system32\msmsgs.exe O4 - HKCU\..\Run: [Lsepr] C:\WINDOWS\s?curity\?serinit.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
  13. Guy du Québec
    salut Régis Logfile of HijackThis v1.99.1 Scan saved at 13:03:18, on 2006-09-15 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\Program Files\Yahoo!\Messenger\ymsgr_tray.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe F:\Program Files\ewido anti-spyware 4.0\guard.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe F:\Program Files\Hijackthis Version Française\Guy.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.canoe.com/index.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {C01D2BF8-12A7-408D-B59D-7CA5C44C3CEF} - C:\WINDOWS\system32\pmkjk.dll (file missing) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKCU\..\Run: [winsys] C:\WINDOWS\system32\msmsgs.exe O4 - HKCU\..\Run: [Lsepr] C:\WINDOWS\s?curity\?serinit.exe O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing) O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
  14. Guy du Québec
    salut Régis VundoFix V6.1.5 Checking Java version... Scan started at 14:06:55 2006-09-14 Listing files found while scanning.... No infected files were found. et kaspersky online .... Total number of scanned objects 41054 Number of viruses found 1 Number of infected objects 1 / 0 Number of suspicious objects 0 Duration of the scan process 00:51:59 Infected Object Name Virus Name Last Action C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat Object is locked skipped C:\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5\Quarantine\092C0000.VBN Infected: Trojan-Downloader.Win32.Zlob.agf skipped C:\Documents and Settings\Guy\Cookies\index.dat Object is locked skipped C:\Documents and Settings\Guy\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat Object is locked skipped tous le reste etaient locked and skip .. @+
  15. Guy du Québec
    salut Régis C est bien de te foir grrrrrr ... moi ca fait longtemps mon dernier HijackThis.... Logfile of HijackThis v1.99.1 Scan saved at 20:26:46, on 2006-09-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe F:\Program Files\ewido anti-spyware 4.0\guard.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wuauclt.exe F:\Program Files\Hijackthis Version Française\Guy.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.canoe.com/index.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {C01D2BF8-12A7-408D-B59D-7CA5C44C3CEF} - C:\WINDOWS\system32\pmkjk.dll (file missing) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKCU\..\Run: [winsys] C:\WINDOWS\system32\msmsgs.exe O4 - HKCU\..\Run: [Lsepr] C:\WINDOWS\s?curity\?serinit.exe O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing) O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
  16. Guy du Québec
    salut Régis VundoFix V6.1.5 Checking Java version... Scan started at 12:20:37 2006-09-13 Listing files found while scanning.... C:\WINDOWS\system32\pmkjk.dll C:\WINDOWS\system32\kjkmp.ini C:\WINDOWS\system32\kjkmp.bak1 C:\Program Files\Fichiers communs\{1C6D34EB-0CBC-1036-0103-050930040002}\services.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\pmkjk.dll C:\WINDOWS\system32\pmkjk.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\kjkmp.ini C:\WINDOWS\system32\kjkmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\kjkmp.bak1 C:\WINDOWS\system32\kjkmp.bak1 Has been deleted! Attempting to delete C:\Program Files\Fichiers communs\{1C6D34EB-0CBC-1036-0103-050930040002}\services.dll C:\Program Files\Fichiers communs\{1C6D34EB-0CBC-1036-0103-050930040002}\services.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.1.5 Checking Java version... Scan started at 12:27:52 2006-09-13 Listing files found while scanning.... C:\WINDOWS\system32\pmkjk.dll C:\WINDOWS\system32\kjkmp.ini C:\WINDOWS\system32\kjkmp.bak1 Beginning removal... Attempting to delete C:\WINDOWS\system32\pmkjk.dll C:\WINDOWS\system32\pmkjk.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\kjkmp.ini C:\WINDOWS\system32\kjkmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\kjkmp.bak1 C:\WINDOWS\system32\kjkmp.bak1 Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.1.5 Checking Java version... Scan started at 16:50:22 2006-09-13 Listing files found while scanning.... C:\WINDOWS\system32\pmkjk.dll C:\WINDOWS\system32\kjkmp.ini C:\WINDOWS\system32\kjkmp.bak1 Beginning removal... Attempting to delete C:\WINDOWS\system32\pmkjk.dll C:\WINDOWS\system32\pmkjk.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\kjkmp.ini C:\WINDOWS\system32\kjkmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\kjkmp.bak1 C:\WINDOWS\system32\kjkmp.bak1 Has been deleted! Performing Repairs to the registry. Done! Beginning removal... Attempting to delete C:\WINDOWS\system32\pmkjk.dll C:\WINDOWS\system32\pmkjk.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\pmkjk.dll C:\WINDOWS\system32\pmkjk.dll Has been deleted! Performing Repairs to the registry. Done! Beginning removal...
  17. Guy du Québec
    salut Regis quand je double click dessus pour l executer .... 1- j ai le logiciel n a pu etre verifier ect ...ca sava 2- je ne voit pas d endroit a cocher pour run as a task seulement scan for Vundo ou remove Vundo ?? v 6.1.5 ?
