démarrage intempestif de firefox : Résolu

[laur33]

Bonjour,

ça fait maintenant 15 jours (peut-être plus, je n'ai pas compris de suite) que firefox démarre tout seul. Je m'explique: quand je veux démarrer firefox, un message me dit qu'un autre instance est déjà en cours: effectivement, dans le gestionnaire des tâche, je trouve un "firefox" ouvert: je tue le processus, et je peux enfin démarrer. et là, il essaie de se connecter sur le site "http://top-name.cn/in.cgi?5" que je ne connais pas. Dès fois, c'est 10 onglets qui s'ouvrent à la fois, toujours vers ce même site. Nous sommes plusieurs à utiliser le pc: tout le monde a le même pb sur sa session. J'ai fais des raz de cookies, historiques, etc: le pb reviens: firefox démarre souvent au démarrage de windows, et lorsqu'on tue le processus, et après un raz de l'historique, si on referme firefox, ça repart tout seul au bout de qque temps (1h environ, même le pc non utilisé). j'ai fait un balayage "complet" avec bitdefender. puis avec mbam: rien trouvé. j'ai fait une recherche de 'top-name" dans la bdr: rien.

savez vous comment se débarrasser de ça?

merci

 

Edition complête

 

Merci à Thanos pour toute son attention et ses conseils efficaces

Modifié le 16 février 2010 par laur33

[Thanos]

Salut et bienvenue sur le forum

 

Quelques liens pour t'aider à commencer :

• Comment participer à un forum
  
• retrouver ses messages et activer la notification par email
  

 

On va voir ensemble ce qui se passe sur ton PC ; comme tous les intervenants ici, nous aidons bénévolement en fonction de nos activités personnelles. On va essayer d'aller au plus vite, mais il faudra peut-être parfois être patient pour attendre une réponse, pas d'affolement

 

Pour répondre ou ajouter un post, un rapport, etc, utilise le bouton .

(bouton qui se trouve entre "Flash" et "Nouveau")

 

*********

 

Télécharge random's system information tool (RSIT) par random/random et sauvegarde-le sur le Bureau.

• Double-clique sur RSIT.exe afin de lancer RSIT.
  
• Clique Continue à l'écran Disclaimer.
  
• Si l'outil HijackThis (version à jour) n'est pas présent ou non détecté sur l'ordinateur, RSIT le téléchargera et tu devras accepter la licence.
  
• Lorsque l'analyse sera terminée, deux fichiers texte s'ouvriront. Poste le contenu de log.txt (<<qui sera affiché)
  ainsi que de info.txt (<<qui sera réduit dans la Barre des Tâches).
  
• Si tu ne vois pas ces deux rapports, tu les trouveras dans le dossier C:\rsit
  

[laur33]

Bonjour Thanos.

désolé pour la réponse tardive: je suis rentré hier, et j'ai attendu que le problème se reproduise pour faire la manip que tu m'a proposée (peut-être qu'il y aura des info + intéressantes??).

 

donc dessous les 2 fichiers générés:

info.txt logfile of random's system information tool 1.06 2010-01-27 21:14:05

 

======Uninstall list======

 

-->MsiExec /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}

-->MsiExec.exe /I{0F122737-72B2-4095-8B3E-7AAE753DFD3D}

-->MsiExec.exe /I{403EF592-953B-4794-BCEF-ECAB835C2095}

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

Action Replay Code Manager-->"C:\Program Files\Datel\Action Replay Code Manager\unins000.exe"

Adobe AIR-->c:\Program Files\Fichiers communs\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall

Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe

Adobe Reader 8.1.5 - Français-->MsiExec.exe /I{AC76BA86-7AD7-1036-7B44-A81300000003}

Advertising Center-->MsiExec.exe /X{B2EC4A38-B545-4A00-8214-13FE0E915E6D}

AGEIA PhysX v7.11.13-->MsiExec.exe /X{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}

AIMP2-->C:\Program Files\AIMP2\Uninstall.exe

Anooki 6-0 Screen Saver-->C:\WINDOWS\system32\Anooki 6-0.scr /u

Assassin's Creed-->C:\Program Files\InstallShield Installation Information\{8CFA9151-6404-409A-AF22-4632D04582FD}\setup.exe -runfromtemp -l0x040c -removeonly

Assistant de connexion Windows Live-->MsiExec.exe /I{DCE8CD14-FBF5-4464-B9A4-E18E473546C7}

ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean

Avidemux 2.5-->C:\Program Files\Avidemux 2.5\uninstall.exe

AVS Update Manager 1.0-->"C:\Program Files\AVS4YOU\AVSUpdateManger\unins000.exe"

AVS Video Converter 6-->"C:\Program Files\AVS4YOU\AVSVideoConverter6\unins000.exe"

AVS4YOU Software Navigator 1.3-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"

Babylon-->C:\Program Files\Babylon\Babylon-Pro\Utils\uninstbb.exe

BadCopy Pro-->C:\PROGRA~1\Jufsoft\BadCopy\UNWISE.EXE C:\PROGRA~1\Jufsoft\BadCopy\INSTALL.LOG

BitDefender Total Security 2010-->MsiExec.exe /X{1CF54269-B462-4D2A-84F6-A71A7F3A358C}

Brothers In Arms EiB-->C:\Program Files\Ubisoft\Gearbox Software\BrothersInArmsEiB\System\Setup.exe uninstall "BrothersInArmsEiB"

Call of Duty® 4 - Modern Warfare-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x040c

Canon PhotoRecord-->MsiExec.exe /X{D958FAC4-BAE0-4B1D-A42E-DE9BFDE7DDEE}

Canon PIXMA iP4000-->C:\WINDOWS\system32\CNMCP64.exe "-PRINTERNAMECanon PIXMA iP4000" "-HELPERDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmis.dll" "-RCDLLC:\BJPrinter\CNMWINDOWS\Canon PIXMA iP4000 Installer\Inst2\cnmi040c.dll"

Canon Utilities Easy-PhotoPrint-->C:\Program Files\Canon\Easy-PhotoPrint\uninst.exe C:\Program Files\Canon\Easy-PhotoPrint\uninst.ini

Canon Utilities Easy-PrintToolBox-->C:\WINDOWS\BJPSUNST.EXE

Catalyst Control Center - Branding-->MsiExec.exe /I{8D7133DE-27D2-47E5-B248-4180278D32AA}

CCleaner (remove only)-->"C:\Program Files\CCleaner\uninst.exe"

CDisplay 1.8-->"C:\Program Files\CDisplay\unins000.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

CloneCD-->"C:\Program Files\SlySoft\CloneCD\ccd-uninst.exe" /D="C:\Program Files\SlySoft\CloneCD"

CloneDVD2-->"C:\Program Files\Elaborate Bytes\CloneDVD2\CloneDVD2-uninst.exe" /D="C:\Program Files\Elaborate Bytes\CloneDVD2"

CodeStuff Starter-->"C:\Program Files\CodeStuff\Starter\unStarter.exe"

Coeur-->"C:\Program Files\Coeur\unins000.exe"

Corel Paint Shop Pro Photo X2-->MsiExec.exe /X{64E72FB1-2343-4977-B4A8-262CD53D0BD3}

Correctif pour Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"

Correctif pour Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Dell Driver Reset Tool-->MsiExec.exe /I{5905F42D-3F5F-4916-ADA6-94A3646AEE76}

Dell Network Assistant-->MsiExec.exe /I{0240BDFB-2995-4A3F-8C96-18D41282B716}

Dell Support 3.2.1-->MsiExec.exe /X{CEE2252C-4035-4B27-8EC6-0B085DD3A413}

DolbyFiles-->MsiExec.exe /X{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}

Duplicate Cleaner 1.4.3-->"C:\Program Files\Duplicate Cleaner\unins000.exe"

EarthView-->C:\Program Files\EarthView\Uninstall.exe

Easy CD-DA Extractor 12-->"C:\WINDOWS\Easy CD-DA Extractor 12.0.3\uninstall.exe" "/U:C:\Program Files\Easy CD-DA Extractor 12\irunin.xml"

EasyRecovery Professional-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{268723B7-A994-4286-9F85-B974D5CAFC7B} /l1036

Easy-WebPrint-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Canon\Easy-WebPrint\Uninst.isu"

eBay Icon-->C:\Documents and Settings\laurent\Application Data\Desktopicon\uninst.exe

Fable - The Lost Chapters-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\1050\INTEL3~1\IDriver.exe /M{C3C9EB3D-24FA-4462-B784-0EC6AAFCD2DD}

FastStone Image Viewer 3.6-->C:\Program Files\FastStone Image Viewer\uninst.exe

Foxit Reader-->C:\Program Files\Foxit Software\Foxit Reader\Uninstall.exe

FSX_Screensaver-->C:\Program Files\FSX_Screensaver\Uninstall.exe

Galerie de photos Windows Live-->MsiExec.exe /X{44E54A81-9D91-4AA1-9417-80AFF134F5FF}

GemMaster Mystic-->"C:\Program Files\GemMasterFrench\uninstallgemmaster.exe"

GeoGebra-->"C:\Program Files\GeoGebra\UninstallerData\Uninstaller.exe"

Gestionnaire Internet-->C:\PROGRA~1\Wanadoo\uninstall.exe

Google SketchUp 6-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{98736A65-3C79-49EC-B7E9-A3C77774B0E6}\setup.exe" -l0x40c -removeonly

Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}

Google Earth-->MsiExec.exe /X{C084BC61-E537-11DE-8616-005056806466}

Hard to be a God-->"C:\Program Files\Nobilis\Hard to be a God\unins000.exe"

Heroes of Annihilated Empires-->"C:\Program Files\HeroesOfAE\unins000.exe"

HijackThis 2.0.2-->"C:\Program Files\trend micro\HijackThis.exe" /uninstall

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows XP (KB915800-v4)-->"C:\WINDOWS\$NtUninstallKB915800-v4$\spuninst\spuninst.exe"

Il était une fois la vie-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\ATLAS\Il était une fois la vie\Uninst.isu"

Installation Windows Live-->C:\Program Files\Windows Live\Installer\wlarp.exe

Installation Windows Live-->MsiExec.exe /I{7370DF47-B4F9-4279-BFC3-3F09919F720D}

Intel® Matrix Storage Manager-->C:\Program Files\Intel\Intel Matrix Storage Manager\Uninstall\imsmudlg.exe -uninstall

Internet Download Manager-->C:\Program Files\Internet Download Manager\Uninstall.exe

IrfanView (remove only)-->C:\Program Files\irfanview\iv_uninstall.exe

IsoBuster 2.6-->"C:\Program Files\Smart Projects\IsoBuster\Uninst\unins000.exe"

J2SE Runtime Environment 5.0 Update 10-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150100}

J2SE Runtime Environment 5.0 Update 11-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150110}

J2SE Runtime Environment 5.0 Update 6-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0150060}

Java 6 Update 17-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}

Java 6 Update 5-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160050}

Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

jv16 PowerTools 2009-->"C:\Program Files\jv16 PowerTools 2009\unins000.exe"

K-Lite Mega Codec Pack 4.7.5-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"

Language Engineering Power Translator-->MsiExec.exe /I{66EDF2E5-6C37-4939-A837-FBF2C52F91CD}

Le Bidulo Trésor-->C:\emme\BiduloTresor\Desinst.exe

Le Seigneur des Anneaux® - L’Age des Conquêtes™-->MsiExec.exe /X{628C3D50-F524-4C49-A958-672CE7953756}

Lecteur Windows Media 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

LegionArena-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{4CA9839A-F660-4F7F-BD45-F466512ECE20}\Setup.exe" -l0x40c

LEGO® Indiana Jones™ 2: L'Aventure Continue-->C:\Program Files\InstallShield Installation Information\{11192AA7-FBE3-4150-9667-EE7279CCC769}\Setup.exe -runfromtemp -l0x040c

Les Indispensables Éducation pour Microsoft Office-->MsiExec.exe /X{B348E585-E872-41DF-8234-E2D49917CFBB}

LifeGlobe Goldfish Aquarium-->"C:\Program Files\Prolific Publishing, Inc.\Goldfish Aquarium\unins000.exe"

LifeGlobe Sharks, Terrors of the Deep 2-->"C:\Program Files\Prolific Publishing, Inc\Sharks2\unins000.exe"

Logiciel d'archivage WinRAR-->C:\Program Files\WinRAR\uninstall.exe

Logiciel QuickCam de Logitech-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EF1B5DF7-8DF5-4D38-BFF0-FDC7B7847C00}\setup.exe" -l0x40c

