Se connecter / S'enregistrer
Votre question

Arret du systeme suite à l'arret de services.exe

Tags :
  • Sécurité
Dernière réponse : dans Sécurité et virus
12 Janvier 2007 17:41:17

Bonjour, j'ai un problème, le sujet existe déjà mais je n'ai rien compris aux solutions, si ces solutions marchent.


Alors voilà, souvent maintenant, lorsque je redémarre, et que l'ordi arrive sur ma session, un popup d'erreur s'ouvre pour me dire que services.exe a rencontré une erreur et qu'il doit s'arreter. Je clique sur "Ne pas envoyer", et là un autre popup, celui la pour me dire que mon systeme va redémarrer automatiquement dans 1 min, avec un compte à rebours.

Ce virus me rappelle ma jeunesse...

Cependant, j'ai essayé mais je n'arrive pas à l'enlever. Si quelqu'un pouvait se pencher sur mon logfile HijackThis et me donner un coup de main ça serait vraiment cool !


Logfile of HijackThis v1.99.1
Scan saved at 17:30:50, on 12/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\USBToolbox\Res.EXE
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\YoKo$\Setups et Patches\Virus Alert!, la solution !\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {7733B2EE-5167-447E-BF06-F84ED126EE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - AppInit_DLLs: CLKERN.DLL, iexplore.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe



Voilà, merci d'avance !!

Autres pages sur : arret systeme suite arret services exe

a b 8 Sécurité
12 Janvier 2007 17:55:05

Bonjour,

Télécharge Gmer.
Dézippe le dans un dossier ou sur ton bureau.

Déconnecte toi d'Internet puis et ferme tous les programmes.
Double-clique sur Gmer.exe.

IMPORTANT: Si une alerte de ton antivirus apparaît pour le fichier gmer.sys ou gmer.exe, laisse le s'executer.

Clique sur l'onglet rootkit.
A droite, coche Files et Services.
Clique maintenant sur Scan.

Lorsque le scan est terminé, clique sur Copy.

Ouvre le Bloc-notes puis clique sur le Menu Edition / Coller.
Le rapport doit alors apparaître.
Enregistre le fichier sur ton bureau et copie/colle le contenu ici.
12 Janvier 2007 17:58:30

ok je te fais ca merci mec ;) 
Contenus similaires
12 Janvier 2007 18:05:34

GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-12 18:05:12
Windows 5.1.2600 Service Pack 2


---- Services - GMER 1.0.12 ----

Service C:\WINDOWS\system32:lzx32.sys (*** hidden *** ) [SYSTEM] pe386 <-- ROOTKIT !!!

---- Files - GMER 1.0.12 ----

ADS C:\WINDOWS\system32:lzx32.sys <-- ROOTKIT !!!

---- EOF - GMER 1.0.12 ----
12 Janvier 2007 18:05:51

mais je scanne que ça ?
a b 8 Sécurité
12 Janvier 2007 18:09:27

J'ai eu ce que je voulais ;) 

Télécharge Rustbfix (par ejvindh)
**Si le lien ne fonctionne pas, clique ici**
Sauvegarde-le sur ton Bureau.

Double clique rustbfix.exe afin de lancer l'outil.
Si une infection Rustock.b est détectée, une invite t'indiquera qu'il est nécessaire de redémarrer le PC. Ce redémarrage pourrait être plus long que d'habitude, et il est possible que deux redémarrages soient requis. Tout cela se fera automatiquement.
Suite au(x) redémarrage(s), deux rapports s'ouvriront : (C:\avenger.txt & C:\Rustbfix\pelog.txt).
Poste (Copie/Colle) le contenu de ces deux rapports, ainsi qu'un nouveau log HijackThis dans ta prochaine réponse.
12 Janvier 2007 18:22:57

Il a bien fait deux redémarrages (quoique j'ai du rebooter encore au deuxieme car il s est bloqué sur "Bienvenue..." de windows XP) mais seul avenger s'est ouvert :


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cmlbnias

*******************

Script file located at: \??\C:\imhgnbpn.txt
Script file opened successfully.