  18. Guy du Québec
    salur Régis VundoFix en trouve 3...mais au reboot il ne redemarre pas ? VundoFix V6.1.5 Checking Java version... Scan started at 12:20:37 2006-09-13 Listing files found while scanning.... C:\WINDOWS\system32\pmkjk.dll C:\WINDOWS\system32\kjkmp.ini C:\WINDOWS\system32\kjkmp.bak1 C:\Program Files\Fichiers communs\{1C6D34EB-0CBC-1036-0103-050930040002}\services.dll Beginning removal... Attempting to delete C:\WINDOWS\system32\pmkjk.dll C:\WINDOWS\system32\pmkjk.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\kjkmp.ini C:\WINDOWS\system32\kjkmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\kjkmp.bak1 C:\WINDOWS\system32\kjkmp.bak1 Has been deleted! Attempting to delete C:\Program Files\Fichiers communs\{1C6D34EB-0CBC-1036-0103-050930040002}\services.dll C:\Program Files\Fichiers communs\{1C6D34EB-0CBC-1036-0103-050930040002}\services.dll Has been deleted! Performing Repairs to the registry. Done! VundoFix V6.1.5 Checking Java version... Scan started at 12:27:52 2006-09-13 Listing files found while scanning.... C:\WINDOWS\system32\pmkjk.dll C:\WINDOWS\system32\kjkmp.ini C:\WINDOWS\system32\kjkmp.bak1 Beginning removal... Attempting to delete C:\WINDOWS\system32\pmkjk.dll C:\WINDOWS\system32\pmkjk.dll Could not be deleted. Attempting to delete C:\WINDOWS\system32\kjkmp.ini C:\WINDOWS\system32\kjkmp.ini Has been deleted! Attempting to delete C:\WINDOWS\system32\kjkmp.bak1 C:\WINDOWS\system32\kjkmp.bak1 Has been deleted! Performing Repairs to the registry. Done! Logfile of HijackThis v1.99.1 Scan saved at 12:46:07, on 2006-09-13 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Messenger\msmsgs.exe C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe F:\Program Files\ewido anti-spyware 4.0\guard.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe F:\Program Files\Hijackthis Version Française\Guy.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.canoe.com/index.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {C01D2BF8-12A7-408D-B59D-7CA5C44C3CEF} - C:\WINDOWS\system32\pmkjk.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKCU\..\Run: [winsys] C:\WINDOWS\system32\msmsgs.exe O4 - HKCU\..\Run: [Lsepr] C:\WINDOWS\s?curity\?serinit.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing) O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe @ +
  19. Guy du Québec
    salut Régis ....voici mon rapport panda ...outch !.... Incident Statut Analyse Outil indésirable:application/need2find No Désinfecté hkey_current_user\software\Need2Find Outil indésirable:application/altnet No Désinfecté hkey_local_machine\software\microsoft\windows\currentversion\app management\arpcache\AltnetDM Adware:adware/sidesearch No Désinfecté Registre Windows Outil indésirable:application/winantivirus2006 No Désinfecté hkey_local_machine\software\microsoft\windows\currentversion\run\WinAntiVirusPro2006 Spyware:Cookie/Hbmediapro No Désinfecté C:\Documents and Settings\Guy\Application Data\Mozilla\Firefox\Profiles\j6xay21k.default\cookies.txt[.adopt.hbmediapro.com/] Spyware:Cookie/Xiti No Désinfecté C:\Documents and Settings\Guy\Cookies\guy@xiti[1].txt Spyware:Spyware/Virtumonde No Désinfecté C:\Program Files\Fichiers communs\{1C6D34EB-0CBC-1036-0103-050930040002}\services.dll Adware:Adware/SystemDoctor No Désinfecté C:\WINDOWS\system32\cfxlkurn.exe Outil indésirable:Application/Processor No Désinfecté C:\WINDOWS\system32\Process.exe Outil indésirable:Application/Processor No Désinfecté E:\Fichiers d'installations\HijackThis\SmitfraudFix\SmitfraudFix\Process.exe Outil indésirable:Application/Processor
  20. Guy du Québec
    salut Régis ca va moi non ! je ne sais pas ce que je fais de mal ? surement quelques chose car ca reviens toujours...grrrrr la seul chose que j ai été oubliger de faire c est avec killbox ...les supprimer 1 a 1 car le coller de tous ne fonctionnaient pas ...j espere que c est ok ? Logfile of HijackThis v1.99.1 Scan saved at 23:15:46, on 2006-09-12 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe F:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe F:\Program Files\ewido anti-spyware 4.0\guard.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe F:\Program Files\Hijackthis Version Française\Guy.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.canoe.com/index.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {45258424-9046-44CE-9A8B-DECEE57B59D9} - C:\WINDOWS\system32\pmkjk.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKCU\..\Run: [winsys] C:\WINDOWS\system32\msmsgs.exe O4 - HKCU\..\Run: [Lsepr] C:\WINDOWS\s?curity\?serinit.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll O20 - Winlogon Notify: winpdc32 - winpdc32.dll (file missing) O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe et --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 23:12:16 2006-09-12 + Scan result: C:\WINDOWS\system32\mljjiii.dll -> Adware.Virtumionde : Cleaned with backup (quarantined). C:\WINDOWS\system32\cfxlkurn.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\!KillBox\winpdc32.dll -> Trojan.Small : Cleaned with backup (quarantined). C:\WINDOWS\system32\winpdc32.dll -> Trojan.Small : Cleaned with backup (quarantined). ::Report end @+
  21. Guy du Québec
    chose que j ai remarque avec ewido ....il a detedté 8 infections mais seulement 4 etaient apparentes ?