Logitech Desktop Messenger-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}\setup.exe" -l0x40c UNINSTALL

Lupas Rename 2000 v5.0 Release-->"C:\Program Files\Lupas Rename 2000\unins000.exe"

Ma-Config.com-->MsiExec.exe /X{18754BA4-4F0C-4E6E-888B-9496AFA05F43}

Macromedia Shockwave Player-->C:\WINDOWS\system32\Macromed\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Macromed\SHOCKW~1\Install.log

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

MCU-->MsiExec.exe /I{D2988E9B-C73F-422C-AD4B-A66EBE257120}

Media Player Classic Ver.6.4.9.1 (Build.82)-->C:\Program Files\Media Player Classic\Uninstal.exe

MediaInfo 0.7.27-->C:\Program Files\MediaInfo\uninst.exe

Menu Templates - Starter Kit-->MsiExec.exe /X{B78120A0-CF84-4366-A393-4D0A59BC546C}

Microsoft .NET Framework 1.0 Hotfix (KB953295)-->"C:\WINDOWS\$NtUninstallKB953295$\spuninst\spuninst.exe"

Microsoft .NET Framework 1.1 French Language Pack-->MsiExec.exe /X{9A394342-4A68-4EBA-85A6-55B559F4E700}

Microsoft .NET Framework 1.1 Security Update (KB953297)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M953297\M953297Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{3F7924B9-D148-3141-87B1-68F36043A940}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - FRA-->MsiExec.exe /I{511DF669-2930-30C0-8EB6-552887E29EC8}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 Language Pack - fra-->MsiExec.exe /I{5B76AEA2-D4E5-3B55-B965-ACC36AE0EAFC}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Encarta 2008 - Études-->MsiExec.exe /I{08181881-FCA5-44A7-B863-D66037A16AAF}

Microsoft Encarta Maths-->MsiExec.exe /I{07183840-959A-4B0D-8825-2C533F0DDB19}

Microsoft Office Professional Edition 2003-->MsiExec.exe /I{9011040C-6000-11D3-8CFE-0150048383C9}

Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Web Publishing Wizard 1.52-->RunDll32 ADVPACK.DLL,LaunchINFSection C:\WINDOWS\INF\wpie4x86.inf,WebPostUninstall

MIDI MP3 Converter 4.00-->"C:\Program Files\MIDI MP3 Converter\unins000.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Lecteur Windows Media (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974455)-->"C:\WINDOWS\$NtUninstallKB974455$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Mise à jour de sécurité pour Windows XP (KB976325)-->"C:\WINDOWS\$NtUninstallKB976325$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB976749)-->"C:\WINDOWS\$NtUninstallKB976749$\spuninst\spuninst.exe"

Mise à jour pour Windows XP (KB978207)-->"C:\WINDOWS\$NtUninstallKB978207$\spuninst\spuninst.exe"

Module linguistique Microsoft .NET Framework 3.5 - fra-->c:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 Language Pack - fra\setup.exe

Mon Bureau ADIBOU-->C:\WINDOWS\unin040c.exe -f"c:\Coktel\Mon Bureau ADIBOU\DeIsL2.isu" -cc:\Coktel\MONBUR~1\_ISREG32.DLL

Mon Encyclopédie d'Histoire-->C:\Program Files\DK\Become a History Explorer\_uninst\uninstaller.exe

Mon Premier Explorateur des Merveilles du Monde-->C:\Program Files\DK\Become a World Explorer\_uninst\uninstaller.exe

Morrowind-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\MWUninstall\Setup.exe" -l0x40c

Movie Collection 5.4.9.0-->"C:\Program Files\Movie Collection\unins000.exe"

Mozilla Firefox (3.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (3.0.1)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

MSXML 4.0 SP2 (KB927978)-->MsiExec.exe /I{37477865-A3F1-4772-AD43-AAFC6BCFF99F}

MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}

MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}

MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}

MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}

Navigateur Orange-->C:\PROGRA~1\Wanadoo\Shell.exe inst\uninst_FTBrowser.shl

Nero 9 Trial-->C:\Program Files\Fichiers communs\Nero\Nero ProductInstaller 4\SetupX.exe REMOVESERIALNUMBER="8M01-209M-AH6P-5UW0-WHAW-C53X-473X-79MH"

Nero BurnRights-->MsiExec.exe /X{7829DB6F-A066-4E40-8912-CB07887C20BB}

Nero ControlCenter-->MsiExec.exe /X{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}

Nero Disc Copy Gadget-->MsiExec.exe /X{F1861F30-3419-44DB-B2A1-C274825698B3}

Nero InfoTool-->MsiExec.exe /X{FBCDFD61-7DCF-4E71-9226-873BA0053139}

Nero Installer-->MsiExec.exe /X{E8A80433-302B-4FF1-815D-FCC8EAC482FF}

NeroBurningROM-->MsiExec.exe /X{D025A639-B9C9-417D-8531-208859000AF8}

NfoDiz 6.0 Setup-->C:\PROGRA~1\NFODIZ~1.0\UNWISE.EXE C:\PROGRA~1\NFODIZ~1.0\INSTALL.LOG

Oblivion - Construction Set-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23D683DD-93C6-48E6-B84E-78B57778F126}\setup.exe" -l0x9 -removeonly

Oblivion-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{35CB6715-41F8-4F99-8881-6FC75BF054B0}\setup.exe" -l0x40c -removeonly

Outil de mise à jour Google-->"C:\Program Files\Google\Google Updater\GoogleUpdater.exe" -uninstall

Outil de téléchargement Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Papyrus-->C:\PROGRA~1\UBISOF~1\PAPYRUS\UNWISE.EXE C:\PROGRA~1\UBISOF~1\PAPYRUS\INSTALL.LOG

PDFCreator-->C:\Program Files\PDFCreator\unins000.exe

PowerQuest PartitionMagic 8.0-->C:\PROGRA~1\FICHIE~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{6BE2A4A4-99FB-48ED-AE1E-4E850389F804}

Prince of Persia-->"C:\Program Files\InstallShield Installation Information\{7C11154F-3539-4CB5-979D-EF7913473E53}\setup.exe" -runfromtemp -l0x040c -removeonly

PrintMaster Platinum 17-->MsiExec.exe /I{01DAB7E2-DEC5-4FBD-893E-612FA6758A4D}

Programme de gestion Camera de Logitech-->"C:\Program Files\Fichiers communs\Logitech\QCDRV\BIN\SETUP.EXE" UNINSTALL REMOVEPROMPT -l040c

QuickTime Alternative 1.78-->"C:\Program Files\QuickTime Alternative\unins000.exe"

QuickTime for Windows (32-bit)-->C:\WINDOWS\QTW32DEL.EXE

Recover My Files-->"C:\Program Files\GetData\Recover My Files\unins000.exe"

Recuva (remove only)-->"C:\Program Files\Recuva\uninst.exe"

RGSS de RMXP version 1.0.1-->"C:\Program Files\Bodom-Child - RaBBi\RGSS\unins000.exe"

SAMSUNG CDMA Modem Driver Set-->C:\WINDOWS\system32\Samsung_USB_Drivers\3\SSCDUninstall.exe

SAMSUNG Mobile Composite Device Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\6\SSBCUninstall.exe

Samsung Mobile phone USB driver Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\5\SSSDUninstall.exe

SAMSUNG Mobile USB Modem 1.0 Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\1\SS_Uninstall.exe

SAMSUNG Mobile USB Modem Software-->C:\WINDOWS\system32\Samsung_USB_Drivers\2\SSM_Uninstall.exe

Samsung PC Studio 3 USB Driver Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}\setup.exe" -l0x40c -removeonly

Samsung PC Studio 3-->"C:\Program Files\InstallShield Installation Information\{C4A4722E-79F9-417C-BD72-8D359A090C97}\setup.exe" -runfromtemp -l0x040c -removeonly

Samsung Samples Installer-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\PROFES~1\RunTime\10\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{7AC15160-A49B-4A89-B181-D4619C025FFF}\setup.exe" -l0x40c -removeonly

SearchAssist-->C:\DELL\SearchAssist\UninstSA.bat

Security Update for CAPICOM (KB931906)-->MsiExec.exe /I{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for CAPICOM (KB931906)-->MsiExec.exe /X{0EFDF2F9-836D-4EB7-A32D-038BD3F1FB2A}

Security Update for Windows Search 4 - KB963093-->"C:\WINDOWS\$NtUninstallKB963093$\spuninst\spuninst.exe"

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

SereneScreen Marine Aquarium 2.6-->"C:\Program Files\SereneScreen\Marine Aquarium 2.6\unins000.exe"

Solstice-->C:\Program Files\Solstice\Uninstall.exe "C:\Program Files\Solstice\install.log"

Sonic Activation Module-->MsiExec.exe /I{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}

Sonic Encoders-->MsiExec.exe /I{9941F0AA-B903-4AF4-A055-83A9815CC011}

Sonic Update Manager-->MsiExec.exe /I{30465B6C-B53F-49A1-9EBA-A3F187AD502E}

Spellforce 2 - Dragon Storm -->MsiExec.exe /I{2F270E5D-573B-4507-92E0-29FB6E700C7F}

Star Wars Jedi Knight Jedi Academy-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1EECBA68-8BE4-4076-94DF-E9ED206B1D21}\Setup.exe" -l0x9

Stellarium 0.9.1-->"C:\Program Files\Stellarium\unins000.exe"

Strike Ball-->"C:\Program Files\Strike Ball\ReflexiveArcade\unins000.exe"

Subtitle Workshop 2.51-->"C:\Program Files\URUSoft\Subtitle Workshop\uninstall.exe"

SUPER © Version 2009.bld.36 (June 10, 2009)-->C:\PROGRA~1\ERIGHT~1\SUPER\Setup.exe /remove /q0

Super Finder XT 1.6.2.1-->"C:\Program Files\FSL\SuperFinder\unins001.exe"

SuperCopier2-->"C:\Program Files\SuperCopier2\SC2Uninst.exe"

SuperF4-->"C:\Program Files\SuperF4\Uninstall.exe"

TES Construction Set-->RunDll32 C:\PROGRA~1\FICHIE~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\Bethesda Softworks\Morrowind\CSUninstall\Setup.exe" -l0x40c

The Logo Creator v5-->C:\WINDOWS\unvise32.exe C:\Program Files\The Logo Creator v5\uninstal.log

Tomb Raider - The Last Revelation-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Core Design\Tomb Raider - The Last Revelation\Uninst.isu"

TuneUp Utilities-->C:\Program Files\TuneUp Utilities 2010\TUInstallHelper.exe --Trigger-Uninstall

Two Worlds-->C:\Program Files\Reality Pump\Two Worlds\Uninstall.exe

UltraISO Premium V9.33-->"C:\Program Files\UltraISO\unins000.exe"

Universalis 13-->C:\WINDOWS\IsUn040c.exe -f"C:\Program Files\Universalis\Universalis 13\Uninst.isu"

Unlocker 1.8.8-->C:\Program Files\Unlocker\uninst.exe

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

VLC media player 1.0.3-->C:\Program Files\VideoLAN\VLC\uninstall.exe

WBEncarta-->RunDll32.exe advpack.dll, LaunchINFSectionEx C:\Program Files\Learning Essentials\1.0\fr\FR\WBEncarta\Uninstall\Uninstall.inf,Uninstall,,,N

Windows Live Call-->MsiExec.exe /I{82C7B308-0BDD-49D8-8EA5-9CD3A3F9DF41}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Mail-->MsiExec.exe /I{63DC2DA0-2A6C-4C38-9249-B75395458657}

Windows Live OneCare safety scanner-->RunDll32.exe "C:\Program Files\Windows Live Safety Center\wlscCore.dll",UninstallFunction WLSC_SCANNER_PRODUCT

Windows Live Sync-->MsiExec.exe /X{9C5EB781-0D37-44B8-9A58-77B3E4BF5F5E}

Windows Live Writer-->MsiExec.exe /X{2231CE39-B963-4B9D-823A-F412ECA637B1}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}

Windows Search 4.0-->"C:\WINDOWS\$NtUninstallKB940157$\spuninst\spuninst.exe"

Windows XP Media Center Edition 2005 KB973768-->"C:\WINDOWS\$NtUninstallKB973768$\spuninst\spuninst.exe"

 

Hosts File Missing

======Security center information======

 

AV: BitDefender Antivirus

FW: BitDefender Pare-feu

 

======Environment variables======

 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\WBEM;C:\Program Files\Intel\DMIX;C:\Program Files\Fichiers communs\Roxio Shared\DLLShared\;C:\Program Files\Samsung\Samsung PC Studio 3\;C:\PROGRA~1\DISKEE~1\DISKEE~1\;C:\Program Files\Smart Projects\IsoBuster;C:\Program Files\IVT Corporation\BlueSoleil\Mobile

