laur33

Bonjour! J'ai fait le scan Mbam (voir ci-dessous) Pour le 1er pb firefox, depuis 2 jours, je ne le vois plus! Je surveille encore un peu, mais j'ai l'impression que c'est sur la bonne voie. De plus, il ne bloque plus au bout de 5 mn (??!!) et ça zappe plus vite d'un onglet à l'autre. C'était quoi cette infection qu'a nettoyé combofix? A part quelques blocages de temps en temps de la navigation sur internet, j'ai l'impression que le PC est de nouveau fonctionnel. (ouf) Merci Thanos pour ton accompagnement et tes conseils. Vois-tu autre chose à faire qui vaille le coups ou pense tu qu'on peut clore le sujet? Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3739 Windows 5.1.2600 Service Pack 2 Internet Explorer 6.0.2900.2180 15/02/2010 08:28:21 mbam-log-2010-02-15 (08-28-21).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 479837 Temps écoulé: 3 hour(s), 45 minute(s), 26 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 0 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): (Aucun élément nuisible détecté)

Salut! j'ai (enfin) réussi à effectuer le scan combofix: voir le résultat ci-dessous. j'ai du l'effectuer en mode sans echec: en mode normal, après l'étape_3, le PC reboote tout seul, et je n'ai pas de résultats à récupérer. Pour le problème firefox (il se met à ramer au bout de quelques minutes), il existe également en mode sans échec, et également sur IE7. (??). autres problèmes, pas vraiment (un iaanotifier de temps en temps, mais je crois que ce doit être lié à la mauvaise réparation windows que j'ai faite au début de la semaine: le pb n'existait pas avant) résultat combofix: ComboFix 10-02-12.01 - laurent 14/02/2010 17:59:39.2.2 - x86 MINIMAL Microsoft Windows XP Professionnel 5.1.2600.2.1252.33.1036.18.2046.1754 [GMT 1:00] Lancé depuis: c:\documents and settings\laurent\Bureau\lauren.exe AV: BitDefender Antivirus *On-access scanning enabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB} FW: BitDefender Pare-feu *enabled* {4055920F-2E99-48A8-A270-4243D2B8F242} . (((((((((((((((((((((((((((((((((((( Autres suppressions )))))))))))))))))))))))))))))))))))))))))))))))) . . ---- Exécution préalable ------- . c:\documents and settings\laurent\Application Data\Desktopicon c:\documents and settings\laurent\Application Data\Desktopicon\eBay.ico c:\documents and settings\laurent\Application Data\Desktopicon\uninst.exe c:\program files\INSTALL.LOG C:\Thumbs.db c:\windows\system\oeminfo.ini c:\windows\system32\backuqkd.ini c:\windows\system32\ealregsnapshot1.reg c:\windows\system32\humonois.ini c:\windows\system32\JkUwyGgh.ini c:\windows\system32\JkUwyGgh.ini2 c:\windows\system32\logs c:\windows\system32\rhrowqxx.ini . ((((((((((((((((((((((((((((((((((((((( Pilotes/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . -------\Legacy_SROSA -------\Legacy_SSHNAS ((((((((((((((((((((((((((((( Fichiers créés du 2010-01-14 au 2010-02-14 )))))))))))))))))))))))))))))))))))) . 2012-06-05 23:05 . 2012-06-05 23:05 -------- d-----w- c:\program files\MSBuild 2012-06-05 23:05 . 2009-08-15 18:06 -------- d-----w- c:\windows\system32\XPSViewer 2012-06-05 23:04 . 2012-06-05 23:04 -------- d-----w- c:\program files\Reference Assemblies 2012-06-05 23:04 . 2007-03-22 18:24 28160 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll 2012-06-05 23:04 . 2006-06-29 11:07 14048 ------w- c:\windows\system32\spmsg2.dll 2012-06-05 19:51 . 2010-01-07 18:35 81984 ----a-w- c:\windows\system32\bdod.bin 2012-06-05 19:13 . 2010-01-07 18:55 -------- d-----w- c:\program files\BitDefender 2010-02-14 16:16 . 2004-08-10 12:00 67584 -c--a-w- c:\windows\system32\dllcache\pmigrate.dll 2010-02-14 16:15 . 2004-08-10 12:00 480256 -c--a-w- c:\windows\system32\dllcache\cintsetp.exe 2010-02-14 16:10 . 2004-08-10 12:00 32768 -c--a-w- c:\windows\system32\dllcache\icwdl.dll 2010-02-14 16:10 . 2004-08-10 12:00 20480 -c--a-w- c:\windows\system32\dllcache\inetwiz.exe 2010-02-14 16:10 . 2004-08-10 12:00 86016 -c--a-w- c:\windows\system32\dllcache\icwconn2.exe 2010-02-14 16:10 . 2004-08-10 12:00 218624 -c--a-w- c:\windows\system32\dllcache\icwconn1.exe 2010-02-14 16:08 . 2004-08-10 02:39 19840 ----a-w- c:\windows\system32\drivers\pxhelp20.sys 2010-02-14 14:09 . 2004-08-10 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll 2010-02-14 14:09 . 2004-08-10 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll 2010-02-14 14:09 . 2004-08-10 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll 2010-02-14 14:09 . 2004-08-10 12:00 13312 ----a-w- c:\windows\system32\irclass.dll 2010-02-13 20:01 . 2010-02-13 20:01 3857112 ----a-w- c:\documents and settings\laurent\Application Data\IDM\DwnlData\laurent\ComboFix_5949\ComboFix.exe 2010-02-13 15:43 . 2010-02-13 15:43 -------- d-----w- c:\documents and settings\bastien\Application Data\IrfanView 2010-02-12 15:21 . 2010-02-13 06:38 -------- d-----w- c:\program files\Aventures sur l'Ile LEGO 2010-02-11 14:42 . 2010-02-11 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard 2010-02-10 17:40 . 2010-02-11 13:53 -------- d-----w- c:\program files\Fichiers communs\Blizzard Entertainment 2010-02-08 07:13 . 2010-02-08 07:14 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Application Data\Temp 2010-01-30 15:29 . 2010-01-30 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Zylom 2010-01-27 22:00 . 2010-02-01 10:34 -------- d-----w- c:\documents and settings\pépé 2010-01-27 19:46 . 2010-01-28 13:01 -------- d-----w- C:\rsit 2010-01-27 19:46 . 2010-01-28 13:01 -------- d-----w- c:\program files\trend micro 2010-01-18 18:50 . 2010-01-18 18:50 -------- d-----w- c:\documents and settings\Vero\Application Data\Windows Search 2010-01-17 13:43 . 2010-01-17 13:43 -------- d-----w- c:\program files\Datel . (((((((((((((((((((((((((((((((((( Compte-rendu de Find3M )))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-05 13:02 . 2007-04-03 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\SiteAdvisor 2010-02-14 16:49 . 2008-08-02 00:33 -------- d-----w- c:\documents and settings\laurent\Application Data\IDM 2010-02-14 16:31 . 2005-09-01 05:53 95364 ----a-w- c:\windows\system32\perfc00C.dat 2010-02-14 16:31 . 2005-09-01 05:53 536370 ----a-w- c:\windows\system32\perfh00C.dat 2010-02-14 16:30 . 2008-08-02 00:33 -------- d-----w- c:\documents and settings\laurent\Application Data\DMCache 2010-02-14 16:29 . 2008-05-31 15:11 0 ----a-w- c:\windows\system32\drivers\lvuvc.hs 2010-02-14 16:08 . 2005-09-01 06:13 34596 ----a-w- c:\windows\system32\emptyregdb.dat 2010-02-14 16:08 . 2010-02-14 16:08 1837 ----a-w- c:\windows\inf\COM147.tmp 2010-02-14 13:58 . 2008-04-03 19:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Babylon 2010-02-14 13:38 . 2007-02-01 20:04 -------- d-----w- c:\program files\Mozilla Thunderbird 2010-02-14 12:59 . 2008-06-14 09:43 -------- d-----w- c:\documents and settings\manon\Application Data\Babylon 2010-02-14 12:57 . 2009-12-06 11:40 -------- d-----w- c:\documents and settings\manon\Application Data\DMCache 2010-02-14 11:56 . 2009-02-07 13:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Google Updater 2010-02-13 17:06 . 2008-09-04 18:20 -------- d-----w- c:\documents and settings\robin\Application Data\DMCache 2010-02-13 17:04 . 2007-02-02 18:44 311352 ----a-w- c:\documents and settings\bastien\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-13 15:44 . 2007-03-04 09:13 -------- d-----w- c:\program files\emule extrem 2010-02-13 15:20 . 2009-09-02 16:24 -------- d-----w- c:\documents and settings\Vero\Application Data\DMCache 2010-02-13 13:25 . 2007-02-01 18:38 311352 ----a-w- c:\documents and settings\manon\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-13 11:08 . 2009-12-06 11:40 -------- d-----w- c:\documents and settings\manon\Application Data\IDM 2010-02-13 06:01 . 2008-10-06 15:46 -------- d-----w- c:\program files\Electronic Arts 2010-02-12 06:01 . 2007-01-28 16:40 311352 ----a-w- c:\documents and settings\Administrateur\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-12 01:48 . 2008-06-02 19:06 311352 ----a-w- c:\documents and settings\Vero\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-11 14:07 . 2008-06-15 16:48 -------- d-----w- c:\documents and settings\robin\Application Data\Babylon 2010-02-11 13:46 . 2007-02-01 21:38 311352 ----a-w- c:\documents and settings\robin\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-10 22:42 . 2007-02-01 18:26 311352 ----a-w- c:\documents and settings\Default User\Local Settings\Application Data\GDIPFONTCACHEV1.DAT 2010-02-10 13:24 . 2009-06-29 13:12 153448 ----a-w- c:\windows\system32\drivers\bdfm.sys 2010-02-10 13:24 . 2009-06-29 13:12 106464 ----a-w- c:\windows\system32\drivers\bdhv.sys 2010-02-05 19:04 . 2010-01-09 18:43 -------- d-----w- c:\documents and settings\laurent\Application Data\AIMP 2010-02-01 20:19 . 2009-11-05 22:54 -------- d-----w- c:\documents and settings\laurent\Application Data\vlc 2010-01-31 18:46 . 2008-01-06 18:49 -------- d-----w- c:\documents and settings\laurent\Application Data\dvdcss 2010-01-28 13:52 . 2009-10-28 07:54 22328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys 2010-01-28 13:52 . 2009-10-28 07:54 103736 ----a-w- c:\windows\system32\PnkBstrB.exe 2010-01-27 22:01 . 2007-05-26 19:49 -------- d-----w- c:\program files\Web Publish 2010-01-27 20:21 . 2010-01-07 19:11 132 ----a-w- c:\windows\system32\rezumatenoi.dat 2010-01-27 20:19 . 2010-01-27 20:19 1224704 ----a-w- c:\documents and settings\NetworkService\NTUSER.DAT.tmp 2010-01-23 19:54 . 2007-04-17 19:52 -------- d-----w- c:\documents and settings\robin\Application Data\vlc 2010-01-21 10:27 . 2009-12-22 09:08 -------- d-----w- c:\program files\Microsoft Silverlight 2010-01-20 15:54 . 2007-04-17 19:08 -------- d-----w- c:\documents and settings\robin\Application Data\dvdcss 2010-01-19 09:24 . 2009-09-02 16:24 -------- d-----w- c:\documents and settings\Vero\Application Data\IDM 2010-01-16 16:42 . 2008-09-04 18:20 -------- d-----w- c:\documents and settings\robin\Application Data\IDM 2010-01-12 22:27 . 2010-01-12 22:26 -------- d-----w- c:\program files\Solstice 2010-01-12 18:28 . 2010-01-12 18:28 -------- d-----w- c:\documents and settings\bastien\Application Data\LucasArts 2010-01-11 21:13 . 2007-01-28 16:40 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-01-11 13:59 . 2007-09-04 18:57 -------- d-----w- c:\program files\GetData 2010-01-10 22:14 . 2010-01-07 18:55 -------- d-----w- c:\documents and settings\All Users\Application Data\BitDefender 2010-01-10 14:06 . 2010-01-10 14:06 0 ----a-w- c:\windows\system32\wsbl.dat 2010-01-10 14:06 . 2010-01-10 14:06 0 ----a-w- c:\windows\system32\ph_white.dat 2010-01-10 14:06 . 2010-01-10 14:06 0 ----a-w- c:\windows\system32\ph_summ.dat 2010-01-10 14:06 . 2010-01-10 14:06 0 ----a-w- c:\windows\system32\ph_black.dat 2010-01-10 14:06 . 2010-01-10 14:06 0 ----a-w- c:\windows\system32\pcwords2.dat 2010-01-10 14:06 . 2010-01-10 14:06 0 ----a-w- c:\windows\system32\pcwords.dat 2010-01-10 13:47 . 2010-01-07 17:58 -------- d-----w- c:\program files\League of Legends 2010-01-10 10:01 . 2010-01-10 10:01 -------- d-----w- c:\documents and settings\robin\Application Data\AIMP 2010-01-09 19:55 . 2010-01-06 20:41 -------- d-----w- c:\documents and settings\manon\Application Data\dvdcss 2010-01-09 18:43 . 2010-01-09 18:43 -------- d-----w- c:\program files\AIMP2 2010-01-09 15:31 . 2010-01-09 15:31 -------- d-----w- c:\documents and settings\bastien\Application Data\Windows Desktop Search 2010-01-09 15:31 . 2010-01-09 15:31 -------- d-----w- c:\documents and settings\bastien\Application Data\BitDefender 2010-01-09 08:38 . 2009-12-31 11:54 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-01-09 08:28 . 2009-12-31 11:55 5115824 ----a-w- c:\documents and settings\All Users\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\mbam-setup.exe 2010-01-08 22:37 . 2010-01-08 22:37 39088 ----a-w- c:\documents and settings\All Users\Application Data\Screentime\Anooki 6-0\saver1.dll 2010-01-08 22:37 . 2010-01-08 22:37 22976 ----a-w- c:\documents and settings\All Users\Application Data\Screentime\Anooki 6-0\saver2.dll 2010-01-08 22:37 . 2010-01-08 22:37 241840 ----a-w- c:\windows\system32\Anooki 6-0.scr 2010-01-08 22:37 . 2010-01-08 22:37 -------- d-----w- c:\documents and settings\All Users\Application Data\Screentime 2010-01-08 19:38 . 2010-01-08 19:38 -------- d-----w- c:\program files\SuperF4 2010-01-08 18:22 . 2009-11-14 10:09 -------- d-----w- c:\documents and settings\manon\Application Data\vlc 2010-01-08 14:04 . 2010-01-08 14:04 -------- d-----w- c:\documents and settings\manon\Application Data\BitDefender 2010-01-08 14:04 . 2010-01-08 14:04 -------- d-----w- c:\documents and settings\manon\Application Data\Windows Desktop Search 2010-01-08 13:41 . 2010-01-08 13:41 -------- d-----w- c:\documents and settings\robin\Application Data\Windows Desktop Search 2010-01-08 13:29 . 2010-01-08 13:28 1763897 ----a-w- c:\documents and settings\robin\Application Data\IDM\DwnlData\robin\Nero-9.4.12.708_lite_1072\Nero-9.4.12.708_lite.exe 2010-01-08 13:23 . 2010-01-08 13:23 -------- d-----w- c:\documents and settings\robin\Application Data\Windows Search 2010-01-08 08:41 . 2010-01-08 08:41 -------- d-----w- c:\documents and settings\Vero\Application Data\Windows Desktop Search 2010-01-08 08:41 . 2010-01-08 08:41 -------- d-----w- c:\documents and settings\Vero\Application Data\BitDefender 2010-01-08 07:54 . 2010-01-07 20:23 -------- d-----w- c:\program files\Windows Desktop Search 2010-01-07 20:45 . 2010-01-07 20:45 -------- d-----w- c:\documents and settings\laurent\Application Data\Windows Search 2010-01-07 20:23 . 2010-01-07 20:23 -------- d-----w- c:\documents and settings\laurent\Application Data\Windows Desktop Search 2010-01-07 19:31 . 2010-01-07 19:31 -------- d-----w- c:\documents and settings\robin\Application Data\BitDefender 2010-01-07 19:10 . 2010-01-07 19:10 4 ----a-w- c:\windows\system32\aspdict-en.dat 2010-01-07 19:10 . 2010-01-07 19:10 16 ----a-w- c:\windows\system32\asdict.dat 2010-01-07 19:09 . 2009-08-06 15:34 110984 ----a-w- c:\windows\system32\drivers\bdfndisf.sys 2010-01-07 18:55 . 2010-01-07 18:55 -------- d-----w- c:\documents and settings\laurent\Application Data\BitDefender 2010-01-07 18:55 . 2010-01-07 18:54 -------- d-----w- c:\program files\Fichiers communs\BitDefender 2010-01-07 18:52 . 2010-01-07 18:51 215146 ----a-w- C:\BdUninstallTool2010.01.07-07.51.43.reg 2010-01-07 18:34 . 2010-01-07 18:34 -------- d-----w- c:\documents and settings\laurent\Application Data\BD_TEMP 2010-01-07 18:02 . 2010-01-07 18:02 -------- d-----w- c:\program files\Fichiers communs\Adobe AIR 2010-01-07 18:01 . 2010-01-07 18:02 38208 ----a-w- c:\documents and settings\manon\Application Data\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe 2010-01-07 15:07 . 2009-12-31 11:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-01-07 15:07 . 2009-12-31 11:54 19160 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-01-07 09:27 . 