  22. Guy du Québec
    et finalement ... SmitFraudFix v2.84 Rapport fait à 15:52:05,51, 2006-09-12 Executé à partir de E:\Fichiers d'installations\HijackThis\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» Avant SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Arret des processus »»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix GenericRenosFix by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Suppression des fichiers infectés C:\WINDOWS\system32\ishost.exe supprimé C:\WINDOWS\system32\ismini.exe supprimé C:\WINDOWS\system32\issearch.exe supprimé C:\WINDOWS\system32\ixt?.dll supprimé C:\WINDOWS\system32\ot.ico supprimé C:\WINDOWS\system32\ts.ico supprimé C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url supprimé C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url supprimé C:\DOCUME~1\Guy\Favoris\Antivirus Test Online.url supprimé C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url supprimé C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url supprimé C:\Program Files\Safety Bar\ supprimé »»»»»»»»»»»»»»»»»»»»»»»» Suppression Fichiers Temporaires »»»»»»»»»»»»»»»»»»»»»»»» Nettoyage du registre Nettoyage terminé. »»»»»»»»»»»»»»»»»»»»»»»» Après SmitFraudFix !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» Fin --------------------------------------------------------- ewido anti-spyware - Scan Report --------------------------------------------------------- + Created at: 16:08:28 2006-09-12 + Scan result: HKU\S-1-5-21-1715567821-842925246-839522115-1003\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{052B12F7-86FA-4921-8482-26C42316B522} -> Adware.Generic : Cleaned with backup (quarantined). C:\Program Files\ToolBar888 -> Adware.ToolBar888 : Cleaned with backup (quarantined). C:\Program Files\ToolBar888\Activate.exe -> Adware.ToolBar888 : Cleaned with backup (quarantined). C:\Program Files\ToolBar888\MyToolBar.dll -> Adware.ToolBar888 : Cleaned with backup (quarantined). C:\Program Files\ToolBar888\Uninst.exe -> Adware.ToolBar888 : Cleaned with backup (quarantined). C:\WINDOWS\system32\cfxlkurn.exe -> Not-A-Virus.Downloader.Win32.WinFixer.r : Ignored. C:\Program Files\Fichiers communs\{1C6D34EB-0CBC-1036-0103-050930040002}\Update.exe -> Trojan.Starter.65 : Cleaned with backup (quarantined). [1404] C:\Program Files\Fichiers communs\{1C6D34EB-0CBC-1036-0103-050930040002}\Update.exe -> Trojan.Starter.65 : Error during cleaning. ::Report end Logfile of HijackThis v1.99.1 Scan saved at 16:15:53, on 2006-09-12 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe F:\Program Files\ewido anti-spyware 4.0\guard.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe C:\Program Files\QuickTime\qttask.exe F:\Program Files\ewido anti-spyware 4.0\ewido.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Internet Explorer\iexplore.exe C:\WINDOWS\system32\wuauclt.exe F:\Program Files\Hijackthis Version Française\Guy.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.canoe.com/index.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: (no name) - {938F0877-8904-4651-8DDD-D7DB2499D473} - C:\WINDOWS\system32\pmkjk.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll (file missing) O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing) O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll (file missing) O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKCU\..\Run: [winsys] C:\WINDOWS\system32\msmsgs.exe O4 - HKCU\..\Run: [Lsepr] C:\WINDOWS\s?curity\?serinit.exe O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll O20 - Winlogon Notify: winpdc32 - C:\WINDOWS\SYSTEM32\winpdc32.dll O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe
  23. Guy du Québec
    salut voici le 1 er rapport smitfraudfix... SmitFraudFix v2.84 Rapport fait à 15:21:46,34, 2006-09-12 Executé à partir de E:\Fichiers d'installations\HijackThis\SmitfraudFix\SmitfraudFix OS: Microsoft Windows XP [version 5.1.2600] - Windows_NT Fix executé en mode normal »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32 C:\WINDOWS\system32\ishost.exe PRESENT ! C:\WINDOWS\system32\ismini.exe PRESENT ! C:\WINDOWS\system32\issearch.exe PRESENT ! C:\WINDOWS\system32\ixt?.dll PRESENT ! C:\WINDOWS\system32\ixt??.dll PRESENT ! C:\WINDOWS\system32\ot.ico PRESENT ! C:\WINDOWS\system32\ts.ico PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\WINDOWS\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Documents and Settings\Guy\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Menu Démarrer C:\DOCUME~1\ALLUSE~1\MENUDM~1\Online Security Guide.url PRESENT ! C:\DOCUME~1\ALLUSE~1\MENUDM~1\Security Troubleshooting.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\DOCUME~1\Guy\Favoris C:\DOCUME~1\Guy\Favoris\Antivirus Test Online.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Bureau C:\DOCUME~1\ALLUSE~1\Bureau\Online Security Guide.url PRESENT ! C:\DOCUME~1\ALLUSE~1\Bureau\Security Troubleshooting.url PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files C:\Program Files\Safety Bar\ PRESENT ! »»»»»»»»»»»»»»»»»»»»»»»» Clés corrompues »»»»»»»»»»»»»»»»»»»»»»»» Eléments du bureau »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, les clés qui suivent ne sont pas forcément infectées!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" »»»»»»»»»»»»»»»»»»»»»»»» Recherche infection wininet.dll »»»»»»»»»»»»»»»»»»»»»»»» Fin @ +