Script file read successfully

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Driver PE386 unloaded successfully.
Program C:\Rustbfix\2run.bat successfully set up to run once on reboot.

Completed script processing.

*******************

Finished! Terminate.//////////////////////////////////////////


Logfile of The Avenger version 1, by Swandog46
Running from registry key:
\Registry\Machine\System\CurrentControlSet\Services\cmlbnias

*******************

Script file located at: \??\C:\imhgnbpn.txt

Script file not found! Error

Could not open script file! Status: 0xc0000034 Abort!




et le logfile HijackThis :


Logfile of HijackThis v1.99.1
Scan saved at 18:21:55, on 12/01/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
C:\WINDOWS\system32\oodag.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Logitech\MouseWare\system\em_exec.exe
C:\Program Files\MessengerPlus! 3\MsgPlus.exe
C:\Program Files\USBToolbox\Res.EXE
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
D:\YoKo$\Setups et Patches\Virus Alert!, la solution !\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [Anti-Blaxx Manager] C:\Program Files\Anti-Blaxx\Anti-Blaxx.exe
O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
O4 - Global Startup: BTTray.lnk = ?
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O18 - Protocol: offline-8876480 - {7733B2EE-5167-447E-BF06-F84ED126EE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
O20 - AppInit_DLLs: CLKERN.DLL, iexplore.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\System32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

a b 8 Sécurité
12 Janvier 2007 18:26:43

Re,

Télécharge Clean.zip (de Malekal),
Décompresse-le sur ton bureau (Clique-Droit/Extraire tout), tu dois obtenir un dossier Clean.
Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 1 puis patiente. Poste ensuite le contenu du rapport.
12 Janvier 2007 18:29:35

Merci d'être aussi rapide mec !!

Voilà !


Rapport clean par Malekal_morte - http://www.malekal.com
Option 1, executee le 12/01/2007 a 18:28:31,71

*** Recherche de fichiers sur C:

*** Recherche des fichiers dans C:\WINDOWS\
C:\WINDOWS\UnGins.exe FOUND

*** Recherche des fichiers dans C:\WINDOWS\system32
C:\WINDOWS\system32\SpoonUninstall.exe FOUND

"C:\Program Files\MyGlobalSearch\" FOUND
"C:\Program Files\Viewpoint\" FOUND
*** Fin du rapport !
a b 8 Sécurité
12 Janvier 2007 18:32:05

Re,

Redémarre en mode sans échec

Ouvre le dossier clean, double-clique sur clean.cmd.
Choisis l'option 2 puis patiente.

Redémarre normalement

- Le rapport clean : Poste de travail / double clic sur disque C / double-clic sur rapport_clean.txt et copier/coller le contenu ici C:\rapport_clean.txt
12 Janvier 2007 18:45:38

Voici le rapport_clean



Script execute en mode sans echec
Rapport clean par Malekal_morte - http://www.malekal.com
Option 2, executee le 12/01/2007 a 18:39:54,75

Microsoft Windows XP [version 5.1.2600]

*** Suppression de fichiers sur C:

*** Suppression des fichiers dans C:\WINDOWS\
tentative de suppression de C:\WINDOWS\UnGins.exe

*** Suppression des fichiers dans C:\WINDOWS\system32
tentative de suppression de C:\WINDOWS\system32\SpoonUninstall.exe

tentative de suppression de "C:\Program Files\MyGlobalSearch\"
tentative de suppression de "C:\Program Files\Viewpoint\"

*** Suppression des clefs du registre effectuee..
*** Fin du rapport !
a b 8 Sécurité
12 Janvier 2007 18:46:28

Re,

  • Fais un scan en ligne Kaspersky avec Internet Explorer :
  • Clique sur
  • Clique maintenant sur J'accepte.
  • Valide l'installation d'un ou de plusieurs ActiveX si c'est nécessaire.
  • Patiente pendant l'installation des Mises à jour.
  • Choisis par la suite l'analyse du Poste de travail
  • Sauvegarde puis colle le rapport généré en fin d'analyse.

    AIDE : Configurer le contrôle des ActiveX

    NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
    12 Janvier 2007 18:50:50

    ok je te fais ça et je te dis quand c'est fini.