2010-01-07 09:27 -------- d-----w- c:\documents and settings\LocalService\Application Data\TuneUp Software 2010-01-06 20:44 . 2009-02-17 22:58 -------- d-----w- c:\documents and settings\Vero\Application Data\vlc 2010-01-06 13:34 . 2007-07-26 17:51 1324 ----a-w- c:\windows\system32\d3d9caps.dat 2010-01-03 12:37 . 2007-02-03 22:22 -------- d-----w- c:\program files\Canon 2010-01-03 12:28 . 2007-03-27 17:47 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUp Software 2010-01-03 12:28 . 2010-01-03 12:28 -------- d-sh--w- c:\documents and settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2010-01-03 12:27 . 2008-12-05 17:53 -------- d-----w- c:\program files\TuneUp Utilities 2009 2010-01-01 15:52 . 2010-02-06 14:03 408136 ----a-w- c:\windows\pchealth\helpctr\Config\Cache\Professional_32_1036.dat 2009-12-31 15:28 . 2009-12-31 15:28 -------- d-----w- c:\program files\Duplicate Cleaner 2009-12-31 15:22 . 2009-12-31 15:21 -------- d-----w- c:\documents and settings\laurent\Application Data\Similarity 2009-12-31 14:34 . 2007-02-17 17:41 -------- d-----w- c:\program files\Microsoft Etudes 2009-12-30 12:19 . 2009-12-30 12:19 264776 ----a-w- c:\windows\system32\bda2F.tmp 2009-12-26 10:50 . 2009-12-26 10:50 -------- d-----w- c:\documents and settings\robin\Application Data\LucasArts 2008-06-19 19:13 . 2008-04-23 20:20 48 --sh--w- c:\windows\S7EC79EA1.tmp 2007-02-02 21:27 . 2007-02-01 20:39 88 --sh--w- c:\windows\system32\C32E5F3043.sys 2008-01-13 17:17 . 2008-01-13 17:07 88 --sh--w- c:\windows\system32\DDB253C292.sys 2006-05-03 09:06 . 2009-04-11 10:59 163328 --sha-w- c:\windows\system32\flvDX.dll 2009-07-21 09:21 . 2007-02-01 20:39 7982 --sha-w- c:\windows\system32\KGyGaAvL.sys 2007-02-21 10:47 . 2009-06-14 21:56 31232 --sh--w- c:\windows\system32\msfDX.dll 2008-03-16 12:30 . 2009-06-14 21:56 216064 --sh--w- c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((((((( Points de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IDMan"="c:\program files\Internet Download Manager\IDMan.exe" [2009-11-21 3171760] "SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2009-08-16 955392] "swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-02-07 39408] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-10-11 149280] "UnlockerAssistant"="c:\program files\Unlocker\UnlockerAssistant.exe" [2009-10-26 15872] "IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904] "SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 282624] "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce] "tscuninstall"="c:\windows\system32\tscupgrd.exe" [2004-08-10 44544] c:\documents and settings\Vero\Menu D‚marrer\Programmes\D‚marrage\ Super Finder XT.lnk - c:\program files\FSL\SuperFinder\SuperFinder.exe [2009-3-24 2081792] c:\documents and settings\Default User\Menu D‚marrer\Programmes\D‚marrage\ Super Finder XT.lnk - c:\program files\FSL\SuperFinder\SuperFinder.exe [2009-3-24 2081792] c:\documents and settings\manon\Menu D‚marrer\Programmes\D‚marrage\ Super Finder XT.lnk - c:\program files\FSL\SuperFinder\SuperFinder.exe [2009-3-24 2081792] c:\documents and settings\laurent\Menu D‚marrer\Programmes\D‚marrage\ Super Finder XT.lnk - c:\program files\FSL\SuperFinder\SuperFinder.exe [2009-3-24 2081792] c:\documents and settings\robin\Menu D‚marrer\Programmes\D‚marrage\ Super Finder XT.lnk - c:\program files\FSL\SuperFinder\SuperFinder.exe [2009-3-24 2081792] [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system] "DisableClock"= 0 (0x0) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer] "NoMultiIE"= 0 (0x0) "LWA"= 0 (0x0) "LWB"= 0 (0x0) "LWC"= 0 (0x0) "LWD"= 0 (0x0) "LWE"= 0 (0x0) "LWF"= 0 (0x0) "LWG"= 0 (0x0) "LWH"= 0 (0x0) "LWI"= 0 (0x0) "LWJ"= 0 (0x0) "LWK"= 0 (0x0) "LWL"= 0 (0x0) "LWM"= 0 (0x0) "LWN"= 0 (0x0) "LWO"= 0 (0x0) "LWP"= 0 (0x0) "LWQ"= 0 (0x0) "LWR"= 0 (0x0) "LWS"= 0 (0x0) "LWT"= 0 (0x0) "LWU"= 0 (0x0) "LWV"= 0 (0x0) "LWW"= 0 (0x0) "LWX"= 0 (0x0) "LWY"= 0 (0x0) "LWZ"= 0 (0x0) [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "CTFMON.EXE"=c:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "c:\\Program Files\\Dell Network Assistant\\ezi_hnm2.exe"= "c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "c:\\Program Files\\emule extrem\\emule.exe"= "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"= "c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"= "c:\\Program Files\\Reality Pump\\Two Worlds\\TwoWorlds.exe"= "c:\\Program Files\\Reality Pump\\Two Worlds\\TwoWorlds_RADEON.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "10421:UDP"= 10421:UDP:SingleClick Discovery Protocol "10426:UDP"= 10426:UDP:SingleClick ICC "4669:UDP"= 4669:UDP:eMule R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [21/01/2008 19:28 21512] R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [05/07/2006 13:46 63352] S0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [16/05/2007 21:09 685816] S1 prodrv04;Star Force copy protection driver v4;c:\windows\system32\drivers\prodrv04.sys [19/03/2008 19:29 114496] S2 BDVEDISK;BDVEDISK;c:\program files\BitDefender\BitDefender 2010\bdvedisk.sys [01/04/2009 11:25 83208] S2 BsMobileCS;BsMobileCS; [x] S2 gupdate1c989509d62cb3a;Google Update Service (gupdate1c989509d62cb3a);c:\program files\Google\Update\GoogleUpdate.exe [07/02/2009 19:19 133104] S2 hnmwrlspkt;HomeNet Manager Wireless Protocol;c:\windows\system32\drivers\hnm_wrls_pkt.sys [14/07/2006 02:01 13824] S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [31/12/2009 12:54 236368] S2 wsppkt;Wireless Security Protocol;c:\windows\system32\drivers\wsp_pkt.sys [14/07/2006 02:02 13696] S3 Arrakis3;BitDefender Serveur Arrakis;c:\program files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [25/06/2009 16:04 183880] S3 bdfm;BDFM;c:\windows\system32\drivers\bdfm.sys [29/06/2009 14:12 153448] S3 Bdfndisf;BitDefender Firewall NDIS Filter Service;c:\windows\system32\drivers\bdfndisf.sys [06/08/2009 16:34 110984] S3 BTCOMM;BTCOMM;c:\windows\system32\drivers\Btcomm.sys --> c:\windows\system32\drivers\Btcomm.sys [?] S3 BTKRNBDG;Bluetooth COM Bridge;c:\windows\system32\DRIVERS\btkrnbdg.sys --> c:\windows\system32\DRIVERS\btkrnbdg.sys [?] S3 CSRBC01;%CSRBC01.SvcDesc%;c:\windows\system32\Drivers\csrbc01.sys --> c:\windows\system32\Drivers\csrbc01.sys [?] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [21/01/2008 19:28 26248] S3 maconfservice;Ma-Config Service;c:\program files\ma-config.com\maconfservice.exe [17/12/2009 19:00 243056] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [31/12/2009 12:54 19160] S3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des -service --> c:\windows\system32\GameMon.des -service [?] S3 vad_multi;Windigo Virtual Audio Device (WDM);c:\windows\system32\drivers\vadmulti.sys --> c:\windows\system32\drivers\vadmulti.sys [?] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] bdx REG_MULTI_SZ scan . Contenu du dossier 'Tâches planifiées' 2010-02-14 c:\windows\Tasks\Google Software Updater.job - c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-07 10:23] 2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 18:19] 2010-02-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2009-02-07 18:19] 2010-02-14 c:\windows\Tasks\Malwarebytes' Scheduled Scan for laurent.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-31 15:07] 2010-02-13 c:\windows\Tasks\Malwarebytes' Scheduled Update for laurent.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-31 15:07] 2010-02-13 c:\windows\Tasks\Malwarebytes' Scheduled Update for Vero.job - c:\program files\Malwarebytes' Anti-Malware\mbam.exe [2009-12-31 15:07] . . ------- Examen supplémentaire ------- . uStart Page = hxxp://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=2070128 uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uInternet Connection Wizard,ShellNext = hxxp://www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=2070128 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: &Search IE: E&xporter vers Microsoft Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 IE: Easy-WebPrint Ajouter à la liste d'impressions - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html IE: Easy-WebPrint Impression rapide - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html IE: Easy-WebPrint Imprimer - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html IE: Easy-WebPrint Prévisualiser - c:\program files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html IE: Translate with &Babylon - c:\program files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm IE: Télécharger avec IDM - c:\program files\Internet Download Manager\IEExt.htm IE: Télécharger le contenu de video FLV avec IDM - c:\program files\Internet Download Manager\IEGetVL.htm IE: Télécharger tous les liens avec IDM - c:\program files\Internet Download Manager\IEGetAll.htm Trusted Zone: internet Trusted Zone: mcafee.com Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll FF - ProfilePath - c:\documents and settings\laurent\Application Data\Mozilla\Firefox\Profiles\eyv988q1.default\ FF - component: c:\documents and settings\laurent\Application Data\IDM\idmmzcc3\components\idmmzcc.dll FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff2.dll FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.6.dll FF - component: c:\program files\BitDefender\BitDefender 2010\bdaphffext\components\bdaphff3.dll FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: c:\program files\Google\Update\1.2.183.13\npGoogleOneClick8.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll FF - plugin: c:\program files\ma-config.com\nphardwaredetection.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . - - - - ORPHELINS SUPPRIMES - - - - URLSearchHooks-{9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file) URLSearchHooks-{E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) Notify-ljJBQkiG - (no file) AddRemove-eBay Icon - c:\documents and settings\laurent\Application Data\Desktopicon\uninst.exe AddRemove-FranceTelecomUninstall_FTBrowser - c:\progra~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl AddRemove-LifeGlobe Goldfish Aquarium_is1 - c:\program files\Prolific Publishing AddRemove-LifeGlobe Sharks, Terrors of the Deep 2_is1 - c:\program files\Prolific Publishing ************************************************************************** Recherche de processus cachés ... Recherche d'éléments en démarrage automatique cachés ... Recherche de fichiers cachés ... Scan terminé avec succès Fichiers cachés: ************************************************************************** [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- CLES DE REGISTRE BLOQUEES --------------------- [HKEY_USERS\.Default\Software\SetID\Internal] @Denied: (A 2) (LocalSystem) "DATA"="<settings expireTime=\"0\" productStatus=\"1\" obSize=\"0\" InstallTS=\"2145870353\" isSubsc=\"0\" version=\"12.0.1\" timeDiff=\"1\" oldDevice=\"\" authStatus_ts=\"0\" />" "Device"="yM29zbvPzMnLvrm+x8fPzce+zro=" [HKEY_USERS\S-1-5-21-871840397-1802110598-3649274961-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0CA059EE-7279-415B-3265-F6CE45C48EAC}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "oanldcbenppjlbogmmcapgfldhphdd"=hex:63,61,6e,66,69,67,00,7c "oabndnpchjncncdnlhfaemecfkgdii"=hex:6a,61,6f,66,6f,68,6a,67,6d,62,6d,70,64,61, 6f,6c,63,66,67,6e,00,fd "nalmjcoajmoeckloepljafliikco"=hex:6a,61,6f,66,6f,68,6a,67,6d,62,6d,70,64,61, 6f,6c,63,66,67,6e,00,cb "eajndckjcf"=hex:6a,62,6f,6a,67,6f,6a,6c,68,6d,63,6e,62,69,70,6e,70,6d,6b,6b, 70,6a,65,64,6c,6d,67,63,6b,6b,64,6b,67,61,6f,6c,6e,64,6f,6d,6a,65,6b,66,6f,\ "caolng"=hex:6b,62,64,68,68,67,66,65,67,68,68,6c,69,6b,68,66,6e,68,6c,6d,6f,70, 6c,69,70,6b,6b,68,64,6b,70,63,67,6f,6d,66,68,6e,65,62,6d,63,63,68,6f,68,67,\ [HKEY_USERS\S-1-5-21-871840397-1802110598-3649274961-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED6F3658-9B00-F88C-78B5-39E2389AC0B5}*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) "iallghekakmlnpclao"=hex:6b,61,6a,65,61,6a,6c,6c,66,6f,65,6b,68,64,6a,67,63,6c, 70,62,66,62,00,00 "hanllkhblbcilcef"=hex:6b,61,6a,65,61,6a,6c,6c,66,6f,65,6b,68,64,6a,67,63,6c, 70,62,66,62,00,00 "hapcbjogjofnahgh"=hex:68,61,6e,62,6a,61,6d,62,6e,62,70,61,66,62,6e,6f,00,00 "hapcbjogmjhkoppk"=hex:6b,62,66,64,68,69,61,62,6a,6a,61,63,67,6e,67,67,62,64, 6a,62,63,6e,61,6c,6c,6b,69,6a,65,67,70,62,69,6a,66,63,6e,69,65,66,64,6b,6a,\ [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\Ø•€|ÿÿÿÿ•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\h–€|ÿÿÿÿ¤•€|ù•9~*] "C040110900063D11C8EF10054038389C"="C?\\WINDOWS\\system32\\FM20ENU.DLL" [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*] "OODEFRAG10.00.00.01WORKSTATION"="2B03C119DB6ECD2EFEBB9FFC02326E696666ECCEFA2843B1F82F56F6B7192A4A54FB679DF1B CC186795CC36874ED4F1177FCBBD02CED7ABB6C3D28790FB1D66F4B3EA0A3CF49B61C7E13782862D4 594251FB900C507EE187AC2E76175D149C5D23AED68AFA261DB94FC0BCDA8F3E235B80D9A17F879B5 3A1B3B24DCE3E0B3EF0E15A8BF32BC5BD2D20E925E270E519BA8636B5EF256A7F1A6FA0C9E882444F 8C046F5146CF7E2FC8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74 CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CA6A0AC4980AC7933 A2D97226D213B555FA60002B55AE5C9BD414F12CC78C5F894B1007696363EE7E72372F373F31B30FE 721D44B5C138CF6DF724B6F12E7ABD302C3923A59FCF76594A26364DE56CEE8FA1712A3667F807F01 404296016EB620F4FDDF489074122419ACF63C1D4226D95DED4F8F7A79C4AC6A84E01F374F92D9833 E8FD1694271B7AAED40DE3BD4B70F2578B7AFD569BAFDC46A47CB901E25ED81A856DAFBC1221F6B24 A9AFAC555138632C866A69A016F329C029221BD128D0B7047C299034035DEF2FAE57966C198A18239 1E7D850609428F94D6D16C7A9F8E0BDDCC928BDC57BC095DF41D727053E3B1BBC17FC8E766AC3AE8F 3A783C0ADFAF64E98AF4677383DCFD659E7D76E090B5F504A6E1550902F2175D5CEA558185C4AC26F E5C9C6486B336F562CC314C42E439F30DC9849C6C22933DE8CB18976BBA6EAAFEF8AE48172BB06046 3C10BC961B10300427DD0AC02F28433A2C722B191C25A3A499D0A2CD1A0006C4F6B0F7D620C6EC09A 408FD98ECF89C6FD1316D1869F050CEC09CC84650DE5A1FDC949AD1ABD1F75A1D8DFA90A3D386E836 0A6578971787A2A58E671F0D28E85A03201554ECC3AC80215BD14B0DA657CD0792EACB0DFC2F84330 57BFB075FCC3CAE9DAAB68658FEC275C4AF6E5882F30925C72D29A6B0442285475806E5A7B9D25DB9 F14E0D6EF22E13800FA2A9A0D9472688AD2C35DFD769F0FBA5E746CAF26D3C8759FA8B85A595A6A94 095175B947AD497C2717B610D0DFB305D523BB4522031F91E1B00C5440C8F3C69F9AB314B5AAD1D95 9DB1A91C056153CD76C7F6C443D2EC5593DBF710ECE39D0385E545B3E0E224A2D505D7520C0F3B9B8 EE5464DF3EB9B66CD050ADF52EA9159F0BA5E98CAD89BBDC514AA10A2A61F3B5581FBFE11FCA98C37 D60D2021A1C40D7A0FE65A1C2AD70C1CF285C789009BF8897D14043F391B593E1EB84BFB39441463B FEE6B192311878A2B70044A26B1F2F0AD309AE50958AE591DE576CB158136719928524D47DF7D4736 97DFAD56469B505C94133386B045008992463F4E55106FE26BAC864A450F0F87CA8B45039F3B76C32 BD2948155A8308EE07747B0F813A8" . --------------------- DLLs chargées dans les processus actifs --------------------- - - - - - - - > 'winlogon.exe'(284) c:\windows\system32\Ati2evxx.dll . Heure de fin: 2010-02-14 18:08:38 ComboFix-quarantined-files.txt 2010-02-14 17:08 Avant-CF: 118 490 939 392 octets libres Après-CF: 118 443 151 360 octets libres - - End Of File - - 54354C784DE91455A136DC9FD7A6A58C