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 15 Stepping 6, GenuineIntel

"PROCESSOR_REVISION"=0f06

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

 

-----------------EOF-----------------

 

________________________________________________________________________________

_______________________________

 

Logfile of random's system information tool 1.06 (written by random/random)

Run by laurent at 2010-01-28 23:31:34

Microsoft Windows XP Professionnel Service Pack 3

System drive C: has 18 GB (6%) free of 300 GB

Total RAM: 2046 MB (71% free)

 

Logfile of Trend Micro HijackThis v2.0.2

Scan saved at 23:31:42, on 28/01/2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

Boot mode: Normal

 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

C:\WINDOWS\system32\cisvc.exe

C:\WINDOWS\eHome\ehRecvr.exe

C:\WINDOWS\eHome\ehSched.exe

C:\WINDOWS\System32\FTRTSVC.exe

C:\Program Files\Google\Update\GoogleUpdate.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE

C:\WINDOWS\system32\PnkBstrA.exe

C:\WINDOWS\system32\PSIService.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

C:\WINDOWS\system32\SearchIndexer.exe

C:\WINDOWS\system32\cidaemon.exe

C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe

C:\WINDOWS\system32\Ati2evxx.exe

C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe

C:\WINDOWS\Explorer.EXE

C:\WINDOWS\stsystra.exe

C:\Program Files\Java\jre6\bin\jusched.exe

C:\Program Files\Unlocker\UnlockerAssistant.exe

C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe

C:\Program Files\SuperCopier2\SuperCopier2.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe

C:\Program Files\Windows Desktop Search\WindowsSearch.exe

C:\Program Files\FSL\SuperFinder\SuperFinder.exe

C:\Program Files\BitDefender\BitDefender 2010\seccenter.exe

C:\Program Files\Internet Download Manager\IEMonitor.exe

C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Program Files\Mozilla Firefox\firefox.exe

C:\WINDOWS\system32\taskmgr.exe

C:\Documents and Settings\laurent\Bureau\RSIT.exe

C:\Program Files\trend micro\laurent.exe

 

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=2070128

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.fr/ig/dell?hl=fr&cli...amp;ibd=2070128

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.fr/ig/dell?hl=fr&client=dell-row&channel=fr&ibd=2070128

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.google.fr/ig/dell?hl=fr&cli...amp;ibd=2070128

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Orange

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens

R3 - URLSearchHook: Search Class - {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\PROGRA~1\Wanadoo\SEARCH~1.DLL

R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)

R3 - URLSearchHook: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - (no file)

O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files\Internet Download Manager\IDMIECC.dll

O2 - BHO: Aide pour le lien d'Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Programme d'aide de l'Assistant de connexion Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll

O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: BitDefender Toolbar - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll

O4 - HKLM\..\Run: [sigmatelSysTrayApp] stsystra.exe

O4 - HKLM\..\Run: [sunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"

O4 - HKLM\..\Run: [unlockerAssistant] "C:\Program Files\Unlocker\UnlockerAssistant.exe"

O4 - HKLM\..\Run: [iAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe

O4 - HKLM\..\Run: [bitDefender Antiphishing Helper] "C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe"

O4 - HKLM\..\Run: [bDAgent] "C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe"

O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray

O4 - HKCU\..\Run: [iDMan] C:\Program Files\Internet Download Manager\IDMan.exe /onboot

O4 - HKCU\..\Run: [superCopier2.exe] C:\Program Files\SuperCopier2\SuperCopier2.exe

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"

O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')

O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')

O4 - HKUS\S-1-5-21-871840397-1802110598-3649274961-1014\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User 'Vero')

O4 - Startup: Super Finder XT.lnk = C:\Program Files\FSL\SuperFinder\SuperFinder.exe

O4 - Global Startup: Windows Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe

O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000

O8 - Extra context menu item: Easy-WebPrint Ajouter à la liste d'impressions - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html

O8 - Extra context menu item: Easy-WebPrint Impression rapide - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html

O8 - Extra context menu item: Easy-WebPrint Imprimer - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html

O8 - Extra context menu item: Easy-WebPrint Prévisualiser - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html

O8 - Extra context menu item: Translate with &Babylon - res://C:\Program Files\Babylon\Babylon-Pro\Utils\BabylonIEPI.dll/Translate.htm

O8 - Extra context menu item: Télécharger avec IDM - C:\Program Files\Internet Download Manager\IEExt.htm

O8 - Extra context menu item: Télécharger le contenu de video FLV avec IDM - C:\Program Files\Internet Download Manager\IEGetVL.htm

O8 - Extra context menu item: Télécharger tous les liens avec IDM - C:\Program Files\Internet Download Manager\IEGetAll.htm

O9 - Extra button: Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra 'Tools' menuitem: Windows Messenger - -{FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\WINDOWS\system32\shdocvw.dll

O9 - Extra button: Ajout Direct - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Ajout Direct dans Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Recherche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL

O9 - Extra button: Barre de recherche Encarta - {B205A35E-1FC4-4CE3-818B-899DBBB3388C} - C:\Program Files\Fichiers communs\Microsoft Shared\Encarta Search Bar\ENCSBAR.DLL

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Orange - {1462651F-F4BA-4C76-A001-C4284D0FE16E} - http://www.orange.fr (file missing) (HKCU)

O15 - Trusted Zone: http://*.mcafee.com

O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab

O18 - Protocol: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\WINDOWS\system32\skype4com.dll

O20 - Winlogon Notify: ljJBQkiG - C:\WINDOWS\

O23 - Service: BitDefender Serveur Arrakis (Arrakis3) - BitDefender S.R.L. http://www.bitdefender.com - C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe

O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe

O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe (file missing)

O23 - Service: BsMobileCS - Unknown owner - (no file)

O23 - Service: France Telecom Routing Table Service (FTRTSVC) - France Telecom - C:\WINDOWS\System32\FTRTSVC.exe

O23 - Service: Google Update Service (gupdate1c989509d62cb3a) (gupdate1c989509d62cb3a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe

O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe

O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe

O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

O23 - Service: BitDefender Desktop Update Service (LIVESRV) - BitDefender S.R.L. - C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe

O23 - Service: Logitech Process Monitor (LVPrcSrv) - Logitech Inc. - c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe

O23 - Service: Ma-Config Service (maconfservice) - CybelSoft - C:\Program Files\ma-config.com\maconfservice.exe

O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe

O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\WINDOWS\system32\GameMon.des.exe (file missing)

O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

O23 - Service: ProtexisLicensing - Unknown owner - C:\WINDOWS\system32\PSIService.exe

O23 - Service: SF FrontLine Drivers Auto Removal (v1) (sfrem01) - Protection Technology (StarForce) - C:\WINDOWS\system32\sfrem01.exe

O23 - Service: TuneUp Drive Defrag Service (TuneUp.Defrag) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe

O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

O23 - Service: BitDefender Virus Shield (VSSERV) - BitDefender S.R.L. - C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe

 

--

End of file - 11641 bytes

 

======Scheduled tasks folder======

 

C:\WINDOWS\tasks\Google Software Updater.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job

C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

C:\WINDOWS\tasks\Malwarebytes' Scheduled Scan for laurent.job

C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for laurent.job

C:\WINDOWS\tasks\Malwarebytes' Scheduled Update for Vero.job

C:\WINDOWS\tasks\Recherche de problèmes automatique.job

 

======Registry dump======

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]

IDMIEHlprObj Class - C:\Program Files\Internet Download Manager\IDMIECC.dll [2009-11-11 173488]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Aide pour le lien d'Adobe PDF Reader - C:\Program Files\Fichiers communs\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Programme d'aide de l'Assistant de connexion Windows Live - C:\Program Files\Fichiers communs\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-22 408448]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]

Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll [2009-11-29 764912]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{381FFDE8-2394-4f90-B10D-FC6124A40F8C} - BitDefender Toolbar - C:\Program Files\BitDefender\BitDefender 2010\IEToolbar.dll [2010-01-07 128832]

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"SigmatelSysTrayApp"=C:\WINDOWS\stsystra.exe [2006-07-24 282624]

"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

"UnlockerAssistant"=C:\Program Files\Unlocker\UnlockerAssistant.exe [2009-10-26 15872]

"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904]

"BitDefender Antiphishing Helper"=C:\Program Files\BitDefender\BitDefender 2010\IEShow.exe [2010-01-07 71152]

"BDAgent"=C:\Program Files\BitDefender\BitDefender 2010\bdagent.exe [2010-01-07 1118144]

"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2010-01-07 429392]

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"IDMan"=C:\Program Files\Internet Download Manager\IDMan.exe [2009-11-21 3171760]

"SuperCopier2.exe"=C:\Program Files\SuperCopier2\SuperCopier2.exe [2009-08-16 955392]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2009-02-07 39408]

 

C:\Documents and Settings\All Users\Menu Démarrer\Programmes\Démarrage

Windows Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe

 

C:\Documents and Settings\laurent\Menu Démarrer\Programmes\Démarrage

Super Finder XT.lnk - C:\Program Files\FSL\SuperFinder\SuperFinder.exe

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]

C:\WINDOWS\system32\Ati2evxx.dll [2009-11-25 155648]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ljJBQkiG]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2007-03-15 236928]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 240128]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]

"{56F9679E-7826-4C84-81F3-532071A8BCC5}"=C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2009-05-24 304128]

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]

"SecurityProviders"=msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll,

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"NoDispAppearancePage"=0

"DisableClock"=0

"NoDispCPL"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1

"InstallVisualStyle"=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles

"InstallTheme"=C:\WINDOWS\Resources\Themes\Royale.theme

"EnableLUA"=0

"DisableTaskMgr"=0

 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145

"NoActiveDesktopChanges"=0

"NoRun"=0

"NoFind"=0

"NoMultiIE"=0

"LWA"=0

"LWB"=0

"LWC"=0

"LWD"=0

"LWE"=0

"LWF"=0

"LWG"=0

"LWH"=0

"LWI"=0

"LWJ"=0

"LWK"=0

"LWL"=0

"LWM"=0

"LWN"=0

"LWO"=0

"LWP"=0

"LWQ"=0

"LWR"=0

"LWS"=0

"LWT"=0

"LWU"=0

"LWV"=0

"LWW"=0

"LWX"=0

"LWY"=0

"LWZ"=0

"NoDrives"=0

 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Dell Network Assistant\ezi_hnm2.exe"="C:\Program Files\Dell Network Assistant\ezi_hnm2.exe:*:Enabled:Dell Network Assistant"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\emule extrem\emule.exe"="C:\Program Files\emule extrem\emule.exe:*:Enabled:eMule"

"C:\Program Files\Warcraft III\Warcraft III.exe"="C:\Program Files\Warcraft III\Warcraft III.exe:*:Disabled:Warcraft III"

"C:\Documents and Settings\manon\Mes documents\Ma musique\LimeWire\LimeWire.exe"="C:\Documents and Settings\manon\Mes documents\Ma musique\LimeWire\LimeWire.exe:*:Enabled:LimeWire"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Reality Pump\Two Worlds\TwoWorlds.exe"="C:\Program Files\Reality Pump\Two Worlds\TwoWorlds.exe:*:Enabled:Two Worlds"

"C:\Program Files\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe"="C:\Program Files\Reality Pump\Two Worlds\TwoWorlds_RADEON.exe:*:Enabled:Two Worlds"

 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe"="C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger"

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

 

======File associations======

 

.reg - open - regedit.exe "%1" %*

 

======List of files/folders created in the last 1 months======

 

2012-06-06 07:40:20 ----A---- C:\WINDOWS\bdagent.INI

2012-06-06 00:07:39 ----HDC---- C:\WINDOWS\$NtUninstallXPSEPSCLP$

2012-06-06 00:05:07 ----D---- C:\Program Files\MSBuild

2012-06-06 00:05:02 ----D---- C:\WINDOWS\system32\XPSViewer

2012-06-06 00:04:57 ----D---- C:\WINDOWS\system32\en-us

2012-06-06 00:04:56 ----D---- C:\Program Files\Reference Assemblies

2012-06-06 00:04:08 ----N---- C:\WINDOWS\system32\spmsg2.dll

2012-06-05 20:19:01 ----A---- C:\WINDOWS\system32\un2065.txt

2012-06-05 20:19:01 ----A---- C:\WINDOWS\system32\2065.txt

2012-06-05 20:13:17 ----D---- C:\Program Files\BitDefender

2012-06-05 14:00:47 ----A---- C:\WINDOWS\system32\MPFServiceFailureCount.txt

2010-01-31 00:26:12 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$

2010-01-27 23:01:17 ----A---- C:\WINDOWS\OEWABLog.txt

2010-01-27 21:01:15 ----A---- C:\WINDOWS\SchedLgU.Txt

2010-01-27 20:46:34 ----D---- C:\rsit

2010-01-27 20:46:34 ----D---- C:\Program Files\trend micro

2010-01-25 21:45:42 ----D---- C:\ComboFix

2010-01-25 21:45:15 ----D---- C:\Qoobox

2010-01-24 12:39:27 ----A---- C:\Documents and Settings\laurent\Application Data\bdfvconp.ini