    Merci man !
    a b 8 Sécurité
    12 Janvier 2007 18:54:39

    Oki ;) 
    12 Janvier 2007 19:04:47

    mais ça dure trop longtemps c'est normal ?

    14500 fichiers en 12 min...


    Ca va etre long j'en ai au moins 250 000
    a b 8 Sécurité
    12 Janvier 2007 19:08:02

    C'est normal.
    12 Janvier 2007 22:30:23

    KASPERSKY ON-LINE SCANNER REPORT
    Friday, January 12, 2007 10:25:31 PM
    Système d'exploitation : Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
    Kaspersky On-line Scanner version : 5.0.83.0
    Dernière mise à jour de la base antivirus Kaspersky : 12/01/2007
    Enregistrements dans la base antivirus Kaspersky : 243598
    Paramètres d'analyse
    Analyser avec la base antivirus suivante standard
    Analyser les archives vrai
    Analyser les bases de messagerie vrai
    Cible de l'analyse Poste de travail
    A:\
    C:\
    D:\
    E:\
    F:\
    G:\
    Statistiques de l'analyse
    Total d'objets analysés 86852
    Nombre de virus trouvés 1
    Nombre d'objets infectés 5 / 0
    Nombre d'objets suspects 0
    Durée de l'analyse 01:44:45

    Nom de l'objet infecté Nom du virus Dernière action
    C:\Documents and Settings\All Users\Application Data\Bluebeam Software\Brewery\V4\Printer Support\BBPDFPortMon.log L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\37dc41e1872de1391b16a8d06cb535d3_3b50369d-04fa-45d4-9f76-f7f5bed64361 L'objet est verrouillé ignoré
    C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\902b5cff5a0cafa93c5b701f7960ed7b_3b50369d-04fa-45d4-9f76-f7f5bed64361 L'objet est verrouillé ignoré
    C:\Documents and Settings\KikLeyOkOs\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\KikLeyOkOs\Local Settings\Application Data\Microsoft\Feeds Cache\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\KikLeyOkOs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\KikLeyOkOs\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\KikLeyOkOs\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\KikLeyOkOs\Local Settings\Historique\History.IE5\MSHist012007011220070113\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\KikLeyOkOs\Local Settings\Temp\mpl27D.tmp L'objet est verrouillé ignoré
    C:\Documents and Settings\KikLeyOkOs\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\KikLeyOkOs\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\KikLeyOkOs\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Cookies\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Historique\History.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\LocalService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft\Windows\UsrClass.dat.LOG L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\NTUSER.DAT L'objet est verrouillé ignoré
    C:\Documents and Settings\NetworkService\ntuser.dat.LOG L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\aswResp.dat L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\Avast4.db L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\log\AshWebSv.ws L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\log\nshield.log L'objet est verrouillé ignoré
    C:\Program Files\Alwil Software\Avast4\DATA\report\Protection résidente.txt L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\BWDocMap.pht L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\BWInfopakMap.pht L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\chandir.dat L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\chandir.idx L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\chn.dat L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\chn.idx L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\D0000000.FCS L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\inuse.txt L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\L0000012.FCS L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\main.log L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\prs.dat L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\prs.idx L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\prs_die.dat L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\prs_die.idx L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\prs_dnd.dat L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\prs_dnd.idx L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\prs_ext.dat L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\prs_ext.idx L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\prs_rcv.dat L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\prs_rcv.idx L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\storydb.dat L'objet est verrouillé ignoré
    C:\Program Files\Logitech\Desktop Messenger\8876480\Users\KikLeyOkOs\Data\storydb.idx L'objet est verrouillé ignoré
    C:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    C:\System Volume Information\_restore{6A3CF061-E53F-4CCB-A951-8DCBE84FEFC4}\RP2\change.log L'objet est verrouillé ignoré
    C:\WINDOWS\Debug\PASSWD.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\SchedLgU.Txt L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\EventCache\{91527D10-94D0-4E4F-AD9D-B1BAF949E57E}.bin L'objet est verrouillé ignoré
    C:\WINDOWS\SoftwareDistribution\ReportingEvents.log L'objet est verrouillé ignoré
    C:\WINDOWS\Sti_Trace.log L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\ACEEvent.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Antivirus.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\AppEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\default.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\Internet.evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SAM.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SecEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SECURITY.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\software.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\SysEvent.Evt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system L'objet est verrouillé ignoré
    C:\WINDOWS\system32\config\system.LOG L'objet est verrouillé ignoré
    C:\WINDOWS\system32\drivers\sptd.sys L'objet est verrouillé ignoré
    C:\WINDOWS\system32\h323log.txt L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.BTR L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\INDEX.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING.VER L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING1.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\MAPPING2.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.DATA L'objet est verrouillé ignoré
    C:\WINDOWS\system32\wbem\Repository\FS\OBJECTS.MAP L'objet est verrouillé ignoré
    C:\WINDOWS\Temp\Perflib_Perfdata_510.dat L'objet est verrouillé ignoré
    C:\WINDOWS\Temp\_avast4_\Webshlock.txt L'objet est verrouillé ignoré
    C:\WINDOWS\wiadebug.log L'objet est verrouillé ignoré
    C:\WINDOWS\wiaservc.log L'objet est verrouillé ignoré
    C:\WINDOWS\WindowsUpdate.log L'objet est verrouillé ignoré
    D:\System Volume Information\MountPointManagerRemoteDatabase L'objet est verrouillé ignoré
    D:\System Volume Information\_restore{6A3CF061-E53F-4CCB-A951-8DCBE84FEFC4}\RP2\change.log L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0050.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0063.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0064.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0065.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0066.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0067.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0068.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0069.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0070.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0071.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0072.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0073.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0074.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0075.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0076.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0077.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0078.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0080.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0081.jpg L'objet est verrouillé ignoré
    D:\YoKo$\My Pando Packages\Fin novembre debut décembre\Photo-0082.jpg L'objet est verrouillé ignoré
    D:\YoKo$\Setups et Patches\mediaobjsetup.424.exe/stream/data0006 Infecté : Trojan-Downloader.Win32.Zlob.bhk ignoré
    D:\YoKo$\Setups et Patches\mediaobjsetup.424.exe/stream Infecté : Trojan-Downloader.Win32.Zlob.bhk ignoré
    D:\YoKo$\Setups et Patches\mediaobjsetup.424.exe NSIS: infecté - 2 ignoré
    D:\YoKo$\Setups et Patches\mediaobjsetup.424.exe UPX: infecté - 2 ignoré
    D:\YoKo$\Setups et Patches\mediaobjsetup.424.exe PE_Patch.UPX: infecté - 2 ignoré
    Analyse terminée.