  24. Guy du Québec
    salut Régis ... ben du courage il m en reste pas tellement ....lol ...mais je vais passer au travers ! avant de te faire mes deux rapports, juste te dire que tout allais bien depuis 3 jours ..ma page de démarrage était revenu ...ce matin surprise deux raccourci s installe sur mon bureau et ma page de démarrage n est plus ok .... c est de la security online les raccourcis ...je pleurais presque ...lol au moins mon pc fonctionnent encore , c est donc que je me suis controlé !...lol C:\WINDOWS\System32\kjkmp.ini -->2006-09-12 13:18:37 C:\WINDOWS\System32\kjkmp.bak1 -->2006-09-12 13:17:03 C:\WINDOWS\System32\pmkjk.dll -->2006-09-12 13:16:56 C:\WINDOWS\System32\ts.ico -->2006-09-12 13:03:03 C:\WINDOWS\System32\ot.ico -->2006-09-12 13:03:03 C:\WINDOWS\System32\ixt0.dll -->2006-09-12 13:03:03 C:\WINDOWS\System32\issearch.exe -->2006-09-12 13:03:03 C:\WINDOWS\System32\ismini.exe -->2006-09-12 13:01:10 C:\WINDOWS\System32\ishost.exe -->2006-09-12 13:01:10 C:\WINDOWS\System32\mljjiii.dll -->2006-09-12 13:01:06 C:\WINDOWS\System32\jpicpl32.cpl -->2006-09-11 16:01:23 C:\WINDOWS\System32\javaws.exe -->2006-09-11 16:01:23 C:\WINDOWS\System32\javaw.exe -->2006-09-11 16:01:23 C:\WINDOWS\System32\java.exe -->2006-09-11 16:01:23 C:\WINDOWS\System32\asfiles.txt -->2006-09-09 15:07:47 C:\WINDOWS\System32\Uninstall.ico -->2006-09-09 15:04:41 C:\WINDOWS\System32\pavas.ico -->2006-09-09 15:04:41 C:\WINDOWS\System32\Help.ico -->2006-09-09 15:04:41 C:\WINDOWS\System32\nvapps.xml -->2006-09-09 12:04:49 C:\WINDOWS\System32\d3d9caps.dat -->2006-09-08 19:00:32 C:\WINDOWS\System32\PerfStringBackup.INI -->2006-09-06 14:35:29 C:\WINDOWS\System32\perfh00C.dat -->2006-09-06 14:35:29 C:\WINDOWS\System32\perfh009.dat -->2006-09-06 14:35:29 C:\WINDOWS\System32\perfc00C.dat -->2006-09-06 14:35:29 C:\WINDOWS\System32\perfc009.dat -->2006-09-06 14:35:29 C:\WINDOWS\0.log -->2006-09-12 12:53:19 C:\WINDOWS\wiadebug.log -->2006-09-12 12:53:17 C:\WINDOWS\WindowsUpdate.log -->2006-09-12 12:53:15 C:\WINDOWS\wiaservc.log -->2006-09-12 12:53:14 C:\WINDOWS\bootstat.dat -->2006-09-12 12:53:03 C:\WINDOWS\SchedLgU.Txt -->2006-09-12 02:11:39 C:\WINDOWS\setupact.log -->2006-09-12 00:48:03 C:\WINDOWS\setupapi.log -->2006-09-11 19:16:08 C:\WINDOWS\PhotoSnapViewer.INI -->2006-09-11 15:41:42 C:\WINDOWS\NeroDigital.ini -->2006-09-11 02:48:25 C:\WINDOWS\QTFont.qfn -->2006-09-10 17:40:40 C:\WINDOWS\win.ini -->2006-09-09 15:07:25 C:\WINDOWS\system.ini -->2006-09-09 14:48:56 C:\WINDOWS\EventSystem.log -->2006-09-09 12:45:14 C:\WINDOWS\lexstat.ini -->2006-09-08 14:10:26 C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe |30/05/2006 10:09:12 C:\WINDOWS\UninstallFirefox.exe |04/04/2006 08:35:13 C:\WINDOWS\usenext-3.8.exe |15/06/2006 08:37:57 C:\WINDOWS\system32\append.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\cfxlkurn.exe |29/08/2006 15:46:53 C:\WINDOWS\system32\ChCfg.exe |20/11/2005 21:16:09 C:\WINDOWS\system32\debug.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\dosx.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\dvdplay.exe |23/08/2001 13:47:34 C:\WINDOWS\system32\edlin.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\exe2bin.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\fastopen.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\INSTMON.EXE |23/01/2006 11:01:46 C:\WINDOWS\system32\ishost.exe |12/09/2006 13:01:10 C:\WINDOWS\system32\ismini.exe |12/09/2006 13:01:10 C:\WINDOWS\system32\issearch.exe |12/09/2006 13:03:03 C:\WINDOWS\system32\LXBMIH.EXE |23/01/2006 11:01:50 C:\WINDOWS\system32\mem.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\moveex.exe |08/09/2006 08:18:52 C:\WINDOWS\system32\mscdexnt.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\nlsfunc.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\nw16.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\reboot.exe |08/09/2006 08:18:52 C:\WINDOWS\system32\redir.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\setver.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\share.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\swsc.exe |07/09/2006 22:51:38 C:\WINDOWS\system32\vwipxspx.