2010-01-21 23:01:11 ----HDC---- C:\WINDOWS\$NtUninstallKB978207$

2010-01-17 14:43:03 ----D---- C:\Program Files\Datel

2010-01-12 23:26:27 ----D---- C:\Program Files\Solstice

2010-01-10 15:06:49 ----A---- C:\WINDOWS\system32\phversion.txt

2010-01-09 19:43:17 ----D---- C:\Documents and Settings\laurent\Application Data\AIMP

2010-01-09 19:43:07 ----D---- C:\Program Files\AIMP2

2010-01-08 23:37:11 ----D---- C:\Documents and Settings\All Users\Application Data\Screentime

2010-01-08 20:38:57 ----D---- C:\Program Files\SuperF4

2010-01-08 08:54:53 ----HDC---- C:\WINDOWS\$NtUninstallKB963093$

2010-01-07 22:57:54 ----D---- C:\a85652ac9bf77d142f

2010-01-07 22:32:33 ----D---- C:\c8b67902feee843581

2010-01-07 21:45:48 ----D---- C:\Documents and Settings\laurent\Application Data\Windows Search

2010-01-07 21:23:57 ----D---- C:\c464c8d39d38cf0c61a3106af9

2010-01-07 21:23:54 ----D---- C:\Documents and Settings\laurent\Application Data\Windows Desktop Search

2010-01-07 21:23:33 ----D---- C:\WINDOWS\system32\GroupPolicy

2010-01-07 21:23:33 ----D---- C:\Program Files\Windows Desktop Search

2010-01-07 21:23:27 ----HDC---- C:\WINDOWS\$NtUninstallKB940157$

2010-01-07 21:23:16 ----HDC---- C:\WINDOWS\$NtUninstallKB915800-v4$

2010-01-07 20:49:24 ----HDC---- C:\WINDOWS\$NtUninstallKB955759$

2010-01-07 19:55:35 ----D---- C:\Documents and Settings\laurent\Application Data\BitDefender

2010-01-07 19:55:14 ----D---- C:\Documents and Settings\All Users\Application Data\BitDefender

2010-01-07 19:54:57 ----D---- C:\Program Files\Fichiers communs\BitDefender

2010-01-07 19:35:28 ----A---- C:\bdlog.txt

2010-01-07 19:34:47 ----D---- C:\Documents and Settings\laurent\Application Data\BD_TEMP

2010-01-07 19:02:12 ----D---- C:\Program Files\Fichiers communs\Adobe AIR

2010-01-07 18:58:25 ----D---- C:\Program Files\League of Legends

2010-01-03 13:28:58 ----A---- C:\WINDOWS\system32\uxtuneup.dll

2010-01-03 13:28:58 ----A---- C:\WINDOWS\system32\TURegOpt.exe

2010-01-03 13:28:40 ----D---- C:\Program Files\TuneUp Utilities 2010

2010-01-03 13:28:12 ----SHD---- C:\Documents and Settings\All Users\Application Data\{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}

2009-12-31 17:28:08 ----A---- C:\WINDOWS\system32\winlogon.exe

2009-12-31 16:28:07 ----D---- C:\Program Files\Duplicate Cleaner

2009-12-31 16:21:22 ----D---- C:\Documents and Settings\laurent\Application Data\Similarity

2009-12-31 12:54:24 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2009-12-30 13:19:34 ----A---- C:\WINDOWS\system32\bda2F.tmp

 

======List of files/folders modified in the last 1 months======

 

2012-06-06 00:04:29 ----D---- C:\WINDOWS\system32\spool

2012-06-05 14:02:58 ----D---- C:\Documents and Settings\All Users\Application Data\SiteAdvisor

2010-01-28 23:30:56 ----D---- C:\Documents and Settings\laurent\Application Data\DMCache

2010-01-28 22:15:19 ----D---- C:\WINDOWS\Temp

2010-01-28 21:41:43 ----D---- C:\Program Files\emule extrem

2010-01-28 21:40:38 ----D---- C:\Program Files\Mozilla Thunderbird

2010-01-28 14:57:27 ----D---- C:\Documents and Settings\All Users\Application Data\Babylon

2010-01-28 14:39:47 ----D---- C:\WINDOWS\system32

2010-01-28 12:37:41 ----SHD---- C:\WINDOWS\Installer

2010-01-28 12:37:41 ----SHD---- C:\Config.Msi

2010-01-28 08:40:57 ----D---- C:\Documents and Settings\laurent\Application Data\IDM

2010-01-28 08:13:28 ----A---- C:\WINDOWS\ModemLog_Bluetooth DUN Modem.txt

2010-01-27 23:01:17 ----AD---- C:\WINDOWS

2010-01-27 23:01:14 ----SD---- C:\WINDOWS\Downloaded Program Files

2010-01-27 23:01:14 ----D---- C:\Program Files\Web Publish

2010-01-27 23:01:14 ----D---- C:\Program Files

2010-01-27 23:00:58 ----D---- C:\Documents and Settings

2010-01-27 22:56:31 ----HD---- C:\WINDOWS\system32\drivers

2010-01-27 22:48:02 ----SD---- C:\WINDOWS\Tasks

2010-01-27 21:19:35 ----D---- C:\WINDOWS\system32\config

2010-01-27 21:01:43 ----D---- C:\Documents and Settings\All Users\Application Data\Google Updater

2010-01-26 18:43:34 ----SHD---- C:\System Volume Information

2010-01-26 18:43:34 ----D---- C:\WINDOWS\system32\Restore

2010-01-25 21:19:18 ----D---- C:\Documents and Settings\laurent\Application Data\vlc

2010-01-25 21:18:59 ----D---- C:\Documents and Settings\laurent\Application Data\dvdcss

2010-01-21 23:46:48 ----D---- C:\WINDOWS\system32\CatRoot2

2010-01-21 23:01:33 ----HD---- C:\WINDOWS\inf

2010-01-21 23:01:21 ----RSHDC---- C:\WINDOWS\system32\dllcache

2010-01-21 22:10:14 ----D---- C:\Program Files\Mozilla Firefox

2010-01-21 20:54:08 ----HD---- C:\WINDOWS\$hf_mig$

2010-01-21 19:27:10 ----SHD---- C:\RECYCLER

2010-01-21 11:27:03 ----D---- C:\Program Files\Microsoft Silverlight

2010-01-19 23:25:52 ----D---- C:\WINDOWS\Prefetch

2010-01-14 18:33:10 ----D---- C:\WINDOWS\repair

2010-01-13 22:03:16 ----D---- C:\WINDOWS\Debug

2010-01-11 22:13:54 ----AD---- C:\Documents and Settings\All Users\Application Data\TEMP

2010-01-11 14:59:11 ----D---- C:\Program Files\GetData

2010-01-09 19:45:13 ----D---- C:\WINDOWS\Downloaded Installations

2010-01-09 19:45:13 ----D---- C:\WINDOWS\Cursors

2010-01-09 14:49:17 ----A---- C:\WINDOWS\BlendSettings.ini

2010-01-07 21:23:42 ----SD---- C:\Documents and Settings\All Users\Application Data\Microsoft

2010-01-07 21:23:38 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-01-07 21:23:35 ----D---- C:\WINDOWS\system32\fr-fr

2010-01-07 21:23:33 ----D---- C:\WINDOWS\system32\wbem

2010-01-07 21:13:07 ----D---- C:\WINDOWS\AppPatch

2010-01-07 19:58:48 ----D---- C:\WINDOWS\system32\CatRoot

2010-01-07 19:54:57 ----D---- C:\Program Files\Fichiers communs

2010-01-07 19:47:55 ----D---- C:\WINDOWS\WinSxS

2010-01-07 19:04:13 ----D---- C:\images cd

2010-01-07 19:02:17 ----D---- C:\Documents and Settings\All Users\Application Data\Adobe

2010-01-07 10:33:28 ----D---- C:\i386

2010-01-07 08:26:53 ----HDC---- C:\WINDOWS\$NtUninstallKB927802$

2010-01-05 01:17:46 ----A---- C:\WINDOWS\system32\MRT.exe

2010-01-04 21:01:04 ----D---- C:\WINDOWS\Registration

2010-01-04 20:55:06 ----A---- C:\WINDOWS\system.ini

2010-01-04 00:32:01 ----SH---- C:\boot.ini

2010-01-04 00:32:01 ----A---- C:\WINDOWS\win.ini

2010-01-03 13:37:18 ----D---- C:\Program Files\Canon

2010-01-03 13:28:31 ----D---- C:\Documents and Settings\All Users\Application Data\TuneUp Software

2010-01-03 13:27:03 ----D---- C:\Program Files\TuneUp Utilities 2009

2010-01-02 18:44:02 ----D---- C:\WINDOWS\pss

2009-12-31 15:34:51 ----D---- C:\Program Files\Microsoft Etudes

 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R1 bdftdif;bdftdif; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Firewall\bdftdif.sys []

R1 ElbyCDIO;ElbyCDIO Driver; C:\WINDOWS\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]

R1 intelppm;Pilote de processeur Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40576]

R1 ISODrive;ISO CD-ROM Device Driver; \??\C:\Program Files\UltraISO\drivers\ISODrive.sys []

R1 kbdhid;Pilote HID de clavier; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14720]

R1 mfehidk;McAfee Inc. mfehidk; C:\WINDOWS\system32\drivers\mfehidk.sys [2009-03-25 214024]

R1 PQNTDrv;PQNTDrv; C:\WINDOWS\system32\drivers\PQNTDrv.sys [2002-09-16 4228]

R1 prodrv04;Star Force copy protection driver v4; C:\WINDOWS\System32\drivers\prodrv04.sys [2008-03-19 114496]

R1 StarOpen;StarOpen; C:\WINDOWS\system32\drivers\StarOpen.sys [2008-12-13 5632]

R1 WS2IFSL;Environnement de prise en charge de Fournisseur de services non-IFS Windows Sockets 2.0; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2004-08-10 12032]

R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2009-12-05 278984]

R2 BDVEDISK;BDVEDISK; \??\C:\Program Files\BitDefender\BitDefender 2010\bdvedisk.sys []

R2 hnmwrlspkt;HomeNet Manager Wireless Protocol; C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-07-14 13824]

R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2009-12-05 25416]

R2 Packet;Auto Internet Protocol; C:\WINDOWS\system32\DRIVERS\packet.sys [2006-10-15 11136]

R2 wsppkt;Wireless Security Protocol; C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-07-14 13696]

R3 AnyDVD;AnyDVD; C:\WINDOWS\System32\Drivers\AnyDVD.sys [2009-12-08 104512]

R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2009-11-25 4463104]

R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-10-31 93184]

R3 bdfm;BDFM; C:\WINDOWS\system32\drivers\bdfm.sys [2010-01-07 152456]

R3 Bdfndisf;BitDefender Firewall NDIS Filter Service; C:\WINDOWS\system32\DRIVERS\bdfndisf.sys [2010-01-07 110984]

R3 bdfsfltr;bdfsfltr; C:\WINDOWS\system32\drivers\bdfsfltr.sys [2009-07-24 285704]

R3 BDSelfPr;BDSelfPr; \??\C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys []

R3 e1express;Intel® PRO/1000 PCI Express Network Connection Driver; C:\WINDOWS\system32\DRIVERS\e1e5132.sys [2006-07-19 230400]

R3 ElbyCDFL;ElbyCDFL; C:\WINDOWS\System32\Drivers\ElbyCDFL.sys [2007-02-16 34760]

R3 FilterService;UVC Filter Service; C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys [2005-09-01 14080]

R3 HDAudBus;Pilote de bus Microsoft UAA pour High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]

R3 HidUsb;Pilote de classe HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]

R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\WINDOWS\System32\Drivers\IvtBtBus.sys [2008-01-21 26248]