    Voilà désolé c'est long...
    a b 8 Sécurité
    12 Janvier 2007 22:46:33

    Supprime ce fichier :
    D:\YoKo$\Setups et Patches\mediaobjsetup.424.exe

    Reposte un rapport Hijackthis.
    13 Janvier 2007 01:40:39

    Logfile of HijackThis v1.99.1
    Scan saved at 01:40:27, on 13/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\USBToolbox\Res.EXE
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\Mozilla Firefox\firefox.exe
    D:\YoKo$\Setups et Patches\Virus Alert!, la solution !\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
    O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {7733B2EE-5167-447E-BF06-F84ED126EE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
    O20 - AppInit_DLLs: CLKERN.DLL, iexplore.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    a b 8 Sécurité
    13 Janvier 2007 12:02:04

    Ton OS est piraté ?
    13 Janvier 2007 14:27:20

    c est koi OS ?


    Si c'est mon windows non il est pas piraté
    a b 8 Sécurité
    13 Janvier 2007 14:40:11

    O20 - AppInit_DLLs: CLKERN.DLL
    -> dll des windows cracké :sarcastic: 

    - Assure toi d'avoir accès aux dossiers/fichiers cachés
    -> Démarrer
    -> Panneau de configuration
    -> Options des Dossiers, onglet Affichage :
    . Clique sur Afficher les dossiers cachés
    . Décoche Masquer les extensions des fichiers dont le type est connu
    . Décoche Masquer les fichiers protégés du système d'exploitation


    Tu as :

    C:\Windows\System32\iexplore.dll
    13 Janvier 2007 21:54:09

    bah c'est bizarre windows je l'ai acheté et installé. J'ai toujours eu peur des windows crackés. Et puis si j'avais eu à le cracker j'aurais mis windows LSD...