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\amstream.dll |28/08/2001 08:00:00 C:\WINDOWS\system32\ASUSASV2.DLL |14/12/2000 23:09:48 C:\WINDOWS\system32\ATKCheckDispIDs.dll |04/11/2005 18:12:49 C:\WINDOWS\system32\ATKOSDMini.DLL |04/11/2005 18:12:49 C:\WINDOWS\system32\BASSMOD.dll |30/01/2006 18:16:03 C:\WINDOWS\system32\compatui.dll |28/08/2001 08:00:00 C:\WINDOWS\system32\encdec.dll |04/11/2005 15:33:29 C:\WINDOWS\system32\ieencode.dll |04/11/2005 15:33:28 C:\WINDOWS\system32\ir32_32.dll |28/08/2001 08:00:00 C:\WINDOWS\system32\ixt0.dll |12/09/2006 13:03:03 C:\WINDOWS\system32\LXBMLCNP.DLL |23/01/2006 11:01:45 C:\WINDOWS\system32\lxbmvs.dll |23/01/2006 11:05:25 C:\WINDOWS\system32\LXBRPMON.DLL |23/01/2006 11:06:55 C:\WINDOWS\system32\LXBRPMUI.DLL |23/01/2006 11:06:55 C:\WINDOWS\system32\mljjiii.dll |12/09/2006 13:01:06 C:\WINDOWS\system32\msdmo.dll |28/08/2001 08:00:00 C:\WINDOWS\system32\msencode.dll |28/08/2001 08:00:00 C:\WINDOWS\system32\NavLogon.dll |21/05/2003 00:19:00 C:\WINDOWS\system32\paqsp.dll |23/08/2001 13:47:16 C:\WINDOWS\system32\pmkjk.dll |12/09/2006 13:16:54 C:\WINDOWS\system32\qedwipes.dll |28/08/2001 08:00:00 C:\WINDOWS\system32\qt-mt331.dll |26/10/2004 18:39:05 C:\WINDOWS\system32\sbe.dll |04/11/2005 15:33:27 C:\WINDOWS\system32\scriptpw.dll |28/08/2001 08:00:00 C:\WINDOWS\system32\tsd32.dll |28/08/2001 08:00:00 C:\WINDOWS\system32\win87em.dll |28/08/2001 08:00:00 C:\WINDOWS\system32\winpdc32.dll |29/08/2006 15:41:09 C:\WINDOWS\system32\xvidcore.dll |28/07/2006 22:30:13 C:\WINDOWS\system32\xvidvfw.dll |28/07/2006 22:30:11 C:\WINDOWS\system32\ZPORT4AS.dll |09/09/2006 15:05:16 C:\WINDOWS\bwUnin-6.1.4.68-8876480L.exe |30/05/2006 10:09:12 C:\WINDOWS\UninstallFirefox.exe |04/04/2006 08:35:13 C:\WINDOWS\usenext-3.8.exe |15/06/2006 08:37:57 C:\WINDOWS\system32\append.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\cfxlkurn.exe |29/08/2006 15:46:53 C:\WINDOWS\system32\ChCfg.exe |20/11/2005 21:16:09 C:\WINDOWS\system32\debug.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\dosx.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\edlin.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\exe2bin.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\fastopen.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\INSTMON.EXE |23/01/2006 11:01:46 C:\WINDOWS\system32\ishost.exe |12/09/2006 13:01:10 C:\WINDOWS\system32\ismini.exe |12/09/2006 13:01:10 C:\WINDOWS\system32\issearch.exe |12/09/2006 13:03:03 C:\WINDOWS\system32\LXBMIH.EXE |23/01/2006 11:01:50 C:\WINDOWS\system32\mem.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\moveex.exe |08/09/2006 08:18:52 C:\WINDOWS\system32\mscdexnt.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\nlsfunc.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\nw16.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\reboot.exe |08/09/2006 08:18:52 C:\WINDOWS\system32\redir.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\setver.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\share.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\SrchSTS.exe |07/09/2006 22:51:38 C:\WINDOWS\system32\swsc.exe |07/09/2006 22:51:38 C:\WINDOWS\system32\vwipxspx.exe |28/08/2001 08:00:00 C:\WINDOWS\system32\amstream.dll |28/08/2001 08:00:00 C:\WINDOWS\system32\ASUSASV2.DLL |14/12/2000 23:09:48 C:\WINDOWS\system32\BASSMOD.dll |30/01/2006 18:16:03 C:\WINDOWS\system32\encdec.dll |04/11/2005 15:33:29 C:\WINDOWS\system32\ieencode.dll |04/11/2005 15:33:28 C:\WINDOWS\system32\ir32_32.dll |28/08/2001 08:00:00 C:\WINDOWS\system32\ixt0.dll |12/09/2006 13:03:03 C:\WINDOWS\system32\LXBMLCNP.DLL |23/01/2006 11:01:45 C:\WINDOWS\system32\lxbmvs.dll |23/01/2006 11:05:25 C:\WINDOWS\system32\LXBRPMON.DLL |23/01/2006 11:06:55 C:\WINDOWS\system32\LXBRPMUI.DLL |23/01/2006 11:06:55 C:\WINDOWS\system32\mljjiii.dll |12/09/2006 13:01:06 C:\WINDOWS\system32\msdmo.dll |28/08/2001 08:00:00 C:\WINDOWS\system32\msencode.dll |28/08/2001 08:00:00 C:\WINDOWS\system32\NavLogon.dll |21/05/2003 00:19:00 C:\WINDOWS\system32\pmkjk.dll |12/09/2006 13:16:54 C:\WINDOWS\system32\qedwipes.dll |28/08/2001 08:00:00 C:\WINDOWS\system32\qt-mt331.dll |26/10/2004 18:39:05 C:\WINDOWS\system32\sbe.dll |04/11/2005 15:33:27 C:\WINDOWS\system32\tsd32.dll |28/08/2001 08:00:00 C:\WINDOWS\system32\win87em.dll |28/08/2001 08:00:00 C:\WINDOWS\system32\winpdc32.dll |29/08/2006 15:41:09 C:\WINDOWS\system32\xvidcore.dll |28/07/2006 22:30:13 C:\WINDOWS\system32\xvidvfw.dll |28/07/2006 22:30:11 C:\WINDOWS\system32\ZPORT4AS.dll |09/09/2006 15:05:16 Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 1C6D-34EB Répertoire de C:\WINDOWS\system32 2004-08-19 17:09 6 144 csrss.exe 1 fichier(s) 6 144 octets 0 Rép(s) 14 781 902 848 octets libres Contenu de Downloaded Program Files Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 1C6D-34EB Répertoire de C:\WINDOWS\Downloaded Program Files 2006-09-12 12:52 <REP> . 2006-09-12 12:52 <REP> .. 