Salut désolé, je n'ai pas vu apparaitre la KB977165 dans la liste des mise à jour.

bonjour Thanos, je fais un peu de ménage (de déménagement même), et je fais les manips: je suis quand même curieux de voir ce qui se passe!. depuis la réparation windows, Firefox rame (1 à 2mn pour ouvrir un onglet): quelque chose a du se casser. Je pense que ce n'est que la partie émergée de l'iceberg...

Bonsoir Thanos j'ai mis un peu de temps à répondre... c'est que j'ai eu des petite problèmes de puis la dernière fois: il y a 2 jours, à l'ouverture d'une 2ème session (même si la première avait été fermé avant), explorer prend 50% des ressources, et le PC se fige: reset obligatoire à chaque fois. Puis hier (mon PC a été utilisé par plusieurs d'utilisateurs entre temps): impossible de démarrer: windows démarre, puis au moment d'afficher le bureau, l'écran passe au bleu. j'ai fini par mettre le cd d'instal de windows pour faire une réparation. Le PC redémarre bien maintenant. Il faut signaler 3 choses: en lançant firefox, le même problème décrit au début réapparait le mode "sans échec" est de nouveau fonctionnel (je pourrais faire la première manip proposée) en lançant un utilitaire de diagnostic de DELL, en fin de scan d'un disque dur, le PC a rebooté tout seul. ce que je pensais faire maintenant: sauvegarder toutes mes données sur un disque externe, faire un nettoyage de PC (peut-être des faux contacts??), et réinstaller (j'espère qu'il n'y aura pas de pb) qu'en penses-tu?

bonsoir! je n'ai pas pu faire la dernière manip proposée: le démarrage de avirarkd.exe amène directement au message suivant: 'one of the Avira Antivir Desktop products must be installed first. The application will exit." Faut-il installer antivir?