    J'en fais quoi de C:\Windows\System32\iexplore.dll ?


    et CLKERN.dll il a pas pu se mettre la avec d'autres programmes crackés parce que je vois vraiment pas comment il aurait pu se retrouver là.
    13 Janvier 2007 22:16:48

    je viens de regarder et en fait je l'ai pas iexplore.dll
    a b 8 Sécurité
    14 Janvier 2007 15:15:03

    Fixe cette ligne alors :
    O20 - AppInit_DLLs: CLKERN.DLL, iexplore.dll

    D'autres problèmes ?
    14 Janvier 2007 15:40:02

    An unexpected error has occurred at procedure: modBackup_MakeBackup(sItem=O20 - AppInit_DLLs: CLKERN.DLL, iexplore.dll)
    Error #5 - Argument ou appel de procédure incorrect

    Please email me at merijn@spywareinfo.com, reporting the following:
    * What you were trying to fix when the error occurred, if applicable
    * How you can reproduce the error
    * A complete HijackThis scan log, if possible

    Windows version: Windows NT 5.01.2600
    MSIE version: 7.0.5730.11
    HijackThis version: 1.99.1

    This message has been copied to your clipboard.
    Click OK to continue the rest of the scan.
    14 Janvier 2007 15:41:38

    ca me fais ca quand je veux fixer la ligne que tu me dis mais en refaisant un HijackThis j'obtiens ça :


    Logfile of HijackThis v1.99.1
    Scan saved at 15:41:27, on 14/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\USBToolbox\Res.EXE
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\PROGRA~1\MOZILL~1\FIREFOX.EXE
    C:\Program Files\Pando Networks\Pando\pando.exe
    D:\YoKo$\Setups et Patches\Virus Alert!, la solution !\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
    O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {7733B2EE-5167-447E-BF06-F84ED126EE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1150\Intel 32\IDriverT.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    a b 8 Sécurité
    14 Janvier 2007 16:30:54

    Fixe cette ligne :
    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost

    D'autres problèmes ?
    15 Janvier 2007 19:49:29

    Voilà, c'est fait, mais mon ordi rame étrangement...


    Voilà mon logfile :



    Logfile of HijackThis v1.99.1
    Scan saved at 19:46:12, on 15/01/2007
    Platform: Windows XP SP2 (WinNT 5.01.2600)
    MSIE: Internet Explorer v7.00 (7.00.5730.0011)

    Running processes:
    C:\WINDOWS\System32\smss.exe
    C:\WINDOWS\system32\winlogon.exe
    C:\WINDOWS\system32\services.exe
    C:\WINDOWS\system32\lsass.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\svchost.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\system32\Ati2evxx.exe
    C:\WINDOWS\system32\spoolsv.exe
    C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    C:\Program Files\Alwil Software\Avast4\ashServ.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    C:\WINDOWS\system32\oodag.exe
    C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
    C:\WINDOWS\System32\svchost.exe
    C:\WINDOWS\Explorer.EXE
    C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe
    C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
    C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    C:\Program Files\MessengerPlus! 3\MsgPlus.exe
    C:\Program Files\USBToolbox\Res.EXE
    C:\Program Files\Logitech\MouseWare\system\em_exec.exe
    C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
    C:\Program Files\iTunes\iTunesHelper.exe
    C:\WINDOWS\system32\ctfmon.exe
    C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    C:\Program Files\iPod\bin\iPodService.exe
    C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe
    C:\Program Files\MSN Messenger\msnmsgr.exe
    C:\Program Files\ATI Technologies\ATI.ACE\CLI.EXE
    C:\Program Files\WIDCOMM\Logiciel Bluetooth\BTTray.exe
    C:\PROGRA~1\WIDCOMM\LOGICI~1\BTSTAC~1.EXE
    C:\WINDOWS\system32\wuauclt.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
    D:\YoKo$\Setups et Patches\Virus Alert!, la solution !\HijackThis.exe