2006-04-11 17:10 135 168 asinst.dll 2006-04-03 11:00 537 asinst.inf 2005-11-04 15:21 65 desktop.ini 2006-03-02 15:40 1 271 erma.inf 2004-09-15 10:20 740 jinstall-1_5_0.inf 2000-01-20 16:25 1 162 Microsoft XML Parser for Java.osd 2005-06-30 16:19 227 MsnMessengerSetupDownloader.inf 2005-08-14 01:26 113 664 MsnMessengerSetupDownloader.ocx 2006-04-20 09:24 313 SpyMD.inf 2006-03-27 13:00 5 019 swflash.inf 2002-05-15 02:25 538 Yahoo! Blackjack.osd 2003-07-15 21:58 536 Yahoo! Cribbage.osd 2003-07-15 21:54 532 Yahoo! Euchre.osd 2003-06-03 16:18 538 Yahoo! Graffiti.osd 2003-07-15 20:45 532 Yahoo! Hearts.osd 2004-12-17 09:55 530 Yahoo! Poker.osd 2006-04-10 15:48 1 195 Yahoo! Pool 2.osd 2002-07-18 03:16 532 Yahoo! Spades.osd 18 fichier(s) 263 099 octets Total des fichiers listés : 18 fichier(s) 263 099 octets 2 Rép(s) 14 781 902 848 octets libres Liste des programmes installes ABIT uGuru Ad-Aware SE Professional Adobe Download Manager 2.0 (Supprimer uniquement) Adobe Flash Player 9 ActiveX Adobe Reader 7.0.8 - Français Adobe® Photoshop® Album Edition Découverte 3.0 Archiveur WinRAR ASUS Enhanced Display Driver ASUS GameFace Live ASUS GameFace Live ASUS SmartDoctor ASUS SmartDoctor ASUS Utilities ASUS Utilities ASUS Video Security ASUS Video Security AutoUpdate BitSpirit v3.1.0.077 Stable Release BulletProof FTP Server (remove only) CC_ccProxyExt ccCommon ccPxyCore Commande ECHO désactivée. ConvertXtoDVD 2.0.8 Correctif Windows XP - KB873339 Correctif Windows XP - KB885250 Correctif Windows XP - KB885835 Correctif Windows XP - KB885836 Correctif Windows XP - KB886185 Correctif Windows XP - KB887472 Correctif Windows XP - KB887742 Correctif Windows XP - KB888113 Correctif Windows XP - KB888302 Correctif Windows XP - KB890859 Correctif Windows XP - KB891781 DivX DivX Player DVD Decrypter (Remove Only) DVD Shrink 3.2 dvdSanta 4.00 EasyCleaner ewido anti-spyware 4.0 HaxFix 4.14 High Definition Audio Driver Package - KB835221 High Definition Audio Driver Package - KB888111 HijackThis 1.99.1 Hijackthis Version Française IrfanView (remove only) J2SE Runtime Environment 5.0 L'extensionnaire 1.0 Language pack for Ad-Aware SE Lecteur Windows Media 10 Lexmark 4200 Series Lexmark Fax Solutions Logitech SetPoint Macromedia Shockwave Player MediaLife Microsoft .NET Framework 1.1 Microsoft Office Professional Edition 2003 Mise à jour de sécurité pour Lecteur Windows Media (KB911564) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB911565) Mise à jour de sécurité pour Lecteur Windows Media 10 (KB917734) Mise à jour de sécurité pour Windows XP (KB890046) Mise à jour de sécurité pour Windows XP (KB893066) Mise à jour de sécurité pour Windows XP (KB893756) Mise à jour de sécurité pour Windows XP (KB896358) Mise à jour de sécurité pour Windows XP (KB896422) Mise à jour de sécurité pour Windows XP (KB896423) Mise à jour de sécurité pour Windows XP (KB896424) Mise à jour de sécurité pour Windows XP (KB896428) Mise à jour de sécurité pour Windows XP (KB896688) Mise à jour de sécurité pour Windows XP (KB899587) Mise à jour de sécurité pour Windows XP (KB899589) Mise à jour de sécurité pour Windows XP (KB899591) Mise à jour de sécurité pour Windows XP (KB900725) Mise à jour de sécurité pour Windows XP (KB901017) Mise à jour de sécurité pour Windows XP (KB901214) Mise à jour de sécurité pour Windows XP (KB902400) Mise à jour de sécurité pour Windows XP (KB904706) Mise à jour de sécurité pour Windows XP (KB905414) Mise à jour de sécurité pour Windows XP (KB905749) Mise à jour de sécurité pour Windows XP (KB905915) Mise à jour de sécurité pour Windows XP (KB908519) Mise à jour de sécurité pour Windows XP (KB908531) Mise à jour de sécurité pour Windows XP (KB911280) Mise à jour de sécurité pour Windows XP (KB911562) Mise à jour de sécurité pour Windows XP (KB911567) Mise à jour de sécurité pour Windows XP (KB911927) Mise à jour de sécurité pour Windows XP (KB912812) Mise à jour de sécurité pour Windows XP (KB912919) Mise à jour de sécurité pour Windows XP (KB913446) Mise à jour de sécurité pour Windows XP (KB913580) Mise à jour de sécurité pour Windows XP (KB914388) Mise à jour de sécurité pour Windows XP (KB914389) Mise à jour de sécurité pour Windows XP (KB916281) Mise à jour de sécurité pour Windows XP (KB917159) Mise à jour de sécurité pour Windows XP (KB917344) Mise à jour de sécurité pour Windows XP (KB917422) Mise à jour de sécurité pour Windows XP (KB917953) Mise à jour de sécurité pour Windows XP (KB918439) Mise à jour de sécurité pour Windows XP (KB918899) Mise à jour de sécurité pour Windows XP (KB920214) Mise à jour de sécurité pour Windows XP (KB920670) Mise à jour de sécurité pour Windows XP (KB920683) Mise à jour de sécurité pour Windows XP (KB921398) Mise à jour de sécurité pour Windows XP (KB921883) Mise à jour de sécurité pour Windows XP (KB922616) Mise à jour pour Windows XP (KB894391) Mise à jour pour