R3 Lvckap;Logitech Kernel Audio Processing Filter Driver; \??\C:\WINDOWS\system32\drivers\Lvckap.sys []

R3 lvmvdrv;Logitech Machine Vision Engine Loader; \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys []

R3 LVPrcMon;Logitech LVPrcMon Driver; \??\C:\WINDOWS\system32\drivers\LVPrcMon.sys []

R3 LVUSBSta;Logitech USB Monitor Filter; C:\WINDOWS\system32\drivers\lvusbsta.sys [2005-09-01 22528]

R3 LVUVC;Logitech QuickCam Pro 5000(UVC); C:\WINDOWS\system32\DRIVERS\lvuvc.sys [2005-09-01 1081856]

R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []

R3 mouhid;Pilote HID de souris; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12288]

R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2004-08-10 5888]

R3 STHDA;SigmaTel High Definition Audio CODEC; C:\WINDOWS\system32\drivers\sthda.sys [2006-07-24 1156648]

R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys []

R3 usbaudio;Pilote USB audio (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]

R3 usbccgp;Pilote parent générique USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]

R3 usbehci;Pilote miniport de contrôleur d'hôte amélioré Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]

R3 usbhub;Pilote de concentrateur standard USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]

R3 USBSTOR;Pilote de stockage de masse USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]

R3 usbuhci;Pilote miniport de contrôleur hôte universel USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]

R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2008-01-21 29960]

S3 abnj2s0w;abnj2s0w; C:\WINDOWS\system32\drivers\abnj2s0w.sys []

S3 acqlnox9;acqlnox9; C:\WINDOWS\system32\drivers\acqlnox9.sys []

S3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2008-01-21 14600]

S3 BTCOMM;BTCOMM; C:\WINDOWS\system32\drivers\Btcomm.sys []

S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2008-03-06 38920]

S3 BthEnum;Pilote de bloc de demande Bluetooth; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2008-04-13 17024]

S3 BthPan;Périphérique Bluetooth (réseau personnel); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2008-04-13 101120]

S3 BTHPORT;Pilote de port Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-14 272768]

S3 BTHUSB;Pilote USB radio Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2008-04-13 18944]

S3 BTKRNBDG;Bluetooth COM Bridge; C:\WINDOWS\system32\DRIVERS\btkrnbdg.sys []

S3 CCDECODE;Décodeur sous-titre fermé; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-13 17024]

S3 C-Dilla;C-Dilla; \??\C:\WINDOWS\system32\drivers\CDANT.SYS []

S3 CrystalSysInfo;CrystalSysInfo; \??\C:\Program Files\MediaCoder\SysInfo.sys []

S3 CSRBC01;%CSRBC01.SvcDesc%; C:\WINDOWS\System32\Drivers\csrbc01.sys []

S3 driverhardwarev2;driverhardwarev2; \??\C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys []

S3 DSproct;DSproct; \??\C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys []

S3 E100B;Pilote de carte Intel ® PRO; C:\WINDOWS\system32\DRIVERS\e100b325.sys [2001-08-23 117760]

S3 GcKernel;Pilote de filtre Microsoft SideWinder Value Add; C:\WINDOWS\system32\DRIVERS\GcKernel.sys [2008-04-13 59136]

S3 HIDSwvd;Minipilote de périphérique Microsoft SideWinder HID virtuel; C:\WINDOWS\system32\DRIVERS\HIDSwvd.sys [2001-08-17 2688]

S3 mfeavfk;McAfee Inc. mfeavfk; C:\WINDOWS\system32\drivers\mfeavfk.sys [2009-03-25 79880]

S3 mfebopk;McAfee Inc. mfebopk; C:\WINDOWS\system32\drivers\mfebopk.sys [2009-03-25 35272]

S3 mferkdk;McAfee Inc. mferkdk; C:\WINDOWS\system32\drivers\mferkdk.sys [2009-03-25 34216]

S3 mfesmfk;McAfee Inc. mfesmfk; C:\WINDOWS\system32\drivers\mfesmfk.sys [2009-03-25 40552]

S3 MHNDRV;Pilote MHN; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]

S3 MSTEE;Convertisseur en T/site-à-site de répartition Microsoft; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-13 5504]

S3 NABTSFEC;Codec NABTS/FEC VBI; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-13 85248]

S3 NAL;Nal Service ; \??\C:\WINDOWS\system32\Drivers\iqvw32.sys []

S3 NdisIP;Connection TV/vidéo Microsoft; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-13 10880]

S3 PCAMPR5;PCAMPR5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCAMPR5.SYS []

S3 PCANDIS5;PCANDIS5 NDIS Protocol Driver; \??\C:\WINDOWS\system32\PCANDIS5.SYS []

S3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2007-02-03 10368]

S3 Profos;Profos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\profos.sys []

S3 RFCOMM;Périphérique Bluetooth (TDI protocole RFCOMM); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2008-04-13 59136]

S3 SLIP;Détrameur décalage BDA; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-13 11136]

S3 ssm_bus;SAMSUNG Mobile USB Device II 1.0 driver (WDM); C:\WINDOWS\system32\DRIVERS\ssm_bus.sys [2005-08-30 58320]

S3 ssm_mdfl;SAMSUNG Mobile USB Modem II 1.0 Filter; C:\WINDOWS\system32\DRIVERS\ssm_mdfl.sys [2005-08-30 8336]

S3 ssm_mdm;SAMSUNG Mobile USB Modem II 1.0 Drivers; C:\WINDOWS\system32\DRIVERS\ssm_mdm.sys [2005-08-30 94000]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-13 15232]

S3 Trufos;Trufos; \??\C:\Program Files\Fichiers communs\BitDefender\BitDefender Threat Scanner\trufos.sys []

S3 usbprint;Classe d'imprimantes USB Microsoft; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]

S3 usbscan;Pilote de scanneur USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]

S3 vad_multi;Windigo Virtual Audio Device (WDM); C:\WINDOWS\system32\drivers\vadmulti.sys []

S3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2008-01-21 14856]

S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2006-10-18 38528]

S3 WSTCODEC;Codec Teletext standard; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-13 19200]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

S4 agp440;Filtre de bus AGP Intel; C:\WINDOWS\system32\DRIVERS\agp440.sys [2008-04-13 42368]

S4 agpCPQ;Filtre de bus AGP Compaq; C:\WINDOWS\system32\DRIVERS\agpCPQ.sys [2008-04-13 44928]

S4 alim1541;Filtre de bus AGP ALI; C:\WINDOWS\system32\DRIVERS\alim1541.sys [2008-04-13 42752]

S4 amdagp;Pilote de filtre du bus AMD AGP; C:\WINDOWS\system32\DRIVERS\amdagp.sys [2008-04-13 43008]

S4 cbidf;cbidf; C:\WINDOWS\system32\DRIVERS\cbidf2k.sys [2004-08-10 13952]

S4 IntelIde;IntelIde; C:\WINDOWS\system32\DRIVERS\intelide.sys [2008-04-14 5504]

S4 sisagp;Filtre de bus AGP SIS; C:\WINDOWS\system32\DRIVERS\sisagp.sys [2008-04-13 40960]

S4 viaagp;Filtre de bus AGP VIA; C:\WINDOWS\system32\DRIVERS\viaagp.sys [2008-04-13 42240]

 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

 

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2009-11-25 602112]

R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2005-12-15 237568]

R2 ehSched;Service de planification Media Center; C:\WINDOWS\eHome\ehSched.exe [2005-08-05 103424]

R2 FTRTSVC;France Telecom Routing Table Service; C:\WINDOWS\System32\FTRTSVC.exe [2004-08-23 40960]

R2 IAANTMON;Intel® Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe [2009-06-04 354840]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]

R2 LIVESRV;BitDefender Desktop Update Service; C:\Program Files\Fichiers communs\BitDefender\BitDefender Update Service\livesrv.exe [2010-01-07 309088]

R2 LVPrcSrv;Logitech Process Monitor; c:\program files\fichiers communs\logitech\lvmvfm\LVPrcSrv.exe [2005-09-01 81920]

R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2010-01-07 236368]

R2 MDM;Machine Debug Manager; C:\Program Files\Fichiers communs\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]

R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2009-11-04 66872]

R2 ProtexisLicensing;ProtexisLicensing; C:\WINDOWS\system32\PSIService.exe [2006-12-12 174656]

R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe [2009-12-17 1044808]

R2 UxTuneUp;TuneUp Extension de thème; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

R2 VSSERV;BitDefender Virus Shield; C:\Program Files\BitDefender\BitDefender 2010\vsserv.exe [2010-01-07 1622320]

R2 WSearch;Windows Search; C:\WINDOWS\system32\SearchIndexer.exe [2008-05-26 439808]

R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S2 Fax;Fax; C:\WINDOWS\system32\fxssvc.exe [2008-04-14 268800]

S2 gupdate1c989509d62cb3a;Google Update Service (gupdate1c989509d62cb3a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-07 133104]

S2 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-03-24 183280]

S2 McrdSvc;Media Center Extender Service; C:\WINDOWS\ehome\mcrdsvc.exe [2005-08-05 99328]

S2 sfrem01;SF FrontLine Drivers Auto Removal (v1); C:\WINDOWS\system32\sfrem01.exe [2006-07-05 358008]

S3 Arrakis3;BitDefender Serveur Arrakis; C:\Program Files\Fichiers communs\BitDefender\BitDefender Arrakis Server\bin\arrakis3.exe [2010-01-07 183880]

S3 aspnet_state;Service d'état ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe []

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 maconfservice;Ma-Config Service; C:\Program Files\ma-config.com\maconfservice.exe [2009-12-17 243056]

S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 npggsvc;nProtect GameGuard Service; C:\WINDOWS\system32\GameMon.des [2009-07-02 3219320]

S3 ose;Office Source Engine; C:\Program Files\Fichiers communs\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]

S3 scan;BitDefender Threat Scanner; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 TuneUp.Defrag;TuneUp Drive Defrag Service; C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe [2010-01-03 435016]

S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2008-04-14 14336]

S3 WLSetupSvc;Windows Live Setup Service; C:\Program Files\Windows Live\installer\WLSetupSvc.exe [2007-10-25 266240]

S3 WMPNetworkSvc;Service Partage réseau du Lecteur Windows Media; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-24 918016]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

 

-----------------EOF-----------------

[Thanos]

salut

 

Des éléments intéressants effectivement qui peuvent montrer que le pc est infecté.

Nous allons lancer un programme que tu as déjà utilisé >>

 

1°) Passe par le Menu Démarrer > Exécuter ( pour cela utilise la combinaison de touches [Touche Windows]+[R]) > et copie/colle ceci >

 

ComboFix /uninstall (il ya un espace entre x et / si tu recopies la commande manuellement)

 

Une fenêtre va s'ouvrir et ComboFix sera désinstallé de ton pc.

 

2°) Utilisation de ComboFix >>

 

Désactive tout d'abord ton antivirus le temps du scan.

• Fais un clic sur le bouton droit de ta souris ICI
  
• Choisis Enregistrer la cible (du lien) sous > une fenêtre s'ouvre >>
  
• Dans le champs à droite de "Nom du Fichier" en bas de page, modifie le nom présent (ComboFix.exe) et met ceci >> laur.exe
  
• Enregistre-le fichier sur le Bureau: pour cela clique sur le bouton Enregistrer.
  
• Assure toi que tous les programmes soient fermés avant de lancer le fix!
  
• Fait un double clique sur laur.exe.
  
• Note: Ne ferme pas la fenêtre qui vient de s'ouvrir , tu te retrouverais avec un bureau vide !
  
• Lors de son exécution, ComboFix va vérifier si la Console de récupération Microsoft Windows est installée. Avec des infections comme celles d'aujourd'hui, il est fortement conseillé de l'avoir pré-installée sur ton PC avant toute suppression de nuisibles. Elle te permettra de démarrer dans un mode spécial, de récupération (réparation), qui nous permet de t'aider plus facilement si jamais ton ordinateur rencontre un problème après une tentative de nettoyage.
  
• Suis les invites pour permettre à ComboFix de télécharger et installer la Console de récupération Microsoft Windows, et lorsque cela t'est demandé, accepte le Contrat de Licence Utilisateur Final pour installer la Console de récupération Microsoft Windows.
  

 

**Note importante: Si la Console de récupération Microsoft Windows est déjà installée, ComboFix continuera ses procédures de suppression de nuisibles.

 

Une fois que la Console de récupération Microsoft Windows est installée via ComboFix, tu dois voir le message suivant:

• Tape sur la touche Y (Yes) pour poursuivre avec la recherche de nuisibles.
  