    R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.youtube.com/
    O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
    O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_09\bin\ssv.dll
    O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
    O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\SoundMAX\SMax4PNP.exe
    O4 - HKLM\..\Run: [SoundMAX] "C:\Program Files\Analog Devices\SoundMAX\Smax4.exe" /tray
    O4 - HKLM\..\Run: [Logitech Utility] Logi_MwX.Exe
    O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.5.0_09\bin\jusched.exe"
    O4 - HKLM\..\Run: [LogitechVideoRepair] C:\Program Files\Logitech\Video\ISStart.exe
    O4 - HKLM\..\Run: [LogitechVideoTray] C:\Program Files\Logitech\Video\LogiTray.exe
    O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
    O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
    O4 - HKLM\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe"
    O4 - HKLM\..\Run: [USB Storage Toolbox] C:\Program Files\USBToolbox\Res.EXE
    O4 - HKLM\..\Run: [Pando] "C:\Program Files\Pando Networks\Pando\Pando.exe" /Automation
    O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
    O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe"
    O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
    O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
    O4 - HKCU\..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe
    O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Fichiers communs\Ahead\lib\NMBgMonitor.exe"
    O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
    O4 - HKCU\..\Run: [MessengerPlus3] "C:\Program Files\MessengerPlus! 3\MsgPlus.exe" /WinStart
    O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\msnmsgr.exe" /background
    O4 - Global Startup: BTTray.lnk = ?
    O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
    O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
    O8 - Extra context menu item: E&xporter vers Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
    O8 - Extra context menu item: Envoyer à &Bluetooth - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie_ctx.htm
    O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra 'Tools' menuitem: @btrez.dll,-4017 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Logiciel Bluetooth\btsendto_ie.htm
    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
    O11 - Options group: [INTERNATIONAL] International*
    O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://webscanner.kaspersky.fr/kavwebscan_unicode.cab
    O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst....
    O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
    O18 - Protocol: offline-8876480 - {7733B2EE-5167-447E-BF06-F84ED126EE89} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\BWPlugProtocol-8876480.dll
    O18 - Protocol: widimg - {EE7C2AFF-5742-44FF-BD0E-E521B0D3C3BA} - C:\WINDOWS\system32\btxppanel.dll
    O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
    O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
    O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - Unknown owner - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
    O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
    O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
    O23 - Service: avast! Antivirus - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashServ.exe
    O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
    O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
    O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
    O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Logiciel Bluetooth\bin\btwdins.exe
    O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\11\Intel 32\IDriverT.exe
    O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
    O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
    O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe

    a b 8 Sécurité
    15 Janvier 2007 19:53:02

    A part ça, d'autres problèmes ?
    17 Janvier 2007 00:19:07

    Bah mon pc rame un peu... Et j'arrive pas à ouvrir les Ipod... Dès que j'les connecte ça se met à ramer un truc de ouf et ça veut pas l'ouvrir.
    a b 8 Sécurité
    17 Janvier 2007 13:43:20

    Refais un scan Gmer pour voir.
    28 Janvier 2007 18:19:55

    je suis en train de refaire le scan Gmer
    (désolé d'avoir mis du temps à répondre...).


    Il y a maintenant d'autres problèmes que
    j'aimerais résoudre, mais au niveau d'internet,
    et du BIOS


    Je m'explique :

    J'ai essayé de faire une update de mon BIOS,
    car je n'arrivais pas à télécharger correctement
    les MAJ de World of Warcraft... Cette update a
    eu pour effet de me ralentir mon démarrage, de
    faire buguer MSN, de ralentir mon internet, de faire
    buguer windows media player (à chaque fois que je
    le lance, il se bloque maximum 5 minutes après...)
    j'utilise donc winamp, mais j'aimerais récupérer WMP
    qui est plus pratique...