re-bonjour voilà le nouveau résultat de rootkit scanner en décochant "file" (là, le scan a abouti, assez vite même): GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-02-04 13:33:17 Windows 5.1.2600 Service Pack 3 Running: xu6op319.exe; Driver: C:\DOCUME~1\laurent\LOCALS~1\Temp\fgldqpod.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAllocateVirtualMemory [0xA9738884] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwAssignProcessToJobObject [0xA9738BF0] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwConnectPort [0xA9739DA0] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateFile [0xA97395B6] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateKey [0xA973A20A] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcess [0xA9738D3A] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateProcessEx [0xA9738DBC] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateSection [0xA97393DA] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwCreateThread [0xA9738486] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDeviceIoControlFile [0xA973A30A] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwDuplicateObject [0xA973C9F4] SSDT sptd.sys ZwEnumerateKey [0xB9EC3FB2] SSDT sptd.sys ZwEnumerateValueKey [0xB9EC4340] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwFsControlFile [0xA973A44E] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwLoadDriver [0xA973AD92] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenFile [0xA97394CA] SSDT sptd.sys ZwOpenKey [0xB9EBE0B0] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenProcess [0xA973C746] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenSection [0xA97392FA] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwOpenThread [0xA973C874] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwProtectVirtualMemory [0xA9738782] SSDT sptd.sys ZwQueryKey [0xB9EC4418] SSDT sptd.sys ZwQueryValueKey [0xB9EC4298] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwQueueApcThread [0xA9738C92] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestPort [0xA9739E30] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwRequestWaitReplyPort [0xA9739BEC] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSecureConnectPort [0xA9739FBA] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetContextThread [0xA9738576] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSetSystemInformation [0xA9738988] SSDT sptd.sys ZwSetValueKey [0xB9EC44AA] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendProcess [0xA97386E4] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSuspendThread [0xA9738646] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwSystemDebugControl [0xA9738B4E] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateProcess [0xA973C6B6] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwTerminateThread [0xA973CB02] SSDT \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys (BitDefender Self Protection Driver/BitDefender) ZwWriteVirtualMemory [0xA9738384] ---- Registry - GMER 1.0.15 ---- Reg HKLM\SYSTEM\ControlSet000\Services\BTHPORT\Parameters\Keys\00025b00c766 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet000\Services\BTHPORT\Parameters\Keys\00025b00c766@0016db26f48a 0x2C 0x86 0x23 0x29 ... Reg HKLM\SYSTEM\ControlSet000\Services\BTHPORT\Parameters\Keys\00025b00c766@0012d22c4097 0xB8 0xD2 0x97 0x34 ... Reg HKLM\SYSTEM\ControlSet000\Services\BTHPORT\Parameters\Keys\00025b00c766@002567b936ae 0x63 0xB6 0x7B 0x8D ... Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xF7 0x82 0xE3 ... Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x6F 0x2E 0xAD ... Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6F 0x26 0xEB 0xE4 ... Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x66 0x70 0x5D ... Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x55 0x06 0xB4 0xA5 ... Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xB3 0x85 0xC8 0xA8 ... Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xB3 0x85 0xC8 0xA8 ... Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq4@hdf12 0xE7 0xE2 0x6D 0x43 ... Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq5@hdf12 0xE7 0x6F 0x2E 0xA5 ... Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq6@hdf12 0xC7 0xFE 0x18 0xE5 ... Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x05 0x9E 0x95 0x7B ... Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x8C 0xCC 0xD3 0xCB ... Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet000\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1C 0x83 0xF1 0xD5 ... Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00025b00c766 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00025b00c766@0016db26f48a 0x2C 0x86 0x23 0x29 ... Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00025b00c766@0012d22c4097 0xB8 0xD2 0x97 0x34 ... Reg HKLM\SYSTEM\ControlSet001\Services\BTHPORT\Parameters\Keys\00025b00c766@002567b936ae 0x63 0xB6 0x7B 0x8D ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xF7 0x82 0xE3 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x6F 0x2E 0xAD ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6F 0x26 0xEB 0xE4 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x66 0x70 0x5D ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x55 0x06 0xB4 0xA5 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xB3 0x85 0xC8 0xA8 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xB3 0x85 0xC8 0xA8 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq4@hdf12 0xE7 0xE2 0x6D 0x43 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq5@hdf12 0xE7 0x6F 0x2E 0xA5 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq6@hdf12 0xC7 0xFE 0x18 0xE5 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x05 0x9E 0x95 0x7B ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x8C 0xCC 0xD3 0xCB ... Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet001\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1C 0x83 0xF1 0xD5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b00c766 Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b00c766@0016db26f48a 0x2C 0x86 0x23 0x29 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b00c766@0012d22c4097 0xB8 0xD2 0x97 0x34 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\00025b00c766@002567b936ae 0x63 0xB6 0x7B 0x8D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s1 771343423 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@s2 285507792 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg@h0 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xF7 0x82 0xE3 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x6F 0x2E 0xAD ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6F 0x26 0xEB 0xE4 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x66 0x70 0x5D ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x55 0x06 0xB4 0xA5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xB3 0x85 0xC8 0xA8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xB3 0x85 0xC8 0xA8 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq4@hdf12 0xE7 0xE2 0x6D 0x43 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq5 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq5@hdf12 0xE7 0x6F 0x2E 0xA5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq6 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq6@hdf12 0xC7 0xFE 0x18 0xE5 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x05 0x9E 0x95 0x7B ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x8C 0xCC 0xD3 0xCB ... Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1C 0x83 0xF1 0xD5 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b00c766 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b00c766@0016db26f48a 0x2C 0x86 0x23 0x29 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b00c766@0012d22c4097 0xB8 0xD2 0x97 0x34 ... Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\00025b00c766@002567b936ae 0x63 0xB6 0x7B 0x8D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xF7 0x82 0xE3 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x6F 0x2E 0xAD ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6F 0x26 0xEB 0xE4 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x66 0x70 0x5D ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x55 0x06 0xB4 0xA5 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xB3 0x85 0xC8 0xA8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xB3 0x85 0xC8 0xA8 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq4@hdf12 0xE7 0xE2 0x6D 0x43 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq5@hdf12 0xE7 0x6F 0x2E 0xA5 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq6@hdf12 0xC7 0xFE 0x18 0xE5 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x05 0x9E 0x95 0x7B ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x8C 0xCC 0xD3 0xCB ... Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1C 0x83 0xF1 0xD5 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00025b00c766 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00025b00c766@0016db26f48a 0x2C 0x86 0x23 0x29 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00025b00c766@0012d22c4097 0xB8 0xD2 0x97 0x34 ... Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\00025b00c766@002567b936ae 0x63 0xB6 0x7B 0x8D ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xF7 0x82 0xE3 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x6F 0x2E 0xAD ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6F 0x26 0xEB 0xE4 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x66 0x70 0x5D ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x55 0x06 0xB4 0xA5 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xB3 0x85 0xC8 0xA8 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xB3 0x85 0xC8 0xA8 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq4@hdf12 0xE7 0xE2 0x6D 0x43 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq5@hdf12 0xE7 0x6F 0x2E 0xA5 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq6@hdf12 0xC7 0xFE 0x18 0xE5 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x05 0x9E 0x95 0x7B ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x8C 0xCC 0xD3 0xCB ... Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet004\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1C 0x83 0xF1 0xD5 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0x25 0xAA 0x54 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBF 0xA1 0x46 0x35 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6F 0x26 0xEB 0xE4 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x1E 0x7A 0xD6 0x52 ... Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet005\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1C 0x83 0xF1 0xD5 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0xDD 0x25 0xAA 0x54 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0xBB 0xEF 0xA2 0xFE ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x18 0x37 0x9B 0xCA ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0xA6 0x04 0xDE 0x0C ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0xDF 0x06 0x90 0x37 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0xD2 0xD7 0xFE 0x5E ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x9B 0x2D 0x66 0xBA ... Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet006\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1C 0x83 0xF1 0xD5 ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00025b00c766 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00025b00c766@0016db26f48a 0x2C 0x86 0x23 0x29 ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00025b00c766@0012d22c4097 0xB8 0xD2 0x97 0x34 ... Reg HKLM\SYSTEM\ControlSet007\Services\BTHPORT\Parameters\Keys\00025b00c766@002567b936ae 0x63 0xB6 0x7B 0x8D ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xF7 0x82 0xE3 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x6F 0x2E 0xAD ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6F 0x26 0xEB 0xE4 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x66 0x70 0x5D ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x55 0x06 0xB4 0xA5 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xB3 0x85 0xC8 0xA8 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xB3 0x85 0xC8 0xA8 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq4@hdf12 0xE7 0xE2 0x6D 0x43 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq5@hdf12 0xE7 0x6F 0x2E 0xA5 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq6@hdf12 0xC7 0xFE 0x18 0xE5 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x05 0x9E 0x95 0x7B ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x8C 0xCC 0xD3 0xCB ... Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet007\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1C 0x83 0xF1 0xD5 ... Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00025b00c766 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00025b00c766@0016db26f48a 0x2C 0x86 0x23 0x29 ... Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00025b00c766@0012d22c4097 0xB8 0xD2 0x97 0x34 ... Reg HKLM\SYSTEM\ControlSet008\Services\BTHPORT\Parameters\Keys\00025b00c766@002567b936ae 0x63 0xB6 0x7B 0x8D ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xF7 0x82 0xE3 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x6F 0x2E 0xAD ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6F 0x26 0xEB 0xE4 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x98 0xF2 0xC4 0x12 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x55 0x06 0xB4 0xA5 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xB3 0x85 0xC8 0xA8 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xB3 0x85 0xC8 0xA8 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq4@hdf12 0xE7 0xE2 0x6D 0x43 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq5@hdf12 0xE7 0x6F 0x2E 0xA5 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq6@hdf12 0xC7 0xFE 0x18 0xE5 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x05 0x9E 0x95 0x7B ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x8C 0xCC 0xD3 0xCB ... Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet008\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1C 0x83 0xF1 0xD5 ... Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00025b00c766 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00025b00c766@0016db26f48a 0x2C 0x86 0x23 0x29 ... Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00025b00c766@0012d22c4097 0xB8 0xD2 0x97 0x34 ... Reg HKLM\SYSTEM\ControlSet009\Services\BTHPORT\Parameters\Keys\00025b00c766@002567b936ae 0x63 0xB6 0x7B 0x8D ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0 1 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew 0x20 0xF7 0x82 0xE3 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 2 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x7B 0x6F 0x2E 0xAD ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@p0 C:\Program Files\DAEMON Tools Pro\ Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001@hdf12 0x6F 0x26 0xEB 0xE4 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq0@hdf12 0x6F 0x66 0x70 0x5D ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq1@hdf12 0x55 0x06 0xB4 0xA5 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq2@hdf12 0xB3 0x85 0xC8 0xA8 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq3@hdf12 0xB3 0x85 0xC8 0xA8 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq4@hdf12 0xE7 0xE2 0x6D 0x43 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq5 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq5@hdf12 0xE7 0x6F 0x2E 0xA5 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq6 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000001\gdq6@hdf12 0xC7 0xFE 0x18 0xE5 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@a0 0x20 0x01 0x00 0x00 ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002@hdf12 0x05 0x9E 0x95 0x7B ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC\00000002\gdq0@hdf12 0x8C 0xCC 0xD3 0xCB ... Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet) Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0 Reg HKLM\SYSTEM\ControlSet009\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0x1C 0x83 0xF1 0xD5 ... Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\LucasArts\LEGO\xae Indiana Jones\x2122 2\Audio\Audio.CFG 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\LucasArts\LEGO\xae Indiana Jones\x2122 2\Audio\_CutScenes\AkatorHub_Intro.ogg 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\LucasArts\LEGO\xae Indiana Jones\x2122 2\Audio\_Music\1_0_HUB_1Nepal_Qui.ogg 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs@C:\Program Files\LucasArts\LEGO\xae Indiana Jones\x2122 2\Movies\PC\attract.bik 1 Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG10.00.00.01WORKSTATION 2B03C119DB6ECD2EFEBB9FFC02326E696666ECCEFA2843B1F82F56F6B7192A4A54FB679DF1BCC186 795CC36874ED4F1177FCBBD02CED7ABB6C3D28790FB1D66F4B3EA0A3CF49B61C7E13782862D459425 1FB900C507EE187AC2E76175D149C5D23AED68AFA261DB94FC0BCDA8F3E235B80D9A17F879B53A1B3 B24DCE3E0B3EF0E15A8BF32BC5BD2D20E925E270E519BA8636B5EF256A7F1A6FA0C9E882444F8C046 F5146CF7E2FC8FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC 9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5CA6A0AC4980AC7933A2D97 226D213B555FA60002B55AE5C9BD414F12CC78C5F894B1007696363EE7E72372F373F31B30FE721D4 4B5C138CF6DF724B6F12E7ABD302C3923A59FCF76594A26364DE56CEE8FA1712A3667F807F0140429 6016EB620F4FDDF489074122419ACF63C1D4226D95DED4F8F7A79C4AC6A84E01F374F92D9833E8FD1 694271B7AAED40DE3BD4B70F2578B7AFD569BAFDC46A47CB901E25ED81A856DAFBC1221F6B24A9AFA C555138632C866A69A016F329C029221BD128D0B7047C299034035DEF2FAE57966C198A182391E7D8 50609428F94D6D16C7A9F8E0BDDCC928BDC57BC095DF41D727053E3B1BBC17FC8E766AC3AE8F3A783 C0ADFAF64E98AF4677383DCFD659E7D76E090B5F504A6E155090 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@AppInit_DLLs Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@DeviceNotSelectedTimeout 15 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@GDIProcessHandleQuota 10000 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@Spooler yes Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@swapdisk Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@TransmissionRetryTimeout 90 Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows@USERProcessHandleQuota 10000 Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0CA059EE-7279-415B-3265-F6CE45C48EAC} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0CA059EE-7279-415B-3265-F6CE45C48EAC}@oanldcbenppjlbogmmcapgfldhphdd 0x63 0x61 0x6E 0x66 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0CA059EE-7279-415B-3265-F6CE45C48EAC}@oabndnpchjncncdnlhfaemecfkgdii 0x6A 0x61 0x6F 0x66 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0CA059EE-7279-415B-3265-F6CE45C48EAC}@nalmjcoajmoeckloepljafliikco 0x6A 0x61 0x6F 0x66 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0CA059EE-7279-415B-3265-F6CE45C48EAC}@eajndckjcf 0x6A 0x62 0x6F 0x6A ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{0CA059EE-7279-415B-3265-F6CE45C48EAC}@caolng 0x6B 0x62 0x64 0x68 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED6F3658-9B00-F88C-78B5-39E2389AC0B5} Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED6F3658-9B00-F88C-78B5-39E2389AC0B5}@iallghekakmlnpclao 0x6B 0x61 0x6A 0x65 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED6F3658-9B00-F88C-78B5-39E2389AC0B5}@hanllkhblbcilcef 0x6B 0x61 0x6A 0x65 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED6F3658-9B00-F88C-78B5-39E2389AC0B5}@hapcbjogjofnahgh 0x68 0x61 0x6E 0x62 ... Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{ED6F3658-9B00-F88C-78B5-39E2389AC0B5}@hapcbjogmjhkoppk 0x6B 0x62 0x66 0x64 ... ---- EOF - GMER 1.0.15 ----

Bonjour thanos. désolé pour la réactivité: je suis rentré hier soir. j'ai essayé de faire la manip avec le rootkit scanner: mais comme la dernière fois, ça a buggé: la première fois, PC bloqué (peut-être à cause de l'antivirus que j'avais laissé) la deuxième fois le PC redémarre au bout d'une 1/2 heure environ (c'est mieux, mais...). je ré-essaierai ce soir en décochant "file", ce que je n'ai pas encore eu le temps de faire...

Bonjour! et voilà le rapport mbam! Malwarebytes' Anti-Malware 1.44 Version de la base de données: 3674 Windows 5.1.2600 Service Pack 3 Internet Explorer 6.0.2900.5512 02/02/2010 08:49:14 mbam-log-2010-02-02 (08-49-14).txt Type de recherche: Examen complet (C:\|) Eléments examinés: 458665 Temps écoulé: 5 hour(s), 43 minute(s), 41 second(s) Processus mémoire infecté(s): 0 Module(s) mémoire infecté(s): 0 Clé(s) du Registre infectée(s): 0 Valeur(s) du Registre infectée(s): 0 Elément(s) de données du Registre infecté(s): 0 Dossier(s) infecté(s): 0 Fichier(s) infecté(s): 12 Processus mémoire infecté(s): (Aucun élément nuisible détecté) Module(s) mémoire infecté(s): (Aucun élément nuisible détecté) Clé(s) du Registre infectée(s): (Aucun élément nuisible détecté) Valeur(s) du Registre infectée(s): (Aucun élément nuisible détecté) Elément(s) de données du Registre infecté(s): (Aucun élément nuisible détecté) Dossier(s) infecté(s): (Aucun élément nuisible détecté) Fichier(s) infecté(s): C:\Laur.back\Combo-Fix.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\Laur.back\PV.cfxxe (Adware.Swizzor) -> Quarantined and deleted successfully. C:\Laur.back\pv.com (Adware.Swizzor) -> Quarantined and deleted successfully. C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadX800.exe (Worm.Koobface) -> Quarantined and deleted successfully. C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadZ510.exe (Worm.Koobface) -> Quarantined and deleted successfully. C:\Program Files\Samsung\Samsung PC Studio 3\Update\util\UnZipTemp\OrgLoadD500.exe (Worm.Koobface) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1\A0002293.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1\A0002368.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1\A0002406.com (Adware.Swizzor) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1\A0002436.sys (Malware.Trace) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1\A0002474.com (Adware.Swizzor) -> Quarantined and deleted successfully. C:\System Volume Information\_restore{C75D780B-5CD4-494E-AB96-5DA2A6677439}\RP1\A0002331.com (Adware.Swizzor) -> Quarantined and deleted successfully.

bonsoir, ben, on ne peux pas dire que je m'ennuie avec ce PC: ce soir, j'envoie un scan avec Malwarebyte's antimalware: je te posterai le résultat demain. pour la 2ème manip, évidemment, les fichiers dont on parle (apauz95v.SYS et e96627af.sys) ont disparus. Alors j'ai refait un scan avec root repeal: dès la fin du scan, j'ai regardé les driver apparaissant dans les premières ligne du rapport: puis j'ai aussitôt fait la manip avec le "driver" a5sfj6rw.sys: j'ai fait un dump dans le fichier badfile, et je l'ai posté suivant la procédure décrite: le lien est édition du message pour retirer l'url du fichier quelques minutes plus tard, j'ai vérifié dans le répertoire system32/drivers. le fichier a5sfj6rw.sys avait disparu. j'ai fait un "virustotal" de ce fichier, le résultat est le suivant: (extrait) Fichier a5sfj6rw.sys reçu le 2010.02.01 19:56:24 (UTC) Situation actuelle: terminé Résultat: 3/41 (7.32%) AntiVir 7.9.1.156 2010.02.01 TR/Crypt.XPACK.Gen McAfee-GW-Edition 6.8.5 2010.02.01 Heuristic.LooksLike.Win32.SuspiciousPE.Q Symantec 20091.2.0.41 2010.02.01 Suspicious.Insight le reste des antivirus n'a rien trouvé.

dans le doute, j'ai fait une recherche de "apau95" dans tout le disque dur: rien. j'ai relancé le scan RootRepeal: les lignes avec "apauz95v.SYS" ont disparues dans le nouveau rapport. par contre la référence à ce fichier reste dans les lignes suivantes: " Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_CREATE] Process: System Address: 0x8ac8c1e8 Size: 121 Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_CLOSE] Process: System Address: 0x8ac8c1e8 Size: 121 Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8ac8c1e8 Size: 121 Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a7f34f8 Size: 1238 Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_POWER] Process: System Address: 0x8ac8c1e8 Size: 121 Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8ac8c1e8 Size: 121 Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_PNP] Process: System Address: 0x8ac8c1e8 Size: 121 " par contre dans le nouveau rapport apparait dans les premières lignes " Drivers ------------------- Name: e96627af.sys Image Path: C:\WINDOWS\System32\Drivers\e96627af.sys Address: 0x97ABE000 Size: 574976 File Visible: No Signed: - Status: - " je vais aussitôt voir ce e96627af.sys pour l'analyser... plus là... :P :P ;)

Bonjour je n'ai pas trouvé de fichier C:\WINDOWS\System32\Drivers\apauz95v.SYS (???)