• Lorsque le scan est terminé, un rapport sera généré : poste en le contenu dans ton prochain message.
  
• Si le rapport est trop long, poste le en deux fois.
  
• Si tu ne vois pas le rapport, tu le trouveras ici > C:\ComboFix.txt
  

Note: as tu le même problème avec Internet Explorer ?

[laur33]

Aïe! premier os!!

Je suppose que combofix travaille en mode sans échec: j'avais déjà fait l'essai:

Lors d'une attaque virus (2 ans déjà), j'avais eu qques pb de PC, et depuis le mode sans échec n'est plus fonctionnel.

En lançant combofix (ou laur.exe à l'instant), le PC s'est mis dans une boucle infernale (arret->marche->arret->etc.). j'ai du démarrer sous "dernière bonne configuration connue", puis tuer le process en cours et finalement renommer le répertoire C/laur (merci unlocker) pour récupérer la main.

(et j'ai vérifié, le combofix.txt n'a pas été créé)

Et je ne sais pas comment récupérer ce mode sans échec (il me semble qu'à l'époque j'avais essayé sans succès une réparation windows avec le cd d'instal).

A ta question: ai-je le problème avec IE, je répondrais apparemment non:

j'utilise rarement IE, mais il y a 15 jours (avant de virer tous les fichiers sous \Application Data\Mozilla\Firefox), le problème était devenu si bloquant, que je suis passé sous IE qui marchait normalement. En regardant dans le gestionnaire des tâche, je ne l'ai jamais vu en route.

Alors que pour firefox, c'est presque systématique: au bout de 2-3heures (PC sous tension mais non utilisé, firefox fermé), firefox apparait dans le gestionnaire de tâches (mais pas à l'écran).

Modifié le 29 janvier 2010 par laur33

[Thanos]

aie! désolé laur33!! le système est manifestement plus abimé que ne laisse prévoir le rapport rsit...

 

J'imagine que tu as sauvegardé tes données importantes ? si non fais le dès à présent pour éviter les désagrément car on est jamais à l'abri d'un plantage comme tu vois!

 

On va utiliser un autre outil >>

 

1°) Télécharge GMER Rootkit Scanner du lien suivant :

 

http://www.gmer.net/#files

 

- Clique sur le bouton "Download EXE"

- Sauvegarde-le sur ton Bureau

- Colle et sauvegarde ces instructions dans un fichier texte ou imprime-les, car tu devras fermer le navigateur.

- Ferme les fenêtres de navigateur ouvertes

- Lance le fichier téléchargé (le nom comporte 8 chiffres/lettres aléatoires) par double clic ;

- Si l'outil te lance un warning d'activité de rootkit et te demande de faire un scan ; clique "NO"

- Dans la section de droite de la fenêtre de l'outil, décoche les options suivantes :

• Sections
  
• IAT/EAT
  
• **Assure-toi que "Show All" est décoché**
  

- Clique maintenant sur le bouton "Scan" et patiente (cela peut prendre 10 minutes ou +)

- Lorsque l'analyse sera terminée, clique sur le bouton "Save..." (au bas à droite) ;

- Nomme le fichier"Ark.txt" et sauvegarde-le sur le Bureau ;

- Copie/colle le contenu de ce rapport dans ta réponse.

 

FoxScan est un outil développé par Loup blanc pour l'affichage et l'analyse des paramètres du navigateur Mozilla FireFox afin d'y détecter des éléments anormaux voire infectieux.

 

2°) Scan des paramètres de FireFox >>

 

• Télécharge FoxScan dans le répertoire de ton choix, par exemple dans celui dans lequel tu ranges les outils à conserver : Mes Documents\Mes Téléchargements.
  
• Ouvre le répertoire dans lequel tu as téléchargé et double clique sur FoxScan.exe
  
• Une fenêtre de commande s'ouvre et affiche quelques informations générales.
  
• Laisse faire l'outil jusqu'à affichage de "Recherches terminées.
  Appuyer sur une touche pour continuer...". Appuie par exemple sur [Entrée].
  
• Le programme ouvre alors son rapport dans une fenêtre du Bloc-notes.
  Ce rapport est aussi rangé dans le même répertoire que FoxScan.bat sous le nom de Rapport-FS.txt.
  
• Poste ce rapport sur le forum (effectue un copier-coller) pour le soumettre à l'analyse du Conseiller en sécurité que te l'a demandé.
  
• Ferme le Bloc-notes et attends les instructions du Conseiller.
  

Note: FoxScan étant un outil d'affichage, il n'est pas dangereux et peut être conservé sur le disque. Néanmoins, il est conseillé de télécharger la version la plus récente avant utilisation car des améliorations ont pu y être apportées.

[laur33]

Bonjour Thanos.

 

ah, je ne pensais pas que mon pc poserait tant de problèmes.

j'ai essayé de faire les 2 manips proposées (1) et 2)):

 

la 2ème avec foxscan n'a pas posé de problèmes (voir rapport ci-dessous)

 

mais pour la 1ère avec GMER Rootkit Scanner, je l'ai lancé 4 fois:

la première: le PC a planté (peut-être l'écran de veille) --> reset et désactivation de l'écran de veille

2ème essai: au bout de 10mn de scan environ, le PC redémarre tout seul

3ème essai: au bout de 10mn (env. l'application plante) --> reset

4ème essai: comme le 2ème.

J'avais fermé toutes les application, désactivé l'antivirus.

Faut-il que j'arrête le scan avant la fin (apparemment, seule la base de registre a été scannée avant chaque plantage)

 

 

2) rapport de Foxscan:

FoxScan Version 1.1.1

Par Loup blanc - Zebulon.fr

Scan lancé le 28/01/2010 à 15:58

 

Microsoft Windows XP Professionnel Service Pack 3 [version 5.1.2600]

 

Mozilla Firefox version : 3.6 (fr)

Dossier d'installation : C:\Program Files\Mozilla Firefox

 

 

================================================================================

=

---------- Compte utilisateur : bastien

================================================================================

=

 

 

Profil : default

Dossier du profil : C:\Documents and Settings\bastien\Application Data\mozilla\firefox\Profiles\xzvjh5f4.default\

Pages de démarrage prefs.js : "http://fr.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official"

 

 

//////////// Configuration \\\\\\\\\\\\\

======= Profil : default =======

 

Mise à jour Firefox : Activé

Mise à jour des modules complémentaires : Activé

Mise à jour des moteurs de recherche : Activé

Java : Activé

Javascript : Activé

Proxy : Pas de Proxy

 

 

 

 

//////////// Modules complémentaires \\\\\\\\\\\\\

 

======= Profil : default =======

 

La notification d'installation des modules complémentaires est activée

 

 

 

 

//////////// Plugins de recherche \\\\\\\\\\\\\

 

======= Profil : default =======

 

Recherche dans "prefs.js" :

 

browser.search.defaultenginename :

browser.search.defaulturl :

browser.search.selectedEngine :

keyword.URL :

keyword.enable :

 

 

User.js trouvé

 

browser.search.defaultenginename :

browser.search.defaulturl :

browser.search.selectedEngine :

keyword.URL :

keyword.enable :

 

 

--------- Moteurs de recherche trouvés ------------

+ Formulaire de recherche configuré pour le moteur

 

 

C:\Documents and Settings\bastien\Application Data\mozilla\firefox\Profiles\xzvjh5f4.default\searchplugins\siteadvisor.xml

Template : http://www.siteadvisor.com/lookup?q

 

 

 

 

 

================================================================================

=

---------- Compte utilisateur : laurent [session en cours]

================================================================================

=

 

 

Profil : default

Dossier du profil : C:\Documents and Settings\laurent\Application Data\mozilla\firefox\Profiles\ol87xva0.default\

 

 

//////////// Configuration \\\\\\\\\\\\\

======= Profil : default =======

 

Mise à jour Firefox : Activé

Mise à jour des modules complémentaires : Activé

Mise à jour des moteurs de recherche : Activé

Java : Activé

Javascript : Activé

Proxy : Pas de Proxy

 

 

 

 

//////////// Modules complémentaires \\\\\\\\\\\\\

 

======= Profil : default =======

 

La notification d'installation des modules complémentaires est activée

 

Nom : Default

Dossier : C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\

Etat : actif

 

Nom : Java Console

Dossier : C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\

Etat : actif

 

 

 

 

 

Nom : AutoPager

Dossier : C:\Documents and Settings\laurent\Application Data\mozilla\firefox\Profiles\ol87xva0.default\extensions\autopager@mozilla.org\

Etat : actif

 

Nom : Tab Kit

Dossier : C:\Documents and Settings\laurent\Application Data\mozilla\firefox\Profiles\ol87xva0.default\extensions\tabkit@jomel.me.uk\

Etat : Inactif

 

Nom : Forecastfox

Dossier : C:\Documents and Settings\laurent\Application Data\mozilla\firefox\Profiles\ol87xva0.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}\

Etat : Inactif

 

Nom : Microsoft .NET Framework Assistant

Dossier : C:\Documents and Settings\laurent\Application Data\mozilla\firefox\Profiles\ol87xva0.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\

Etat : actif

 

Nom : Adblock Plus

Dossier : C:\Documents and Settings\laurent\Application Data\mozilla\firefox\Profiles\ol87xva0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}\

Etat : actif

 

 

Nom : Java Quick Starter

Dossier : C:\Program Files\Java\jre6\lib\deploy\jqs\ff\

Etat : actif

 

Nom : BitDefender Antiphishing Toolbar

Dossier : C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\

Etat : actif

 

 

 

 

 

//////////// Plugins de recherche \\\\\\\\\\\\\

 

======= Profil : default =======

 

Recherche dans "prefs.js" :

 

browser.search.defaultenginename :

browser.search.defaulturl :

browser.search.selectedEngine :

keyword.URL :

keyword.enable :

 

 

--------- Moteurs de recherche trouvés ------------

+ Formulaire de recherche configuré pour le moteur

 

 

 

 

 

================================================================================

=

---------- Compte utilisateur : LocalService

================================================================================

=

 

 

Profil : default

Dossier du profil : C:\Documents and Settings\LocalService\Application Data\mozilla\firefox\Profiles\6oc1lkn1.default\

Pages de démarrage prefs.js : "http://en-us.start.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:fr:official"

 

 

//////////// Configuration \\\\\\\\\\\\\

======= Profil : default =======

 

Mise à jour Firefox : Activé

Mise à jour des modules complémentaires : Activé

Mise à jour des moteurs de recherche : Activé

Java : Activé

Javascript : Activé

Proxy : Pas de Proxy

 

 

 

 

//////////// Modules complémentaires \\\\\\\\\\\\\

 

======= Profil : default =======

 

La notification d'installation des modules complémentaires est activée

 

 

 

 

//////////// Plugins de recherche \\\\\\\\\\\\\

 

======= Profil : default =======

 

Recherche dans "prefs.js" :

 

browser.search.defaultenginename :

browser.search.defaulturl :

browser.search.selectedEngine :

keyword.URL :

keyword.enable :

 

 

User.js trouvé

 

browser.search.defaultenginename :

browser.search.defaulturl :

browser.search.selectedEngine :

keyword.URL :

keyword.enable :

 

 

--------- Moteurs de recherche trouvés ------------

+ Formulaire de recherche configuré pour le moteur

 

 

 

 

 

================================================================================

=

---------- Compte utilisateur : pépé

================================================================================

=

 

 

Profil : default

Dossier du profil : C:\Documents and Settings\pépé\Application Data\mozilla\firefox\Profiles\4joczkou.default\

 

 

//////////// Configuration \\\\\\\\\\\\\

======= Profil : default =======

 

Mise à jour Firefox : Activé

Mise à jour des modules complémentaires : Activé

Mise à jour des moteurs de recherche : Activé

Java : Activé

Javascript : Activé

Proxy : Pas de Proxy

 

 

 

 

//////////// Modules complémentaires \\\\\\\\\\\\\

 

======= Profil : default =======

 

La notification d'installation des modules complémentaires est activée

 

Nom : Default

Dossier : C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}\

Etat : actif

 

Nom : Java Console

Dossier : C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\

Etat : actif

 

 

 

 

 

Nom : Microsoft .NET Framework Assistant

Dossier : C:\Documents and Settings\pépé\Application Data\mozilla\firefox\Profiles\4joczkou.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}\

Etat : actif

 

 

Nom : Java Quick Starter

Dossier : C:\Program Files\Java\jre6\lib\deploy\jqs\ff\

Etat : actif

 

Nom : BitDefender Antiphishing Toolbar

Dossier : C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\

Etat : actif

 

 

 

 