Windows XP (KB898461) Mise à jour pour Windows XP (KB900485) Mise à jour pour Windows XP (KB910437) Mise à jour pour Windows XP (KB916595) Mozilla Firefox (1.5) MSN Messenger 7.5 Nero 7 Premium NVIDIA Drivers Panda ActiveScan PowerDVD QuickTime QuickTime REALTEK GbE & FE Ethernet PCI NIC Driver Realtek High Definition Audio Driver Safety Bar Solutions de télécopie Lexmark 4200 Series Spybot - Search & Destroy 1.4 Symantec AntiVirus Client ToolBar888 WebFldrs XP Windows Genuine Advantage v1.3.0254.0 Windows Genuine Advantage Validation Tool (KB892130) Windows Installer 3.1 (KB893803) Windows Media Format Runtime Windows XP Service Pack 2 WinISO 5.3 XviD 1.1 final uninstall Yahoo! Messenger Yahoo! Toolbar Yahoo! Toolbar avec bloqueur de fenêtres pop-up Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 1C6D-34EB Répertoire de C:\Program Files 2006-09-12 13:03 <REP> . 2006-09-12 13:03 <REP> .. 2005-11-04 16:36 <REP> ABIT 2006-07-03 16:13 <REP> Adobe 2005-11-19 16:14 <REP> Alcohol Soft 2005-11-04 18:18 <REP> ASUS 2005-11-04 18:15 <REP> ASUSTeK 2006-05-15 09:07 <REP> BitComet 2006-05-15 09:11 <REP> BitSpirit 2006-09-09 13:26 <REP> BPFTP Server 2006-01-17 20:44 <REP> CyberLink 2006-06-12 08:55 <REP> DAEMON Tools 2005-11-14 09:40 <REP> DivX 2006-06-12 14:25 <REP> djengo 2006-08-31 21:53 <REP> DVD Decrypter 2006-09-03 23:04 <REP> DVD Shrink 2006-05-08 17:18 <REP> dvdSanta 2006-09-11 16:00 <REP> Fichiers communs 2006-09-08 11:23 <REP> HaxFix 2005-11-04 16:28 <REP> Intel 2006-09-11 16:05 <REP> Internet Explorer 2006-06-27 13:07 <REP> IrfanView 2006-09-11 16:01 <REP> Java 2006-06-15 08:24 <REP> Kazaa 2006-06-13 09:20 <REP> Kazaa Lite K++ 2006-08-23 13:37 <REP> Lavasoft 2006-09-09 15:07 <REP> Lexmark 4200 Series 2006-08-29 20:28 <REP> Logitech 2006-09-09 15:07 <REP> Messenger 2006-01-10 13:36 <REP> Microsoft ActiveSync 2005-11-04 15:22 <REP> microsoft frontpage 2006-03-14 03:01 <REP> Microsoft Office 2005-11-04 15:33 <REP> Movie Maker 2005-11-04 15:19 <REP> MSN 2005-11-04 15:19 <REP> MSN Gaming Zone 2006-05-29 23:30 <REP> MSN Messenger 2006-01-31 15:55 <REP> Nero 2005-11-04 15:32 <REP> NetMeeting 2006-04-14 02:52 <REP> Outlook Express 2006-09-09 13:26 <REP> PowerISO 2006-09-09 15:07 <REP> QuickTime 2006-09-06 09:18 <REP> Realtek 2006-09-12 13:03 <REP> Safety Bar 2006-09-07 08:48 <REP> Symantec 2006-09-06 14:55 <REP> Symantec_Client_Security 2006-09-12 13:01 <REP> ToolBar888 2006-09-11 17:18 <REP> Trend Micro 2006-03-08 14:21 <REP> vso 2006-03-06 12:06 <REP> Windows Media Player 2005-11-04 15:32 <REP> Windows NT 2006-01-19 15:51 <REP> WinISO 2006-09-09 15:07 <REP> WinRAR 2005-11-04 15:22 <REP> xerox 2006-07-28 22:30 <REP> XviD 2006-07-03 16:12 <REP> Yahoo! 0 fichier(s) 0 octets 55 Rép(s) 14 781 894 656 octets libres Le volume dans le lecteur C n'a pas de nom. Le numéro de série du volume est 1C6D-34EB Répertoire de C:\Program Files\fichiers communs 2006-09-11 16:00 <REP> . 2006-09-11 16:00 <REP> .. 2006-07-03 16:10 <REP> Adobe 2006-01-31 15:55 <REP> Ahead 2006-01-10 13:36 <REP> DESIGNER 2005-11-04 18:11 <REP> InstallShield 2006-09-11 16:00 <REP> Java 2006-05-30 10:06 <REP> Logitech 2006-03-14 03:01 <REP> Microsoft Shared 2005-11-04 15:20 <REP> MSSoap 2005-11-04 08:47 <REP> ODBC 2005-11-04 15:20 <REP> Services 2005-11-04 08:47 <REP> SpeechEngines 2006-09-09 15:07 <REP> Symantec Shared 2006-04-14 02:52 <REP> System 2006-09-12 13:01 <REP> {1C6D34EB-0CBC-1036-0103-050930040002} 0 fichier(s) 0 octets 16 Rép(s) 14 781 894 656 octets libres c:\Documents and Settings\Guy\.housecall6.6\getMac.exe c:\Documents and Settings\Guy\.housecall6.6\patch.exe c:\Documents and Settings\Guy\.housecall6.6\tsc.exe c:\Documents and Settings\Guy\Application Data\Microsoft\Internet Explorer\Quick Launch\chandelles\2006cdMaster.exe c:\Documents and Settings\Guy\Application Data\Microsoft\Internet Explorer\Quick Launch\chandelles\Denise McInerney.exe c:\Documents and Settings\Guy\Application Data\Microsoft\Internet Explorer\Quick Launch\chandelles\2006CD\START.exe c:\Documents and Settings\All Users\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll c:\Documents and Settings\Guy\Application Data\Microsoft\IdentityCRL\ppcrlconfig.dll et ... Logfile of HijackThis v1.99.1 Scan saved at 13:23:09, on 2006-09-12 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\csrss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE C:\WINDOWS\Explorer.EXE C:\WINDOWS\SOUNDMAN.EXE C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe C:\Program Files\QuickTime\qttask.exe C:\Program Files\Lexmark 4200 Series\lxbmbmon.exe C:\Program Files\Messenger\msmsgs.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe C:\WINDOWS\ATKKBService.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe F:\Program Files\ewido anti-spyware 4.0\guard.exe C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe C:\WINDOWS\system32\nvsvc32.