Bonsoir! j'ai fait les 2 manips qui se sont bien déroulées (je que je trouve super, ce sont les procédures vraiment bien faites). rapport de virustotal: Fichier winlogon.exe reçu le 2010.01.30 19:02:14 (UTC) Situation actuelle: terminé Résultat: 0/41 (0%) (tu me dis si je dois t'envoyer les informations additionnelles qui m'ont l'air illisibles) rapport RootRepeal: ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2010/01/30 19:35 Program Version: Version 1.3.5.0 Windows Version: Windows XP Media Center Edition SP3 ================================================== Drivers ------------------- Name: apauz95v.SYS Image Path: C:\WINDOWS\System32\Drivers\apauz95v.SYS Address: 0xB9A54000 Size: 425984 File Visible: No Signed: - Status: - Name: PCI_NTPNP4802 Image Path: \Driver\PCI_NTPNP4802 Address: 0x00000000 Size: 0 File Visible: No Signed: - Status: - Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xA8CEE000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\hiberfil.sys Status: Locked to the Windows API! Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.28.crwl Status: Allocation size mismatch (API: 280, Raw: Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.49.crwl Status: Allocation size mismatch (API: 280, Raw: 144) Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.53.crwl Status: Allocation size mismatch (API: 280, Raw: 144) Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\fofolle33kzo@hotmail.fr\DFSR\Staging\CS{90E158D7-8431-9FD3-DADE-3DFD2F431A3B}\69\359-{4E8459F4-0555-43AD-8771-2F03872CDFBD}-v169-{4E8459F4-0555-43AD-8771-2F03872CDFBD}-v359-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\justineau@hotmail.fr\DFSR\Staging\CS{9E79C0A8-B2F3-F52A-1679-804D1DEA66CF}\12\13-{43~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\larouliadu33@hotmail.fr\DFSR\Staging\CS{5D5B744F-3EEE-523B-475C-E015A9525537}\18\18-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v18-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\76\1376-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1376-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1376-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\76\1649-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\76\976-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v976-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v976-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\00\1496-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\01\1499-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\02\1502-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\77\1377-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1377-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1377-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\77\977-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v977-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v977-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\78\1378-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1378-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1378-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\79\1379-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1379-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1379-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\80\1380-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1380-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1380-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\81\1381-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1381-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1381-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\82\1382-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1382-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1382-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\83\1383-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1383-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1383-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\84\1384-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1384-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1384-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\90\1466-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1290-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1466-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\91\1469-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1291-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1469-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\92\1472-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1292-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1472-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\93\1475-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1293-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1475-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\94\1478-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1294-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1478-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\95\1481-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1295-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1481-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\95\1596-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1595-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1596-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\96\1484-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1296-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1484-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\97\1487-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1297-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1487-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\98\1490-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1298-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1490-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\99\1493-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1299-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1493-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\63\1063-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1063-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1063-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\68\1368-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1368-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1368-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\69\1369-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1369-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1369-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\70\1370-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1370-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1370-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\71\1371-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1371-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1371-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\72\1372-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1372-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1372-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\73\1373-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1373-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1373-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\74\974-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v974-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v974-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\75\1375-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1375-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1375-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\75\975-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v975-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v975-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\34\534-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v534-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v534-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\11\511-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v511-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v511-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\17\517-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v517-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v517-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\18\518-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v518-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v518-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\19\519-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v519-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v519-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\20\520-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v520-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v520-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\21\521-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v521-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v521-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\22\522-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v522-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v522-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\23\523-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v523-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v523-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\24\524-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v524-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v524-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\25\525-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v525-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v525-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\26\526-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v526-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v526-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\27\527-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v527-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v527-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\28\528-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v528-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v528-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\29\529-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v529-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v529-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\30\530-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v530-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v530-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\31\531-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v531-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v531-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\32\532-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v532-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v532-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\33\533-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v533-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v533-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\35\535-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v535-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v535-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\37\537-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v537-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v537-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\65\165-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v165-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v165-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\19\119-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v119-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v119-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\31\131-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v131-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v131-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\32\132-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v132-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v132-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\34\134-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v134-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v134-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\35\135-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v135-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v135-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\36\136-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v136-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v136-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\37\137-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v137-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v137-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows API, but not on disk. Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\38\138-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v138-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v138-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS Status: Visible to the Windows SSDT ------------------- #: 017 Function Name: NtAllocateVirtualMemory Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7884 #: 019 Function Name: NtAssignProcessToJobObject Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7bf0 #: 031 Function Name: NtConnectPort Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c8da0 #: 037 Function Name: NtCreateFile Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c85b6 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c920a #: 047 Function Name: NtCreateProcess Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7d3a #: 048 Function Name: NtCreateProcessEx Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7dbc #: 050 Function Name: NtCreateSection Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c83da #: 053 Function Name: NtCreateThread Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7486 #: 066 Function Name: NtDeviceIoControlFile Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c930a #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90cb9f4 #: 071 Function Name: NtEnumerateKey Status: Hooked by "sptd.sys" at address 0xb9ec3fb2 #: 073 Function Name: NtEnumerateValueKey Status: Hooked by "sptd.sys" at address 0xb9ec4340 #: 084 Function Name: NtFsControlFile Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c944e #: 097 Function Name: NtLoadDriver Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c9d92 #: 116 Function Name: NtOpenFile Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c84ca #: 119 Function Name: NtOpenKey Status: Hooked by "sptd.sys" at address 0xb9ebe0b0 #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90cb746 #: 125 Function Name: NtOpenSection Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c82fa #: 128 Function Name: NtOpenThread Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90cb874 #: 137 Function Name: NtProtectVirtualMemory Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7782 #: 160 Function Name: NtQueryKey Status: Hooked by "sptd.sys" at address 0xb9ec4418 #: 177 Function Name: NtQueryValueKey Status: Hooked by "sptd.sys" at address 0xb9ec4298 #: 180 Function Name: NtQueueApcThread Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7c92 #: 199 Function Name: NtRequestPort Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c8e30 #: 200 Function Name: NtRequestWaitReplyPort Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c8bec #: 210 Function Name: NtSecureConnectPort Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c8fba #: 213 Function Name: NtSetContextThread Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7576 #: 240 Function Name: NtSetSystemInformation Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7988 #: 247 Function Name: NtSetValueKey Status: Hooked by "sptd.sys" at address 0xb9ec44aa #: 253 Function Name: NtSuspendProcess Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c76e4 #: 254 Function Name: NtSuspendThread Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7646 #: 255 Function Name: NtSystemDebugControl Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7b4e #: 257 Function Name: NtTerminateProcess Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90cb6b6 #: 258 Function Name: NtTerminateThread Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90cbb02 #: 277 Function Name: NtWriteVirtualMemory Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7384 Stealth Objects ------------------- Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP] Process: System Address: 0x8b2551e8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE] Process: System Address: 0x8a70f1e8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE] Process: System Address: 0x8a70f1e8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ] Process: System Address: 0x8a70f1e8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE] Process: System Address: 0x8a70f1e8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8a70f1e8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a70f1e8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a70f1e8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN] Process: System Address: 0x8a70f1e8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER] Process: System Address: 0x8a70f1e8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a70f1e8 Size: 121 Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP] Process: System Address: 0x8a70f1e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE] Process: System Address: 0x8b2571e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE] Process: System Address: 0x8b2571e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_READ] Process: System Address: 0x8b2571e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE] Process: System Address: 0x8b2571e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8b2571e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8b2571e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8b2571e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN] Process: System Address: 0x8b2571e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_POWER] Process: System Address: 0x8b2571e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8b2571e8 Size: 121 Object: Hidden Code [Driver: dmio, IRP_MJ_PNP] Process: System Address: 0x8b2571e8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE] Process: System Address: 0x89f601e8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE] Process: System Address: 0x89f601e8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ] Process: System Address: 0x89f601e8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE] Process: System Address: 0x89f601e8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89f601e8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89f154f8 Size: 179 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER] Process: System Address: 0x89f601e8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89f601e8 Size: 121 Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP] Process: System Address: 0x89f601e8 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE] Process: System Address: 0x8ac8f6f0 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE] Process: System Address: 0x8ac8f6f0 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8ac8f6f0 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8ac8f6f0 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER] Process: System Address: 0x8ac8f6f0 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8ac8f6f0 Size: 121 Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP] Process: System Address: 0x8ac8f6f0 Size: 121 Object: Hidden Code [Driver: iaStor, IRP_MJ_CREATE] Process: System Address: 0x8b2561e8 Size: 121 Object: Hidden Code [Driver: iaStor, IRP_MJ_CLOSE] Process: System Address: 0x8b2561e8 Size: 121 Object: Hidden Code [Driver: iaStor, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8b2561e8 Size: 121 Object: Hidden Code [Driver: iaStor, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a874ee0 Size: 288 Object: Hidden Code [Driver: iaStor, IRP_MJ_POWER] Process: System Address: 0x8b2561e8 Size: 121 Object: Hidden Code [Driver: iaStor, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8b2561e8 Size: 121 Object: Hidden Code [Driver: iaStor, IRP_MJ_PNP] Process: System Address: 0x8b2561e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE] Process: System Address: 0x8b2c91e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ] Process: System Address: 0x8b2c91e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE] Process: System Address: 0x8b2c91e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x8b2c91e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8b2c91e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8b2c91e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN] Process: System Address: 0x8b2c91e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP] Process: System Address: 0x8b2c91e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER] Process: System Address: 0x8b2c91e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8b2c91e8 Size: 121 Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP] Process: System Address: 0x8b2c91e8 Size: 121 Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_CREATE] Process: System Address: 0x8ac8c1e8 Size: 121 Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_CLOSE] Process: System Address: 0x8ac8c1e8 Size: 121 Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8ac8c1e8 Size: 121 Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a7f34f8 Size: 687 Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_POWER] Process: System Address: 0x8ac8c1e8 Size: 121 Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8ac8c1e8 Size: 121 Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_PNP] Process: System Address: 0x8ac8c1e8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE] Process: System Address: 0x89fb81e8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE] Process: System Address: 0x89fb81e8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89fb81e8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89fb81e8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP] Process: System Address: 0x89fb81e8 Size: 121 Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP] Process: System Address: 0x89fb81e8 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE] Process: System Address: 0x8a75a790 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE] Process: System Address: 0x8a75a790 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x8a75a790 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x8a75a790 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER] Process: System Address: 0x8a75a790 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x8a75a790 Size: 121 Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP] Process: System Address: 0x8a75a790 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP] Process: System Address: 0x89fa51e8 Size: 121 Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_CREATE] Process: System Address: 0x89f7f790 Size: 121 Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_CLOSE] Process: System Address: 0x89f7f790 Size: 121 Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_READ] Process: System Address: 0x89f7f790 Size: 121 Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_QUERY_INFORMATION] Process: System Address: 0x89f7f790 Size: 121 Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_SET_INFORMATION] Process: System Address: 0x89f7f790 Size: 121 Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_QUERY_VOLUME_INFORMATION] Process: System Address: 0x89f7f790 Size: 121 Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_DIRECTORY_CONTROL] Process: System Address: 0x89f7f790 Size: 121 Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_FILE_SYSTEM_CONTROL] Process: System Address: 0x89f7f790 Size: 121 Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_DEVICE_CONTROL] Process: System Address: 0x89f7f790 Size: 121 Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_SHUTDOWN] Process: System Address: 0x89f7f790 Size: 121 Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_LOCK_CONTROL] Process: System Address: 0x89f7f790 Size: 121 Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_CLEANUP] Process: System Address: 0x89f7f790 Size: 121 Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_PNP] Process: System Address: 0x89f7f790 Size: 121 Shadow SSDT ------------------- #: 307 Function Name: NtUserAttachThreadInput Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c716c #: 347 Function Name: NtUserDdeSetQualityOfService Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7100 #: 383 Function Name: NtUserGetAsyncKeyState Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c70be #: 414 Function Name: NtUserGetKeyboardState Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c6f80 #: 416 Function Name: NtUserGetKeyState Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c6f3a #: 460 Function Name: NtUserMessageCall Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c6cbc #: 475 Function Name: NtUserPostMessage Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c6b46 #: 476 Function Name: NtUserPostThreadMessage Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c6b9a #: 491 Function Name: NtUserRegisterRawInputDevices Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c6d1a #: 502 Function Name: NtUserSendInput Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c6b0c #: 549 Function Name: NtUserSetWindowsHookEx Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c6498 #: 552 Function Name: NtUserSetWinEventHook Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c67c6 ==EOF==