//////////// Plugins de recherche \\\\\\\\\\\\\

 

======= Profil : default =======

 

Recherche dans "prefs.js" :

 

browser.search.defaultenginename :

browser.search.defaulturl :

browser.search.selectedEngine :

keyword.URL :

keyword.enable :

 

 

--------- Moteurs de recherche trouvés ------------

+ Formulaire de recherche configuré pour le moteur

 

 

 

 

 

================================================================================

=

---------- Section commune

================================================================================

=

 

//////////// DLL présentes dans C:\Program Files\Mozilla Firefox\components \\\\\\\\\\\\\

 

browserdirprovider.dll

brwsrcmp.dll

FFComm.dll

 

 

------------------------------------------------------

 

//////////// Plugins de recherche \\\\\\\\\\\\\

 

--------- Moteurs de recherche trouvés ------------

+ Formulaire de recherche configuré pour le moteur

 

 

C:\Program Files\Mozilla Firefox\searchplugins\amazon-france.xml

Template : http://www.amazon.fr/exec/obidos/external-search/

 

 

C:\Program Files\Mozilla Firefox\searchplugins\cnrtl-tlfi-fr.xml

Template : http://www.cnrtl.fr/lexicographie/{searchTerms}

 

 

C:\Program Files\Mozilla Firefox\searchplugins\eBay-france.xml

Template : http://rover.ebay.com/rover/1/709-47295-17703-3/4

 

 

C:\Program Files\Mozilla Firefox\searchplugins\google.xml

Template : http://www.google.com/search

 

 

C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-fr.xml

Template : http://fr.wikipedia.org/wiki/Special:Recherche

 

 

C:\Program Files\Mozilla Firefox\searchplugins\yahoo-france.xml

Template : http://fr.search.yahoo.com/search

 

 

 

------------------------------------------------------

 

//////////// Plugins configurés dans la Base de registre \\\\\\\\\\\\\

 

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@adobe.com/FlashPlayer]

"Description"="Adobe® Flash® Player 10"

"Vendor"="Adobe Systems Incorporated"

"Path"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@divx.com/DivX Browser Plugin,version=1.0.0]

"Description"="DivX Web Player"

"Vendor"="DivX,Inc."

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@Google.com/GoogleEarthPlugin]

"Description"="Google Earth in your browser"

"Vendor"="Google Inc."

"Path"="C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@ma-config.com/HardwareDetection]

"Description"="Détection de sa configuration"

"Vendor"="CybelSoft"

"Path"="C:\Program Files\ma-config.com\nphardwaredetection.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@Microsoft.com/NpCtrl,version=1.0]

"Description"="Ag Player Plugin"

"Vendor"="Microsoft"

"Path"="c:\Program Files\Microsoft Silverlight\3.0.50106.0\npctrl.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/WLPG,version=14.0.8064.0206]

"Description"="WLPG Install MIME type"

"Vendor"="Microsoft"

"Path"="C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@microsoft.com/WPF,version=3.5]

"Description"="Windows Presentation Foundation plug-in for Mozilla browsers"

"Vendor"="Microsoft Corp."

"Path"="c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@pack.google.com/Google Updater;version=13]

"Description"="Google Updater"

"Vendor"="Google Inc."

"Path"="C:\Program Files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nppl3260;version=6.0.12.69]

"Description"="RealPlayer LiveConnect-Enabled Plug-In"

"Vendor"="RealNetworks"

"Path"="C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nprpjplug;version=6.0.12.69]

"Description"="6.0.12.69"

"Vendor"="RealNetworks"

"Path"="C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@real.com/nsJSRealPlayerPlugin;version=]

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@tools.google.com/Google Update;version=8]

"Description"="Google Update"

"Vendor"="Google"

"Path"="C:\Program Files\Google\Update\1.2.183.13\npGoogleOneClick8.dll"

 

[HKEY_LOCAL_MACHINE\software\mozillaplugins\@zylom.com/ZylomGamesPlayer]

"Description"="Zylom Games Player 1.00"

"Vendor"="zylom"

"Path"="C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll"

 

 

------------------------------------------------------

 

//////////// Recherche additionnelles... \\\\\\\\\\\\\

 

==== Extension supplémentaire ====

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]

"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

 

"jqs@sun.com"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

 

"FFToolbar@bitdefender.com"="C:\Program Files\BitDefender\BitDefender 2010\bdaphffext\"

 

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.6\extensions]

 

 

=========================== Fin du rapport ===========================

[Thanos]

salut

 

Oui ca se corse ^^ : peut être l'activité d'un rootkit la dessous... De même, désactive temporairement l'antivirus le temps de faire le scan proposé en étape 2.

 

1°) J'aimerai que tu fasses analyser ce fichier en ligne stp >>

 

Rend toi à cette adresse => http://www.virustotal.com/

 

Tu as une case nommée "Parcourir": tu cliques dessus et une fenêtre s'ouvre=> copie/colle ceci dans le champs à droite de "Nom du Fichier" en bas de page >> C:\WINDOWS\system32\winlogon.exe

 

Clique maintenant sur "ouvrir" en bas de la fenêtre puis sur "Envoyer le fichier". Le scan de ce fichier va débuter. Tu n'as plus qu'à sélectionner puis copier /coller l'analyse dans ton prochain message.

Note: les fichiers uploadés sont mis en attente, car le virusscan est sollicité! patiente (un message t'indique le temps que ca prendra pour faire analyser)

 

Note: il arrive parfois que le fichier ait déjà été analysé. Si c'est le cas, clique sur le bouton Reanalyse file now

 

2°) On va tenter un autre scan >>

 

Étape 1: RootRepeal (de AD)

Télécharger RootRepeal via un clic droit sur l'un des liens ci-dessous:

http://ad13.geekstogo.com/RootRepeal.zip

http://rootrepeal.googlepages.com/RootRepeal.zip

http://rootrepeal.psikotick.com/RootRepeal.zip

Enregistrer le fichier sur le Bureau.

Créer un nouveau dossier nommé RootRepeal à la racine du disque système (généralement C:\)

 

Décompresser l'archive téléchargée dans ce nouveau dossier RootRepeal

 

 

Étape 2: Pas de processus de contrôle en temps réel

Désactiver le module résident de l'antivirus et celui de l'antispyware.

Avira Antivir: clic droit sur l'icône dans la barre des tâches (à coté de l'horloge), décocher "Activer Antivir Guard/AntiVir Guard enable"

 

 

 

Étape 3: RootRepeal (de AD)

Dans l'Explorateur, ouvrir le dossier RootRepeal

Faire un double clic sur RootRepeal.exe pour lancer l'outil.

Sous Windows Vista, faire un clic droit sur RootRepeal.exe puis choisir "Exécuter en tant qu'Administrateur" pour lancer l'outil.

 

Cliquer sur l'onglet Report (en bas de la fenêtre) comme ceci:

 

Cliquer sur le bouton Scan

 

Dans la nouvelle fenêtre Select Scan, cocher:

+ Drivers

+ Files

+ Processes

+ SSDT

+ Stealth Objects

+ Hidden Services

+ Shadow SSDT

 

Cliquer sur le bouton OK

Dans la nouvelle fenêtre Select Drives, cocher le lecteur système (généralement C:\)

 

Cliquer sur le bouton OK pour lancer l'analyse

 

Note: Cette analyse prend un certain temps. NE PAS LANCER d'autres programmes tant qu'elle est active.

 

Lorsque l'analyse est terminée, le bouton Save Report sera disponible.

 

Cliquer sur ce bouton Save Report et enregistrer le fichier rapport dans le dossier RootRepeal sous le nom RootRepeal-$$$$$$.txt

 

Ouvrir le menu File, cliquer sur Exit pour fermer le programme.

 

 

Étape 4: Processus de contrôle en temps réel

Important: Réactiver le module résident de l'antivirus et celui de l'antispyware.

 

 

Étape 5: Résultats

Envoyer en réponse:

*- le rapport de RootRepeal (contenu du fichier RootRepeal-$$$$$$.txt)

Ce rapport peut être très long. Bien vérifier qu'il est complet dans le message envoyé. Si nécessaire, le découper en plusieurs messages.

[laur33]

Bonsoir!

j'ai fait les 2 manips qui se sont bien déroulées (je que je trouve super, ce sont les procédures vraiment bien faites).

 

rapport de virustotal:

 

Fichier winlogon.exe reçu le 2010.01.30 19:02:14 (UTC)

Situation actuelle: terminé

Résultat: 0/41 (0%)

 

(tu me dis si je dois t'envoyer les informations additionnelles qui m'ont l'air illisibles)

 

rapport RootRepeal:

 

ROOTREPEAL © AD, 2007-2009

==================================================

Scan Start Time: 2010/01/30 19:35

Program Version: Version 1.3.5.0

Windows Version: Windows XP Media Center Edition SP3

==================================================

 

Drivers

-------------------

Name: apauz95v.SYS

Image Path: C:\WINDOWS\System32\Drivers\apauz95v.SYS

Address: 0xB9A54000 Size: 425984 File Visible: No Signed: -

Status: -

 

Name: PCI_NTPNP4802

Image Path: \Driver\PCI_NTPNP4802

Address: 0x00000000 Size: 0 File Visible: No Signed: -

Status: -

 

Name: rootrepeal.sys

Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys

Address: 0xA8CEE000 Size: 49152 File Visible: No Signed: -

Status: -

 

Hidden/Locked Files

-------------------

Path: C:\hiberfil.sys

Status: Locked to the Windows API!

 

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.28.crwl

Status: Allocation size mismatch (API: 280, Raw:

 

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.49.crwl

Status: Allocation size mismatch (API: 280, Raw: 144)

 

Path: c:\documents and settings\all users\application data\microsoft\search\data\applications\windows\gatherlogs\systemindex\systemindex.53.crwl

Status: Allocation size mismatch (API: 280, Raw: 144)

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\fofolle33kzo@hotmail.fr\DFSR\Staging\CS{90E158D7-8431-9FD3-DADE-3DFD2F431A3B}\69\359-{4E8459F4-0555-43AD-8771-2F03872CDFBD}-v169-{4E8459F4-0555-43AD-8771-2F03872CDFBD}-v359-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\justineau@hotmail.fr\DFSR\Staging\CS{9E79C0A8-B2F3-F52A-1679-804D1DEA66CF}\12\13-{43~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\larouliadu33@hotmail.fr\DFSR\Staging\CS{5D5B744F-3EEE-523B-475C-E015A9525537}\18\18-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v18-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v18-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\76\1376-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1376-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1376-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\76\1649-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\76\976-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v976-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v976-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\00\1496-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\01\1499-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\02\1502-{~1.FRX:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\77\1377-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1377-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1377-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\77\977-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v977-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v977-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\78\1378-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1378-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1378-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\79\1379-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1379-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1379-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\80\1380-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1380-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1380-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\81\1381-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1381-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1381-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\82\1382-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1382-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1382-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\83\1383-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1383-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1383-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\84\1384-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1384-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1384-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\90\1466-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1290-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1466-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\91\1469-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1291-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1469-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\92\1472-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1292-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1472-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\93\1475-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1293-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1475-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\94\1478-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1294-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1478-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\95\1481-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1295-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1481-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\95\1596-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1595-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1596-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\96\1484-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1296-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1484-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\97\1487-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1297-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1487-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\98\1490-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1298-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1490-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\99\1493-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1299-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1493-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\63\1063-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1063-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1063-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\68\1368-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1368-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1368-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\69\1369-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1369-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1369-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\70\1370-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1370-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1370-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\71\1371-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1371-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1371-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\72\1372-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1372-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1372-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\73\1373-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1373-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1373-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\74\974-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v974-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v974-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\75\1375-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1375-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v1375-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\maagiik_ch3riie@hotmail.fr\DFSR\Staging\CS{07FD6252-C117-5A0D-6A9A-E09E92A1A660}\75\975-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v975-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v975-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\34\534-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v534-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v534-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\11\511-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v511-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v511-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\17\517-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v517-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v517-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\18\518-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v518-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v518-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\19\519-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v519-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v519-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\20\520-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v520-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v520-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\21\521-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v521-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v521-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\22\522-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v522-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v522-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\23\523-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v523-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v523-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\24\524-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v524-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v524-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\25\525-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v525-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v525-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\26\526-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v526-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v526-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\27\527-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v527-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v527-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\28\528-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v528-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v528-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\29\529-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v529-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v529-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\30\530-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v530-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v530-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\31\531-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v531-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v531-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\32\532-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v532-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v532-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\33\533-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v533-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v533-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\35\535-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v535-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v535-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\niwato@web.de\DFSR\Staging\CS{31AAA1A2-EA83-6187-6D53-ED6511A5AE55}\37\537-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v537-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v537-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\65\165-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v165-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v165-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\19\119-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v119-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v119-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\31\131-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v131-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v131-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\32\132-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v132-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v132-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\34\134-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v134-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v134-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\35\135-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v135-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v135-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\36\136-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v136-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v136-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\37\137-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v137-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v137-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows API, but not on disk.