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\wdfmgr.exe C:\WINDOWS\system32\wscntfy.exe C:\WINDOWS\System32\alg.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\mspaint.exe C:\WINDOWS\system32\ishost.exe C:\WINDOWS\system32\ismini.exe C:\WINDOWS\system32\issearch.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe F:\Program Files\Hijackthis Version Française\Guy.EXE R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www2.canoe.com/index.html O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll O2 - BHO: (no name) - {2C3D8E91-FAFA-4903-9C6F-75510174FA56} - C:\WINDOWS\system32\pmkjk.dll O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - F:\PROGRA~1\SPYBOT~1\SDHelper.dll O2 - BHO: CNisExtBho Class - {9ECB9560-04F9-4bbc-943D-298DDF1699E1} - C:\Program Files\Fichiers communs\Symantec Shared\AdBlocking\NISShExt.dll O2 - BHO: (no name) - {a43385f0-7113-496d-96d7-b9b550e3fcca} - C:\WINDOWS\system32\ixt0.dll O2 - BHO: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll O3 - Toolbar: ToolBar888 - {CBCC61FA-0221-4ccc-B409-CEE865CACA3A} - C:\Program Files\ToolBar888\MyToolBar.dll O3 - Toolbar: Safety Bar - {052b12f7-86fa-4921-8482-26c42316b522} - C:\Program Files\Safety Bar\SafetyBar.dll O4 - HKLM\..\Run: [soundMan] SOUNDMAN.EXE O4 - HKLM\..\Run: [Lexmark 4200 Series] "C:\Program Files\Lexmark 4200 Series\lxbmbmgr.exe" O4 - HKLM\..\Run: [FaxCenterServer4_in_1] "C:\Program Files\Lexmark 4200 Series\Fax\fm3032.exe" /s O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE O4 - HKLM\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKLM\..\Run: [WinAntiVirusPro2006] C:\Program Files\WinAntiVirus Pro 2006\winav.exe /min O4 - HKCU\..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\ypager.exe -quiet O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [AWMON] "C:\Program Files\Lavasoft\Ad-Aware SE Professional\Ad-Watch.exe" O4 - HKCU\..\Run: [startkey] C:\WINDOWS\system32\explorer..exe O4 - HKCU\..\Run: [winsys] C:\WINDOWS\system32\msmsgs.exe O4 - HKCU\..\Run: [Lsepr] C:\WINDOWS\s?curity\?serinit.exe O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Télécharger avec &BitSpirit - C:\Program Files\BitSpirit\bsurl.htm O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0\bin\npjpi150.dll O9 - Extra button: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra 'Tools' menuitem: Yahoo! Messenger - {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe O16 - DPF: Yahoo! Blackjack - http://download.games.yahoo.com/games/clients/y/jt0_x.cab O16 - DPF: Yahoo! Cribbage - http://download.games.yahoo.com/games/clients/y/it1_x.cab O16 - DPF: Yahoo! Euchre - http://download.games.yahoo.com/games/clients/y/et1_x.cab O16 - DPF: Yahoo! Graffiti - http://download.games.yahoo.com/games/clients/y/grt5_x.cab O16 - DPF: Yahoo! Hearts - http://download.games.yahoo.com/games/clients/y/ht1_x.cab O16 - DPF: Yahoo! Poker - http://download.games.yahoo.com/games/clients/y/pt3_x.cab O16 - DPF: Yahoo! Pool 2 - http://download.games.yahoo.com/games/clients/y/potg_x.cab O16 - DPF: Yahoo! Spades - http://download.games.yahoo.com/games/clients/y/st2_x.cab O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab O16 - DPF: {B1826A9F-4AA0-4510-BA77-9013E74E4B9B} - http://www.trendmicro.com/spyware-scan/as4web.cab O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing) O20 - Winlogon Notify: pmkjk - C:\WINDOWS\system32\pmkjk.dll O20 - Winlogon Notify: winpdc32 - C:\WINDOWS\SYSTEM32\winpdc32.dll O21 - SSODL: incestuously - {03413bf7-e34c-445b-bfc0-a2b127255871} - (no file) O23 - Service: ATK Keyboard Service (ATKKeyboardService) - ASUSTeK COMPUTER INC. - C:\WINDOWS\ATKKBService.exe O23 - Service: DefWatch - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\DefWatch.exe O23 - Service: ewido anti-spyware 4.0 guard - Anti-Malware Development a.s. - F:\Program Files\ewido anti-spyware 4.0\guard.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE O23 - Service: Symantec AntiVirus Client (Norton AntiVirus Server) - Symantec Corporation - C:\PROGRA~1\SYMANT~1\SYMANT~1\Rtvscan.exe O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Fichiers communs\Symantec Shared\CCPD-LC\symlcsvc.exe wow des choses se sont rinstallé ! j ai pas été nul part durand nos procédure regis ..j aurais pas fait ca !
  25. Guy du Québec
    salut ok je vais t ecrire ce qu il a trouvé ... 1- troj_rootkit.cg 2- spyw_ppnetwork.b 3-crck_jbean.a 4-expl_udeath.100 5- adware_screensavers 6- adware_need2find 7- adware_bhot_rxtoolbar 8- adware_funwebproducts 9- freedloader_winfxer 10- adware_softomate 11- adware_virtumondo failles de securit detectées vulnerability in wordperfect converter ... buffer overrun in jpeg processing (gdi+) asp.net path validation vulnerability moi je suis ...tu es vraiment patient avec moi ...lol
×
×
  • Créer...