Bonjour Thanos. ah, je ne pensais pas que mon pc poserait tant de problèmes. j'ai essayé de faire les 2 manips proposées (1) et 2)): la 2ème avec foxscan n'a pas posé de problèmes (voir rapport ci-dessous) mais pour la 1ère avec GMER Rootkit Scanner, je l'ai lancé 4 fois: la première: le PC a planté (peut-être l'écran de veille) --> reset et désactivation de l'écran de veille 2ème essai: au bout de 10mn de scan environ, le PC redémarre tout seul 3ème essai: au bout de 10mn (env. l'application plante) --> reset 4ème essai: comme le 2ème. J'avais fermé toutes les application, désactivé l'antivirus. Faut-il que j'arrête le scan avant la fin (apparemment, seule la base de registre a été scannée avant chaque plantage) 2) rapport de Foxscan: FoxScan Version 1.1.1 Par Loup blanc - Zebulon.fr Scan lancé le 28/01/2010 à 15:58 Microsoft Windows XP Professionnel Service Pack 3 [version 5.1.2600] Mozilla Firefox version : 3.6 (fr) Dossier d'installation : C:\Program Files\Mozilla Firefox ================================================================================ = ---------- Compte utilisateur : bastien ================================================================================ = Profil : default Dossier du profil : C:\Documents and Settings\bastien\Application Data\mozilla\firefox\Profiles\xzvjh5f4.default\ Pages de démarrage prefs.js : "http://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official" //////////// Configuration \\\\\\\\\\\\\ ======= Profil : default ======= Mise à jour Firefox : Activé Mise à jour des modules complémentaires : Activé Mise à jour des moteurs de recherche : Activé Java : Activé Javascript : Activé Proxy : Pas de Proxy //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : default ======= La notification d'installation des modules complémentaires est activée //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : default ======= Recherche dans "prefs.js" : browser.search.defaultenginename : browser.search.defaulturl : browser.search.selectedEngine : keyword.URL : keyword.enable : User.js trouvé browser.search.defaultenginename : browser.search.defaulturl : browser.search.selectedEngine : keyword.URL : keyword.enable : --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Documents and Settings\bastien\Application Data\mozilla\firefox\Profiles\xzvjh5f4.default\searchplugins\siteadvisor.xml Template : http://www.siteadvisor.com/lookup?q ================================================================================ = ---------- Compte utilisateur : laurent [session en cours] ================================================================================ = Profil : default Dossier du profil : C:\Documents and Settings\laurent\Application Data\mozilla\firefox\Profiles\ol87xva0.default\ //////////// Configuration \\\\\\\\\\\\\ ======= Profil : default ======= Mise à jour Firefox : Activé Mise à jour des modules complémentaires : Activé Mise à jour des moteurs de recherche : Activé Java : Activé Javascript : Activé Proxy : Pas de Proxy //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : default ======= La notification d'installation des modules complémentaires est activée Nom : Default Dossier : C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ Etat : actif Nom : Java Console Dossier : C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ Etat : actif Nom : AutoPager Dossier : C:\Documents and Settings\laurent\Application Data\mozilla\firefox\Profiles\ol87xva0.default\extensions\autopager@mozilla.org\ Etat : actif Nom : Tab Kit Dossier : C:\Documents and Settings\laurent\Application Data\mozilla\firefox\Profiles\ol87xva0.default\extensions\tabkit@jomel.me.uk\ Etat : Inactif Nom : Forecastfox Dossier : C:\Documents and Settings\laurent\Application Data\mozilla\firefox\Profiles\ol87xva0.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}\ Etat : Inactif Nom : Microsoft .NET Framework Assistant Dossier : C:\Documents and Settings\laurent\Application Data\mozilla\firefox\Profiles\ol87xva0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ Etat : actif Nom : Adblock Plus Dossier : C:\Documents and Settings\laurent\Application Data\mozilla\firefox\Profiles\ol87xva0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\ Etat : actif Nom : Java Quick Starter Dossier : C:\Program Files\Java\jre6\lib\deploy\jqs\ff\ Etat : actif Nom : BitDefender Antiphishing Toolbar Dossier : C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ Etat : actif //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : default ======= Recherche dans "prefs.js" : browser.search.defaultenginename : browser.search.defaulturl : browser.search.selectedEngine : keyword.URL : keyword.enable : --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur ================================================================================ = ---------- Compte utilisateur : LocalService ================================================================================ = Profil : default Dossier du profil : C:\Documents and Settings\LocalService\Application Data\mozilla\firefox\Profiles\6oc1lkn1.default\ Pages de démarrage prefs.js : "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official" //////////// Configuration \\\\\\\\\\\\\ ======= Profil : default ======= Mise à jour Firefox : Activé Mise à jour des modules complémentaires : Activé Mise à jour des moteurs de recherche : Activé Java : Activé Javascript : Activé Proxy : Pas de Proxy //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : default ======= La notification d'installation des modules complémentaires est activée //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : default ======= Recherche dans "prefs.js" : browser.search.defaultenginename : browser.search.defaulturl : browser.search.selectedEngine : keyword.URL : keyword.enable : User.js trouvé browser.search.defaultenginename : browser.search.defaulturl : browser.search.selectedEngine : keyword.URL : keyword.enable : --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur ================================================================================ = ---------- Compte utilisateur : pépé ================================================================================ = Profil : default Dossier du profil : C:\Documents and Settings\pépé\Application Data\mozilla\firefox\Profiles\4joczkou.default\ //////////// Configuration \\\\\\\\\\\\\ ======= Profil : default ======= Mise à jour Firefox : Activé Mise à jour des modules complémentaires : Activé Mise à jour des moteurs de recherche : Activé Java : Activé Javascript : Activé Proxy : Pas de Proxy //////////// Modules complémentaires \\\\\\\\\\\\\ ======= Profil : default ======= La notification d'installation des modules complémentaires est activée Nom : Default Dossier : C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\ Etat : actif Nom : Java Console Dossier : C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ Etat : actif Nom : Microsoft .NET Framework Assistant Dossier : C:\Documents and Settings\pépé\Application Data\mozilla\firefox\Profiles\4joczkou.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\ Etat : actif Nom : Java Quick Starter Dossier : C:\Program Files\Java\jre6\lib\deploy\jqs\ff\ Etat : actif Nom : BitDefender Antiphishing Toolbar Dossier : C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\ Etat : actif //////////// Plugins de recherche \\\\\\\\\\\\\ ======= Profil : default ======= Recherche dans "prefs.js" : browser.search.defaultenginename : browser.search.defaulturl : browser.search.selectedEngine : keyword.URL : keyword.enable : --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur ================================================================================ = ---------- Section commune ================================================================================ = //////////// DLL présentes dans C:\Program Files\Mozilla Firefox\components \\\\\\\\\\\\\ browserdirprovider.dll brwsrcmp.dll FFComm.dll ------------------------------------------------------ //////////// Plugins de recherche \\\\\\\\\\\\\ --------- Moteurs de recherche trouvés ------------ + Formulaire de recherche configuré pour le moteur C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml Template : http://www.amazon.fr/exec/obidos/external-search/ C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml Template : http://www.cnrtl.fr/lexicographie/{searchTerms} C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml Template : http://rover.ebay.com/rover/1/709-47295-17703-3/4 C:\Program Files\Mozilla Firefox\searchplugins\google.xml Template : http://www.google.com/search C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml Template : http://fr.wikipedia.org/wiki/Special:Recherche C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml Template : http://fr.search.yahoo.com/search ------------------------------------------------------ //////////// Plugins configurés dans la Base de registre \\\\\\\\\\\\\ [HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/FlashPlayer] "Description"="Adobe® Flash® Player 10" "Vendor"="Adobe Systems Incorporated" "Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@divx.com/DivX Browser Plugin,version=1.0.0] "Description"="DivX Web Player" "Vendor"="DivX,Inc." [HKEY_LOCAL_MACHINE\software\mozillaplugins\@Google.com/GoogleEarthPlugin] "Description"="Google Earth in your browser" "Vendor"="Google Inc." "Path"="C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@ma-config.com/HardwareDetection] "Description"="Détection de sa configuration" "Vendor"="CybelSoft" "Path"="C:\Program Files\ma-config.com\nphardwaredetection.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@Microsoft.com/NpCtrl,version=1.0] "Description"="Ag Player Plugin" "Vendor"="Microsoft" "Path"="c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/WLPG,version=14.0.8064.0206] "Description"="WLPG Install MIME type" "Vendor"="Microsoft" "Path"="C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/WPF,version=3.5] "Description"="Windows Presentation Foundation plug-in for Mozilla browsers" "Vendor"="Microsoft Corp." "Path"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@pack.google.com/Google Updater;version=13] "Description"="Google Updater" "Vendor"="Google Inc." "Path"="C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nppl3260;version=6.0.12.69] "Description"="RealPlayer LiveConnect-Enabled Plug-In" "Vendor"="RealNetworks" "Path"="C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nprpjplug;version=6.0.12.69] "Description"="6.0.12.69" "Vendor"="RealNetworks" "Path"="C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nsJSRealPlayerPlugin;version=] [HKEY_LOCAL_MACHINE\software\mozillaplugins\@tools.google.com/Google Update;version=8] "Description"="Google Update" "Vendor"="Google" "Path"="C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll" [HKEY_LOCAL_MACHINE\software\mozillaplugins\@zylom.com/ZylomGamesPlayer] "Description"="Zylom Games Player 1.00" "Vendor"="zylom" "Path"="C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll" ------------------------------------------------------ //////////// Recherche additionnelles... \\\\\\\\\\\\\ ==== Extension supplémentaire ==== [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions] "{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\" "jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff" "FFToolbar@bitdefender.com"="C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\" [HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6\extensions] =========================== Fin du rapport ===========================

Aïe! premier os!! Je suppose que combofix travaille en mode sans échec: j'avais déjà fait l'essai: Lors d'une attaque virus (2 ans déjà), j'avais eu qques pb de PC, et depuis le mode sans échec n'est plus fonctionnel. En lançant combofix (ou laur.exe à l'instant), le PC s'est mis dans une boucle infernale (arret->marche->arret->etc.). j'ai du démarrer sous "dernière bonne configuration connue", puis tuer le process en cours et finalement renommer le répertoire C/laur (merci unlocker) pour récupérer la main. (et j'ai vérifié, le combofix.txt n'a pas été créé) Et je ne sais pas comment récupérer ce mode sans échec (il me semble qu'à l'époque j'avais essayé sans succès une réparation windows avec le cd d'instal). A ta question: ai-je le problème avec IE, je répondrais apparemment non: j'utilise rarement IE, mais il y a 15 jours (avant de virer tous les fichiers sous \Application Data\Mozilla\Firefox), le problème était devenu si bloquant, que je suis passé sous IE qui marchait normalement. En regardant dans le gestionnaire des tâche, je ne l'ai jamais vu en route. Alors que pour firefox, c'est presque systématique: au bout de 2-3heures (PC sous tension mais non utilisé, firefox fermé), firefox apparait dans le gestionnaire de tâches (mais pas à l'écran).