 

Path: C:\Documents and Settings\manon\Local Settings\Application Data\Microsoft\Messenger\mounemoune@hotmail.fr\SharingMetadata\vanilleali@hotmail.fr\DFSR\Staging\CS{2A2CBCA5-AB69-D39B-1F94-9326E0983F7B}\38\138-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v138-{43949B8F-4E01-4BF5-BB74-AE6257B77A2F}-v138-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

Status: Visible to the Windows SSDT

-------------------

#: 017 Function Name: NtAllocateVirtualMemory

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7884

 

#: 019 Function Name: NtAssignProcessToJobObject

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7bf0

 

#: 031 Function Name: NtConnectPort

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c8da0

 

#: 037 Function Name: NtCreateFile

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c85b6

 

#: 041 Function Name: NtCreateKey

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c920a

 

#: 047 Function Name: NtCreateProcess

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7d3a

 

#: 048 Function Name: NtCreateProcessEx

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7dbc

 

#: 050 Function Name: NtCreateSection

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c83da

 

#: 053 Function Name: NtCreateThread

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7486

 

#: 066 Function Name: NtDeviceIoControlFile

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c930a

 

#: 068 Function Name: NtDuplicateObject

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90cb9f4

 

#: 071 Function Name: NtEnumerateKey

Status: Hooked by "sptd.sys" at address 0xb9ec3fb2

 

#: 073 Function Name: NtEnumerateValueKey

Status: Hooked by "sptd.sys" at address 0xb9ec4340

 

#: 084 Function Name: NtFsControlFile

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c944e

 

#: 097 Function Name: NtLoadDriver

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c9d92

 

#: 116 Function Name: NtOpenFile

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c84ca

 

#: 119 Function Name: NtOpenKey

Status: Hooked by "sptd.sys" at address 0xb9ebe0b0

 

#: 122 Function Name: NtOpenProcess

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90cb746

 

#: 125 Function Name: NtOpenSection

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c82fa

 

#: 128 Function Name: NtOpenThread

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90cb874

 

#: 137 Function Name: NtProtectVirtualMemory

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7782

 

#: 160 Function Name: NtQueryKey

Status: Hooked by "sptd.sys" at address 0xb9ec4418

 

#: 177 Function Name: NtQueryValueKey

Status: Hooked by "sptd.sys" at address 0xb9ec4298

 

#: 180 Function Name: NtQueueApcThread

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7c92

 

#: 199 Function Name: NtRequestPort

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c8e30

 

#: 200 Function Name: NtRequestWaitReplyPort

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c8bec

 

#: 210 Function Name: NtSecureConnectPort

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c8fba

 

#: 213 Function Name: NtSetContextThread

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7576

 

#: 240 Function Name: NtSetSystemInformation

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7988

 

#: 247 Function Name: NtSetValueKey

Status: Hooked by "sptd.sys" at address 0xb9ec44aa

 

#: 253 Function Name: NtSuspendProcess

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c76e4

 

#: 254 Function Name: NtSuspendThread

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7646

 

#: 255 Function Name: NtSystemDebugControl

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7b4e

 

#: 257 Function Name: NtTerminateProcess

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90cb6b6

 

#: 258 Function Name: NtTerminateThread

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90cbb02

 

#: 277 Function Name: NtWriteVirtualMemory

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7384

 

Stealth Objects

-------------------

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CREATE]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLOSE]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_READ]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_WRITE]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_EA]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_EA]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_CLEANUP]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_SECURITY]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_SET_QUOTA]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Ntfs, IRP_MJ_PNP]

Process: System Address: 0x8b2551e8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CREATE]

Process: System Address: 0x8a70f1e8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_CLOSE]

Process: System Address: 0x8a70f1e8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_READ]

Process: System Address: 0x8a70f1e8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_WRITE]

Process: System Address: 0x8a70f1e8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8a70f1e8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a70f1e8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a70f1e8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8a70f1e8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_POWER]

Process: System Address: 0x8a70f1e8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a70f1e8 Size: 121

 

Object: Hidden Code [Driver: Cdrom, IRP_MJ_PNP]

Process: System Address: 0x8a70f1e8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_CREATE]

Process: System Address: 0x8b2571e8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_CLOSE]

Process: System Address: 0x8b2571e8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_READ]

Process: System Address: 0x8b2571e8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_WRITE]

Process: System Address: 0x8b2571e8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8b2571e8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8b2571e8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8b2571e8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8b2571e8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_POWER]

Process: System Address: 0x8b2571e8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8b2571e8 Size: 121

 

Object: Hidden Code [Driver: dmio, IRP_MJ_PNP]

Process: System Address: 0x8b2571e8 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CREATE]

Process: System Address: 0x89f601e8 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_CLOSE]

Process: System Address: 0x89f601e8 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_READ]

Process: System Address: 0x89f601e8 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_WRITE]

Process: System Address: 0x89f601e8 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x89f601e8 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x89f154f8 Size: 179

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_POWER]

Process: System Address: 0x89f601e8 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x89f601e8 Size: 121

 

Object: Hidden Code [Driver: USBSTOR, IRP_MJ_PNP]

Process: System Address: 0x89f601e8 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CREATE]

Process: System Address: 0x8ac8f6f0 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_CLOSE]

Process: System Address: 0x8ac8f6f0 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8ac8f6f0 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8ac8f6f0 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_POWER]

Process: System Address: 0x8ac8f6f0 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8ac8f6f0 Size: 121

 

Object: Hidden Code [Driver: usbuhci, IRP_MJ_PNP]

Process: System Address: 0x8ac8f6f0 Size: 121

 

Object: Hidden Code [Driver: iaStor, IRP_MJ_CREATE]

Process: System Address: 0x8b2561e8 Size: 121

 

Object: Hidden Code [Driver: iaStor, IRP_MJ_CLOSE]

Process: System Address: 0x8b2561e8 Size: 121

 

Object: Hidden Code [Driver: iaStor, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8b2561e8 Size: 121

 

Object: Hidden Code [Driver: iaStor, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a874ee0 Size: 288

 

Object: Hidden Code [Driver: iaStor, IRP_MJ_POWER]

Process: System Address: 0x8b2561e8 Size: 121

 

Object: Hidden Code [Driver: iaStor, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8b2561e8 Size: 121

 

Object: Hidden Code [Driver: iaStor, IRP_MJ_PNP]

Process: System Address: 0x8b2561e8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CREATE]

Process: System Address: 0x8b2c91e8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_READ]

Process: System Address: 0x8b2c91e8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_WRITE]

Process: System Address: 0x8b2c91e8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x8b2c91e8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8b2c91e8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8b2c91e8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SHUTDOWN]

Process: System Address: 0x8b2c91e8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_CLEANUP]

Process: System Address: 0x8b2c91e8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_POWER]

Process: System Address: 0x8b2c91e8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8b2c91e8 Size: 121

 

Object: Hidden Code [Driver: Ftdisk, IRP_MJ_PNP]

Process: System Address: 0x8b2c91e8 Size: 121

 

Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_CREATE]

Process: System Address: 0x8ac8c1e8 Size: 121

 

Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_CLOSE]

Process: System Address: 0x8ac8c1e8 Size: 121

 

Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8ac8c1e8 Size: 121

 

Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a7f34f8 Size: 687

 

Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_POWER]

Process: System Address: 0x8ac8c1e8 Size: 121

 

Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8ac8c1e8 Size: 121

 

Object: Hidden Code [Driver: apauz95vࠅఖ灐†¨, IRP_MJ_PNP]

Process: System Address: 0x8ac8c1e8 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CREATE]

Process: System Address: 0x89fb81e8 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLOSE]

Process: System Address: 0x89fb81e8 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x89fb81e8 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x89fb81e8 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_CLEANUP]

Process: System Address: 0x89fb81e8 Size: 121

 

Object: Hidden Code [Driver: NetBT, IRP_MJ_PNP]

Process: System Address: 0x89fb81e8 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CREATE]

Process: System Address: 0x8a75a790 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_CLOSE]

Process: System Address: 0x8a75a790 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x8a75a790 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x8a75a790 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_POWER]

Process: System Address: 0x8a75a790 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x8a75a790 Size: 121

 

Object: Hidden Code [Driver: usbehci, IRP_MJ_PNP]

Process: System Address: 0x8a75a790 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_NAMED_PIPE]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLOSE]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_READ]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_WRITE]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_EA]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_EA]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FLUSH_BUFFERS]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_VOLUME_INFORMATION]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_INTERNAL_DEVICE_CONTROL]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SHUTDOWN]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CLEANUP]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_CREATE_MAILSLOT]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_SECURITY]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_SECURITY]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_POWER]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SYSTEM_CONTROL]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_DEVICE_CHANGE]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_QUERY_QUOTA]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_SET_QUOTA]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: MRxSmb, IRP_MJ_PNP]

Process: System Address: 0x89fa51e8 Size: 121

 

Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_CREATE]

Process: System Address: 0x89f7f790 Size: 121

 

Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_CLOSE]

Process: System Address: 0x89f7f790 Size: 121

 

Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_READ]

Process: System Address: 0x89f7f790 Size: 121

 

Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_QUERY_INFORMATION]

Process: System Address: 0x89f7f790 Size: 121

 

Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_SET_INFORMATION]

Process: System Address: 0x89f7f790 Size: 121

 

Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_QUERY_VOLUME_INFORMATION]

Process: System Address: 0x89f7f790 Size: 121

 

Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_DIRECTORY_CONTROL]

Process: System Address: 0x89f7f790 Size: 121

 

Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_FILE_SYSTEM_CONTROL]

Process: System Address: 0x89f7f790 Size: 121

 

Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_DEVICE_CONTROL]

Process: System Address: 0x89f7f790 Size: 121

 

Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_SHUTDOWN]

Process: System Address: 0x89f7f790 Size: 121

 

Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_LOCK_CONTROL]

Process: System Address: 0x89f7f790 Size: 121

 

Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_CLEANUP]

Process: System Address: 0x89f7f790 Size: 121

 

Object: Hidden Code [Driver: CdfsЅఈ浍浓易觸ƀ, IRP_MJ_PNP]

Process: System Address: 0x89f7f790 Size: 121

 

Shadow SSDT

-------------------

#: 307 Function Name: NtUserAttachThreadInput

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c716c

 

#: 347 Function Name: NtUserDdeSetQualityOfService

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c7100

 

#: 383 Function Name: NtUserGetAsyncKeyState

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c70be

 

#: 414 Function Name: NtUserGetKeyboardState

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c6f80

 

#: 416 Function Name: NtUserGetKeyState

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c6f3a

 

#: 460 Function Name: NtUserMessageCall

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c6cbc

 

#: 475 Function Name: NtUserPostMessage

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c6b46

 

#: 476 Function Name: NtUserPostThreadMessage

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c6b9a

 

#: 491 Function Name: NtUserRegisterRawInputDevices

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c6d1a

 

#: 502 Function Name: NtUserSendInput

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c6b0c

 

#: 549 Function Name: NtUserSetWindowsHookEx

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c6498

 

#: 552 Function Name: NtUserSetWinEventHook

Status: Hooked by "C:\Program Files\BitDefender\BitDefender 2010\bdselfpr.sys" at address 0xa90c67c6

 

==EOF==

[Thanos]

re!

 

J'aimerai stp que tu fasses analyser un fichier pour lequel je n'ai aucune info >

 

Rend toi à cette adresse => http://www.virustotal.com/

 

Tu as une case nommée "Parcourir": tu cliques dessus et une fenêtre s'ouvre=> copie/colle ceci dans le champs à droite de "Nom du Fichier" en bas de page >> C:\WINDOWS\System32\Drivers\apauz95v.SYS

 

Clique maintenant sur "ouvrir" en bas de la fenêtre puis sur "Envoyer le fichier". Le scan de ce fichier va débuter. Tu n'as plus qu'à sélectionner puis copier /coller l'analyse dans ton prochain message.

Note: les fichiers uploadés sont mis en attente, car le virusscan est sollicité! patiente (un message t'indique le temps que ca prendra pour faire analyser)

 

Note: il arrive parfois que le fichier ait déjà été analysé. Si c'est le cas, clique sur le bouton Reanalyse file now