Bonjour Thanos. désolé pour la réponse tardive: je suis rentré hier, et j'ai attendu que le problème se reproduise pour faire la manip que tu m'a proposée (peut-être qu'il y aura des info + intéressantes??). donc dessous les 2 fichiers générés: info.txt logfile of random's system information tool 1.06 2010-01-27 21:14:05 ======Uninstall list====== -->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5} -->MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D} -->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095} -->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf Action Replay Code Manager-->"C:\Program Files\Datel\Action Replay Code Manager\unins000.exe" Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723} Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe Adobe Reader 8.1.5 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003} Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D} AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5} AIMP2-->C:\Program Files\AIMP2\Uninstall.exe Anooki 6-0 Screen Saver-->C:\WINDOWS\system32\Anooki 6-0.scr /u Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7} ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean Avidemux 2.5-->C:\Program Files\Avidemux 2.5\uninstall.exe AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe" AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe" AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe" Babylon-->C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe BadCopy Pro-->C:\PROGRA~1\Jufsoft\BadCopy\UNWISE.EXE C:\PROGRA~1\Jufsoft\BadCopy\INSTALL.LOG BitDefender Total Security 2010-->MsiExec.exe /X{1CF54269-B462-4D2A-84F6-A71A7F3A358C} Brothers In Arms EiB-->C:\Program Files\Ubisoft\Gearbox Software\BrothersInArmsEiB\System\Setup.exe uninstall "BrothersInArmsEiB" Call of Duty® 4 - Modern Warfare-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c Canon PhotoRecord-->MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE} Canon PIXMA iP4000-->C:\WINDOWS\system32\CNMCP64.exe "-PRINTERNAMECanon PIXMA iP4000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmi040c.dll" Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE Catalyst Control Center - Branding-->MsiExec.exe /I{8D7133DE-27D2-47E5-B248-4180278D32AA} CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe" CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe" Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E} CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD" CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2" CodeStuff Starter-->"C:\Program Files\CodeStuff\Starter\unStarter.exe" Coeur-->"C:\Program Files\Coeur\unins000.exe" Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3} Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe" Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe" Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76} Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716} Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413} DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF} Duplicate Cleaner 1.4.3-->"C:\Program Files\Duplicate Cleaner\unins000.exe" EarthView-->C:\Program Files\EarthView\Uninstall.exe Easy CD-DA Extractor 12-->"C:\WINDOWS\Easy CD-DA Extractor 12.0.3\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 12\irunin.xml" EasyRecovery Professional-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1036 Easy-WebPrint-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu" eBay Icon-->C:\Documents and Settings\laurent\Application Data\Desktopicon\uninst.exe Fable - The Lost Chapters-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD} FastStone Image Viewer 3.6-->C:\Program Files\FastStone Image Viewer\uninst.exe Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe FSX_Screensaver-->C:\Program Files\FSX_Screensaver\Uninstall.exe Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF} GemMaster Mystic-->"C:\Program Files\GemMasterFrench\uninstallgemmaster.exe" GeoGebra-->"C:\Program Files\GeoGebra\UninstallerData\Uninstaller.exe" Gestionnaire Internet-->C:\PROGRA~1\Wanadoo\uninstall.exe Google SketchUp 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2} Google Earth-->MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466} Hard to be a God-->"C:\Program Files\Nobilis\Hard to be a God\unins000.exe" Heroes of Annihilated Empires-->"C:\Program Files\HeroesOfAE\unins000.exe" HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT="" Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT="" Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe" Il était une fois la vie-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\ATLAS\Il était une fois la vie\Uninst.isu" Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D} Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe IrfanView (remove only)-->C:\Program Files\irfanview\iv_uninstall.exe IsoBuster 2.6-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe" J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100} J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110} J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060} Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF} Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050} Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3} jv16 PowerTools 2009-->"C:\Program Files\jv16 PowerTools 2009\unins000.exe" K-Lite Mega Codec Pack 4.7.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe" Language Engineering Power Translator-->MsiExec.exe /I{66EDF2E5-6C37-4939-A837-FBF2C52F91CD} Le Bidulo Trésor-->C:\emme\BiduloTresor\Desinst.exe Le Seigneur des Anneaux® - L’Age des Conquêtes™-->MsiExec.exe /X{628C3D50-F524-4C49-A958-672CE7953756} Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall LegionArena-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4CA9839A-F660-4F7F-BD45-F466512ECE20}\Setup.exe" -l0x40c LEGO® Indiana Jones™ 2: L'Aventure Continue-->C:\Program Files\InstallShield Installation Information\{11192AA7-FBE3-4150-9667-EE7279CCC769}\Setup.exe -runfromtemp -l0x040c Les Indispensables Éducation pour Microsoft Office-->MsiExec.exe /X{B348E585-E872-41DF-8234-E2D49917CFBB} LifeGlobe Goldfish Aquarium-->"C:\Program Files\Prolific Publishing, Inc.\Goldfish Aquarium\unins000.exe" LifeGlobe Sharks, Terrors of the Deep 2-->"C:\Program Files\Prolific Publishing, Inc\Sharks2\unins000.exe" Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF1B5DF7-8DF5-4D38-BFF0-FDC7B7847C00}\setup.exe" -l0x40c Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x40c UNINSTALL Lupas Rename 2000 v5.0 Release-->"C:\Program Files\Lupas Rename 2000\unins000.exe" Ma-Config.com-->MsiExec.exe /X{18754BA4-4F0C-4E6E-888B-9496AFA05F43} Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe" MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120} Media Player Classic Ver.6.4.9.1 (Build.82)-->C:\Program Files\Media Player Classic\Uninstal.exe MediaInfo 0.7.27-->C:\Program Files\MediaInfo\uninst.exe Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C} Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe" Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700} Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp" Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940} Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8} Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7} Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC} Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} Microsoft Encarta 2008 - Études-->MsiExec.exe /I{08181881-FCA5-44A7-B863-D66037A16AAF} Microsoft Encarta Maths-->MsiExec.exe /I{07183840-959A-4B0D-8825-2C533F0DDB19} Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9} Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8} Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d} Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c} Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C} Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4} Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall MIDI MP3 Converter 4.00-->"C:\Program Files\MIDI MP3 Converter\unins000.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe" Mise à jour de sécurité pour Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe" Mise à jour pour Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe" Module linguistique Microsoft .NET Framework 3.5 - fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe Mon Bureau ADIBOU-->C:\WINDOWS\unin040c.exe -f"c:\Coktel\Mon Bureau ADIBOU\DeIsL2.isu" -cc:\Coktel\MONBUR~1\_ISREG32.DLL Mon Encyclopédie d'Histoire-->C:\Program Files\DK\Become a History Explorer\_uninst\uninstaller.exe Mon Premier Explorateur des Merveilles du Monde-->C:\Program Files\DK\Become a World Explorer\_uninst\uninstaller.exe Morrowind-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x40c Movie Collection 5.4.9.0-->"C:\Program Files\Movie Collection\unins000.exe" Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe Mozilla Thunderbird (3.0.1)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94} MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F} MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF} MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71} MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC} MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E} Navigateur Orange-->C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl Nero 9 Trial-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-209M-AH6P-5UW0-WHAW-C53X-473X-79MH" Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB} Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A} Nero Disc Copy Gadget-->MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3} Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139} Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF} NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8} NfoDiz 6.0 Setup-->C:\PROGRA~1\NFODIZ~1.0\UNWISE.EXE C:\PROGRA~1\NFODIZ~1.0\INSTALL.LOG Oblivion - Construction Set-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23D683DD-93C6-48E6-B84E-78B57778F126}\setup.exe" -l0x9 -removeonly Oblivion-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x40c -removeonly Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238} Papyrus-->C:\PROGRA~1\UBISOF~1\PAPYRUS\UNWISE.EXE C:\PROGRA~1\UBISOF~1\PAPYRUS\INSTALL.LOG PDFCreator-->C:\Program Files\PDFCreator\unins000.exe PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804} Prince of Persia-->"C:\Program Files\InstallShield Installation Information\{7C11154F-3539-4CB5-979D-EF7913473E53}\setup.exe" -runfromtemp -l0x040c -removeonly PrintMaster Platinum 17-->MsiExec.exe /I{01DAB7E2-DEC5-4FBD-893E-612FA6758A4D} Programme de gestion Camera de Logitech-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l040c QuickTime Alternative 1.78-->"C:\Program Files\QuickTime Alternative\unins000.exe" QuickTime for Windows (32-bit)-->C:\WINDOWS\QTW32DEL.EXE Recover My Files-->"C:\Program Files\GetData\Recover My Files\unins000.exe" Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe" RGSS de RMXP version 1.0.1-->"C:\Program Files\Bodom-Child - RaBBi\RGSS\unins000.exe" SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly Samsung Samples Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x40c -removeonly SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A} Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe" Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7} SereneScreen Marine Aquarium 2.6-->"C:\Program Files\SereneScreen\Marine Aquarium 2.6\unins000.exe" Solstice-->C:\Program Files\Solstice\Uninstall.exe "C:\Program Files\Solstice\install.log" Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1} Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011} Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E} Spellforce 2 - Dragon Storm -->MsiExec.exe /I{2F270E5D-573B-4507-92E0-29FB6E700C7F} Star Wars Jedi Knight Jedi Academy-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}\Setup.exe" -l0x9 Stellarium 0.9.1-->"C:\Program Files\Stellarium\unins000.exe" Strike Ball-->"C:\Program Files\Strike Ball\ReflexiveArcade\unins000.exe" Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe" SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0 Super Finder XT 1.6.2.1-->"C:\Program Files\FSL\SuperFinder\unins001.exe" SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe" SuperF4-->"C:\Program Files\SuperF4\Uninstall.exe" TES Construction Set-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x40c The Logo Creator v5-->C:\WINDOWS\unvise32.exe C:\Program Files\The Logo Creator v5\uninstal.log Tomb Raider - The Last Revelation-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Core Design\Tomb Raider - The Last Revelation\Uninst.isu" TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall Two Worlds-->C:\Program Files\Reality Pump\Two Worlds\Uninstall.exe UltraISO Premium V9.33-->"C:\Program Files\UltraISO\unins000.exe" Universalis 13-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Universalis\Universalis 13\Uninst.isu" Unlocker 1.8.8-->C:\Program Files\Unlocker\uninst.exe Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT="" VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe WBEncarta-->RunDll32.exe advpack.dll, LaunchINFSectionEx C:\Program Files\Learning Essentials\1.0\fr\FR\WBEncarta\Uninstall\Uninstall.inf,Uninstall,,,N Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41} Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52} Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657} Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E} Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1} Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4} Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe" Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe" Hosts File Missing ======Security center information====== AV: BitDefender Antivirus FW: BitDefender Pare-feu ======Environment variables====== "ComSpec"=%SystemRoot%\system32\cmd.exe "Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Intel\DMIX;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\PROGRA~1\DISKEE~1\DISKEE~1\;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\IVT Corporation\BlueSoleil\Mobile "windir"=%SystemRoot% "FP_NO_HOST_CHECK"=NO "OS"=Windows_NT "PROCESSOR_ARCHITECTURE"=x86 "PROCESSOR_LEVEL"=6 "PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel "PROCESSOR_REVISION"=0f06 "NUMBER_OF_PROCESSORS"=2 "PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH "TEMP"=%SystemRoot%\TEMP "TMP"=%SystemRoot%\TEMP -----------------EOF----------------- ________________________________________________________________________________ _______________________________ Logfile of random's system information tool 1.06 (written by random/random) Run by laurent at 2010-01-28 23:31:34 Microsoft Windows XP Professionnel Service Pack 3 System drive C: has 18 GB (6%) free of 300 GB Total RAM: 2046 MB (71% free) Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 23:31:42, on 28/01/2010 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\system32\spoolsv.exe c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe C:\WINDOWS\system32\cisvc.exe C:\WINDOWS\eHome\ehRecvr.exe C:\WINDOWS\eHome\ehSched.exe C:\WINDOWS\System32\FTRTSVC.exe C:\Program Files\Google\Update\GoogleUpdate.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Java\jre6\bin\jqs.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE C:\WINDOWS\system32\PnkBstrA.exe C:\WINDOWS\system32\PSIService.exe C:\WINDOWS\system32\svchost.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe C:\WINDOWS\system32\SearchIndexer.exe C:\WINDOWS\system32\cidaemon.exe C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe C:\WINDOWS\system32\Ati2evxx.exe C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\stsystra.exe C:\Program Files\Java\jre6\bin\jusched.exe C:\Program Files\Unlocker\UnlockerAssistant.exe C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe C:\Program Files\SuperCopier2\SuperCopier2.exe C:\WINDOWS\system32\ctfmon.exe C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Program Files\FSL\SuperFinder\SuperFinder.exe C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe C:\Program Files\Internet Download Manager\IEMonitor.exe C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\Program Files\Mozilla Firefox\firefox.exe C:\WINDOWS\system32\taskmgr.exe C:\Documents and Settings\laurent\Bureau\RSIT.exe C:\Program Files\trend micro\laurent.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=2070128 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig/dell?hl=fr&cli...amp;ibd=2070128 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=2070128 R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ig/dell?hl=fr&cli...amp;ibd=2070128 R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file) R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file) O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe" O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe" O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe" O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU') O4 - HKUS\S-1-5-21-871840397-1802110598-3649274961-1014\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Vero') O4 - Startup: Super Finder XT.lnk = C:\Program Files\FSL\SuperFinder\SuperFinder.exe O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000 O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU) O15 - Trusted Zone: http://*.mcafee.com O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll O20 - Winlogon Notify: ljJBQkiG - C:\WINDOWS\ O23 - Service: BitDefender Serveur Arrakis (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe (file missing) O23 - Service: BsMobileCS - Unknown owner - (no file) O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe O23 - Service: Google Update Service (gupdate1c989509d62cb3a) (gupdate1c989509d62cb3a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing) O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe -- End of file - 11641 bytes ======Scheduled tasks folder====== C:\WINDOWS\tasks\Google Software Updater.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for laurent.job C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for laurent.job C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Vero.job C:\WINDOWS\tasks\Recherche de problèmes automatique.job ======Registry dump====== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}] IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-11-11 173488] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}] Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}] Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}] Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-29 764912] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}] JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll [2010-01-07 128832] [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-07-24 282624] "SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280] "UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2009-10-26 15872] "IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904] "BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe [2010-01-07 71152] "BDAgent"=C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe [2010-01-07 1118144] "Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392] [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2009-11-21 3171760] "SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2009-08-16 955392] "ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360] "swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-07 39408] C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe C:\Documents and Settings\laurent\Menu Démarrer\Programmes\Démarrage Super Finder XT.lnk - C:\Program Files\FSL\SuperFinder\SuperFinder.exe [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent] C:\WINDOWS\system32\Ati2evxx.dll [2009-11-25 155648] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJBQkiG] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon] C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128] WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks] "{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll, [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System] "NoDispAppearancePage"=0 "DisableClock"=0 "NoDispCPL"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1 "InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles "InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme "EnableLUA"=0 "DisableTaskMgr"=0 [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "NoDriveTypeAutoRun"=145 "NoActiveDesktopChanges"=0 "NoRun"=0 "NoFind"=0 "NoMultiIE"=0 "LWA"=0 "LWB"=0 "LWC"=0 "LWD"=0 "LWE"=0 "LWF"=0 "LWG"=0 "LWH"=0 "LWI"=0 "LWJ"=0 "LWK"=0 "LWL"=0 "LWM"=0 "LWN"=0 "LWO"=0 "LWP"=0 "LWQ"=0 "LWR"=0 "LWS"=0 "LWT"=0 "LWU"=0 "LWV"=0 "LWW"=0 "LWX"=0 "LWY"=0 "LWZ"=0 "NoDrives"=0 [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer] "HonorAutoRunSetting"= [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\emule extrem\emule.exe"="C:\Program Files\emule extrem\emule.exe:*:Enabled:eMule" "C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III" "C:\Documents and Settings\manon\Mes documents\Ma musique\LimeWire\LimeWire.exe"="C:\Documents and Settings\manon\Mes documents\Ma musique\LimeWire\LimeWire.exe:*:Enabled:LimeWire" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" "C:\Program Files\Reality Pump\Two Worlds\TwoWorlds.exe"="C:\Program Files\Reality Pump\Two Worlds\TwoWorlds.exe:*:Enabled:Two Worlds" "C:\Program Files\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe"="C:\Program Files\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe:*:Enabled:Two Worlds" [HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list] "%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019" "C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger" "%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000" "C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call" "C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync" ======File associations====== .reg - open - regedit.exe "%1" %* ======List of files/folders created in the last 1 months====== 2012-06-06 07:40:20 ----A---- C:\WINDOWS\bdagent.INI 2012-06-06 00:07:39 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$ 2012-06-06 00:05:07 ----D---- C:\Program Files\MSBuild 2012-06-06 00:05:02 ----D---- C:\WINDOWS\system32\XPSViewer 2012-06-06 00:04:57 ----D---- C:\WINDOWS\system32\en-us 2012-06-06 00:04:56 ----D---- C:\Program Files\Reference Assemblies 2012-06-06 00:04:08 ----N---- C:\WINDOWS\system32\spmsg2.dll 2012-06-05 20:19:01 ----A---- C:\WINDOWS\system32\un2065.txt 2012-06-05 20:19:01 ----A---- C:\WINDOWS\system32\2065.txt 2012-06-05 20:13:17 ----D---- C:\Program Files\BitDefender 2012-06-05 14:00:47 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt 2010-01-31 00:26:12 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$ 2010-01-27 23:01:17 ----A---- C:\WINDOWS\OEWABLog.txt 2010-01-27 21:01:15 ----A---- C:\WINDOWS\SchedLgU.Txt 2010-01-27 20:46:34 ----D---- C:\rsit 2010-01-27 20:46:34 ----D---- C:\Program Files\trend micro 2010-01-25 21:45:42 ----D---- C:\ComboFix 2010-01-25 21:45:15 ----D---- C:\Qoobox 2010-01-24 12:39:27 ----A---- C:\Documents and Settings\laurent\Application Data\bdfvconp.ini 2010-01-21 23:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$ 2010-01-17 14:43:03 ----D---- C:\Program Files\Datel 2010-01-12 23:26:27 ----D---- C:\Program Files\Solstice 2010-01-10 15:06:49 ----A---- C:\WINDOWS\system32\phversion.txt 2010-01-09 19:43:17 ----D---- C:\Documents and Settings\laurent\Application Data\AIMP 2010-01-09 19:43:07 ----D---- C:\Program Files\AIMP2 2010-01-08 23:37:11 ----D---- C:\Documents and Settings\All Users\Application Data\Screentime 2010-01-08 20:38:57 ----D---- C:\Program Files\SuperF4 2010-01-08 08:54:53 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$ 2010-01-07 22:57:54 ----D---- C:\a85652ac9bf77d142f 2010-01-07 22:32:33 ----D---- C:\c8b67902feee843581 2010-01-07 21:45:48 ----D---- C:\Documents and Settings\laurent\Application Data\Windows Search 2010-01-07 21:23:57 ----D---- C:\c464c8d39d38cf0c61a3106af9 2010-01-07 21:23:54 ----D---- C:\Documents and Settings\laurent\Application Data\Windows Desktop Search 2010-01-07 21:23:33 ----D---- C:\WINDOWS\system32\GroupPolicy 2010-01-07 21:23:33 ----D---- C:\Program Files\Windows Desktop Search 2010-01-07 21:23:27 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$ 2010-01-07 21:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$ 2010-01-07 20:49:24 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$ 2010-01-07 19:55:35 ----D---- C:\Documents and Settings\laurent\Application Data\BitDefender 2010-01-07 19:55:14 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender 2010-01-07 19:54:57 ----D---- C:\Program Files\Fichiers communs\BitDefender 2010-01-07 19:35:28 ----A---- C:\bdlog.txt 2010-01-07 19:34:47 ----D---- C:\Documents and Settings\laurent\Application Data\BD_TEMP 2010-01-07 19:02:12 ----D---- C:\Program Files\Fichiers communs\Adobe AIR 2010-01-07 18:58:25 ----D---- C:\Program Files\League of Legends 2010-01-03 13:28:58 ----A---- C:\WINDOWS\system32\uxtuneup.dll 2010-01-03 13:28:58 ----A---- C:\WINDOWS\system32\TURegOpt.exe 2010-01-03 13:28:40 ----D---- C:\Program Files\TuneUp Utilities 2010 2010-01-03 13:28:12 ----SHD---- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC} 2009-12-31 17:28:08 ----A---- C:\WINDOWS\system32\winlogon.exe 2009-12-31 16:28:07 ----D---- C:\Program Files\Duplicate Cleaner 2009-12-31 16:21:22 ----D---- C:\Documents and Settings\laurent\Application Data\Similarity 2009-12-31 12:54:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware 2009-12-30 13:19:34 ----A---- C:\WINDOWS\system32\bda2F.tmp ======List of files/folders modified in the last 1 months====== 2012-06-06 00:04:29 ----D---- C:\WINDOWS\system32\spool 2012-06-05 14:02:58 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor 2010-01-28 23:30:56 ----D---- C:\Documents and Settings\laurent\Application Data\DMCache 2010-01-28 22:15:19 ----D---- C:\WINDOWS\Temp 2010-01-28 21:41:43 ----D---- C:\Program Files\emule extrem 2010-01-28 21:40:38 ----D---- C:\Program Files\Mozilla Thunderbird 2010-01-28 14:57:27 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon 2010-01-28 14:39:47 ----D---- C:\WINDOWS\system32 2010-01-28 12:37:41 ----SHD---- C:\WINDOWS\Installer 2010-01-28 12:37:41 ----SHD---- C:\Config.Msi 2010-01-28 08:40:57 ----D---- C:\Documents and Settings\laurent\Application Data\IDM 2010-01-28 08:13:28 ----A---- C:\WINDOWS\ModemLog_Bluetooth DUN Modem.txt 2010-01-27 23:01:17 ----AD---- C:\WINDOWS 2010-01-27 23:01:14 ----SD---- C:\WINDOWS\Downloaded Program Files 2010-01-27 23:01:14 ----D---- C:\Program Files\Web Publish 2010-01-27 23:01:14 ----D---- C:\Program Files 2010-01-27 23:00:58 ----D---- C:\Documents and Settings 2010-01-27 22:56:31 ----HD---- C:\WINDOWS\system32\drivers 2010-01-27 22:48:02 ----SD---- C:\WINDOWS\Tasks 2010-01-27 21:19:35 ----D---- C:\WINDOWS\system32\config 2010-01-27 21:01:43 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater 2010-01-26 18:43:34 ----SHD---- C:\System Volume Information 2010-01-26 18:43:34 ----D---- C:\WINDOWS\system32\Restore 2010-01-25 21:19:18 ----D---- C:\Documents and Settings\laurent\Application Data\vlc 2010-01-25 21:18:59 ----D---- C:\Documents and Settings\laurent\Application Data\dvdcss 2010-01-21 23:46:48 ----D---- C:\WINDOWS\system32\CatRoot2 2010-01-21 23:01:33 ----HD---- C:\WINDOWS\inf 2010-01-21 23:01:21 ----RSHDC---- C:\WINDOWS\system32\dllcache 2010-01-21 22:10:14 ----D---- C:\Program Files\Mozilla Firefox 2010-01-21 20:54:08 ----HD---- C:\WINDOWS\$hf_mig$ 2010-01-21 19:27:10 ----SHD---- C:\RECYCLER 2010-01-21 11:27:03 ----D---- C:\Program Files\Microsoft Silverlight 2010-01-19 23:25:52 ----D---- C:\WINDOWS\Prefetch 2010-01-14 18:33:10 ----D---- C:\WINDOWS\repair 2010-01-13 22:03:16 ----D---- C:\WINDOWS\Debug 2010-01-11 22:13:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP 2010-01-11 14:59:11 ----D---- C:\Program Files\GetData 2010-01-09 19:45:13 ----D---- C:\WINDOWS\Downloaded Installations 2010-01-09 19:45:13 ----D---- C:\WINDOWS\Cursors 2010-01-09 14:49:17 ----A---- C:\WINDOWS\BlendSettings.ini 2010-01-07 21:23:42 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft 2010-01-07 21:23:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI 2010-01-07 21:23:35 ----D---- C:\WINDOWS\system32\fr-fr 2010-01-07 21:23:33 ----D---- C:\WINDOWS\system32\wbem 2010-01-07 21:13:07 ----D---- C:\WINDOWS\AppPatch 2010-01-07 19:58:48 ----D---- C:\WINDOWS\system32\CatRoot 2010-01-07 19:54:57 ----D---- C:\Program Files\Fichiers communs 2010-01-07 19:47:55 ----D---- C:\WINDOWS\WinSxS 2010-01-07 19:04:13 ----D---- C:\images cd 2010-01-07 19:02:17 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe 2010-01-07 10:33:28 ----D---- C:\i386 2010-01-07 08:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$ 2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe 2010-01-04 21:01:04 ----D---- C:\WINDOWS\Registration 2010-01-04 20:55:06 ----A---- C:\WINDOWS\system.ini 2010-01-04 00:32:01 ----SH---- C:\boot.ini 2010-01-04 00:32:01 ----A---- C:\WINDOWS\win.ini 2010-01-03 13:37:18 ----D---- C:\Program Files\Canon 2010-01-03 13:28:31 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software 2010-01-03 13:27:03 ----D---- C:\Program Files\TuneUp Utilities 2009 2010-01-02 18:44:02 ----D---- C:\WINDOWS\pss 2009-12-31 15:34:51 ----D---- C:\Program Files\Microsoft Etudes ======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys [] R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024] R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576] R1 ISODrive;ISO CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys [] R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720] R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024] R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228] R1 prodrv04;Star Force copy protection driver v4; C:\WINDOWS\System32\drivers\prodrv04.sys [2008-03-19 114496] R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-12-13 5632] R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032] R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-12-05 278984] R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys [] R2 hnmwrlspkt;HomeNet Manager Wireless Protocol; C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-14 13824] R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-12-05 25416] R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-10-15 11136] R2 wsppkt;Wireless Security Protocol; C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-07-14 13696] R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-12-08 104512] R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-25 4463104] R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-10-31 93184] R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2010-01-07 152456] R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2010-01-07 110984] R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2009-07-24 285704] R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys [] R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400] R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760] R3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2005-09-01 14080] R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384] R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368] R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-01-21 26248] R3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys [] R3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys [] R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys [] R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-09-01 22528] R3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2005-09-01 1081856] R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys [] R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12288] R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888] R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-24 1156648] R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys [] R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032] R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128] R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208] R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520] R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368] R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608] R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2008-01-21 29960] S3 abnj2s0w;abnj2s0w; C:\WINDOWS\system32\drivers\abnj2s0w.sys [] S3 acqlnox9;acqlnox9; C:\WINDOWS\system32\drivers\acqlnox9.sys [] S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2008-01-21 14600] S3 BTCOMM;BTCOMM; C:\WINDOWS\system32\drivers\Btcomm.sys [] S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2008-03-06 38920] S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024] S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120] S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768] S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944] S3 BTKRNBDG;Bluetooth COM Bridge; C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys [] S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024] S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS [] S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys [] S3 CSRBC01;%CSRBC01.SvcDesc%; C:\WINDOWS\System32\Drivers\csrbc01.sys [] S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [] S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys [] S3 E100B;Pilote de carte Intel ® PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760] S3 GcKernel;Pilote de filtre Microsoft SideWinder Value Add; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136] S3 HIDSwvd;Minipilote de périphérique Microsoft SideWinder HID virtuel; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688] S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880] S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272] S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216] S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552] S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008] S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504] S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248] S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys [] S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880] S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS [] S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS [] S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-02-03 10368] S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys [] S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136] S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136] S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320] S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336] S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000] S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232] S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys [] S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856] S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104] S3 vad_multi;Windigo Virtual Audio Device (WDM); C:\WINDOWS\system32\drivers\vadmulti.sys [] S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2008-01-21 14856] S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528] S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200] S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944] S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368] S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928] S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752] S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008] S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-10 13952] S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504] S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960] S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240] ======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)====== R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-11-25 602112] R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568] R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424] R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960] R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2009-06-04 354840] R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376] R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [2010-01-07 309088] R2 LVPrcSrv;Logitech Process Monitor; c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [2005-09-01 81920] R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368] R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120] R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-04 66872] R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-12-12 174656] R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-17 1044808] R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe [2010-01-07 1622320] R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808] R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336] S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800] S2 gupdate1c989509d62cb3a;Google Update Service (gupdate1c989509d62cb3a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-07 133104] S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280] S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328] S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-07-05 358008] S3 Arrakis3;BitDefender Serveur Arrakis; C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-01-07 183880] S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312] S3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [] S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632] S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104] S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632] S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664] S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-12-17 243056] S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-07-02 3219320] S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136] S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-01-03 435016] S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336] S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240] S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-24 918016] S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096] -----------------EOF-----------------

Bonjour, ça fait maintenant 15 jours (peut-être plus, je n'ai pas compris de suite) que firefox démarre tout seul. Je m'explique: quand je veux démarrer firefox, un message me dit qu'un autre instance est déjà en cours: effectivement, dans le gestionnaire des tâche, je trouve un "firefox" ouvert: je tue le processus, et je peux enfin démarrer. et là, il essaie de se connecter sur le site "http://top-name.cn/in.cgi?5" que je ne connais pas. Dès fois, c'est 10 onglets qui s'ouvrent à la fois, toujours vers ce même site. Nous sommes plusieurs à utiliser le pc: tout le monde a le même pb sur sa session. J'ai fais des raz de cookies, historiques, etc: le pb reviens: firefox démarre souvent au démarrage de windows, et lorsqu'on tue le processus, et après un raz de l'historique, si on referme firefox, ça repart tout seul au bout de qque temps (1h environ, même le pc non utilisé). j'ai fait un balayage "complet" avec bitdefender. puis avec mbam: rien trouvé. j'ai fait une recherche de 'top-name" dans la bdr: rien. savez vous comment se débarrasser de ça? merci Edition complête Merci à Thanos pour toute son attention et ses conseils efficaces