    Quand j'ouvre le gestionnaire des tâches de temps en
    temps, je vois des processus qui n'étaient pas là avant
    (comme "dwwin.exe"), et je vois aussi des processus
    qui apparaissent plusieur fois (par exemple je vois
    ecrit 2 fois "winamp.exe", et je vois aussi un
    processus au nom de "winampa.exe", ou encore
    je vois 2 fois "ati2evxx.exe", 3 fois "CLI.exe", et
    7 fois "svchost.exe")


    voilà mon rapport Gmer :


    GMER 1.0.12.12011 - http://www.gmer.net
    Rootkit scan:38:22
    Windows 5.1.2600 Service Pack 2


    ---- System - GMER 1.0.12 ----

    SSDT sptd.sys ZwCreateKey
    SSDT sptd.sys ZwEnumerateKey
    SSDT sptd.sys ZwEnumerateValueKey
    SSDT sptd.sys ZwOpenKey
    SSDT \??\C:\Program Files\Grisoft\AVG Anti-
    Spyware 7.5\guard.sys ZwOpenProcess
    SSDT sptd.sys ZwQueryKey
    SSDT sptd.sys ZwQueryValueKey
    SSDT sptd.sys ZwSetValueKey
    SSDT \??\C:\Program Files\Grisoft\AVG Anti-
    Spyware 7.5\guard.sys ZwTerminateProcess

    ---- Kernel code sections - GMER 1.0.12 ----

    .text USBPORT.SYS!DllUnload F6C2762C 5 Bytes JMP 865BA960

    ---- User code sections - GMER 1.0.12 ----

    .text C:\PROGRA~1\MSNMES~1\msnmsgr.
    exe[3888] WS2_32.dll!send 719F428A 5 Bytes JMP 018B48E8 C:\Program
    Files\MessengerPlus! 3\MsgPlusH.dll
    .text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[3888]
    WS2_32.dll!recv 719F615A 5 Bytes JMP 018B48A6 C:\Program
    Files\MessengerPlus! 3\MsgPlusH.dll
    .text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[3888]
    WS2_32.dll!closesocket 719F9639 5 Bytes JMP 018B4408 C:\Program
    Files\MessengerPlus! 3\MsgPlusH.dll
    .text C:\PROGRA~1\MSNMES~1\msnmsgr.exe[3888]
    SHELL32.dll!Shell_NotifyIcon 7CA30C69 5 Bytes JMP 018B1163 C:\Program
    Files\MessengerPlus! 3\MsgPlusH.dll

    ---- Devices - GMER 1.0.12 ----

    Device \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_READ 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA 8675E1D8
    Device \FileSystem\Ntfs \Ntfs IRP_MJ_PNP 8675E1D8
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CREATE
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLOSE
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_READ
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_WRITE
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_INFORMATION
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_INFORMATION
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_EA
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_EA
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FLUSH_BUFFERS
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_QUERY_VOLUME_INFORMATION
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SET_VOLUME_INFORMATION
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DIRECTORY_CONTROL
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_FILE_SYSTEM_CONTROL
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_DEVICE_CONTROL
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_SHUTDOWN
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_LOCK_CONTROL
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_CLEANUP
    Device \FileSystem\Fastfat \FatCdrom IRP_MJ_PNP
    Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CREATE 8654C530
    Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_CLOSE 8654C530
    Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_DEVICE_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_POWER 8654C530
    Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_SYSTEM_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBPDO-0 IRP_MJ_PNP 8654C530
    Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CREATE 8654C530
    Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_CLOSE 8654C530
    Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_DEVICE_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_POWER 8654C530
    Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_SYSTEM_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBPDO-1 IRP_MJ_PNP 8654C530
    Device \Driver\00000068 \Device\00000052 IRP_MJ_POWER [F777AD74] sptd.sys
    Device \Driver\00000068 \Device\00000052 IRP_MJ_SYSTEM_CONTROL [F77942A2] sptd.sys
    Device \Driver\00000068 \Device\00000052 IRP_MJ_PNP [F7795228] sptd.sys
    Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CREATE 8654C530
    Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_CLOSE 8654C530
    Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_DEVICE_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_POWER 8654C530
    Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_SYSTEM_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBPDO-2 IRP_MJ_PNP 8654C530
    Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CREATE 8654C530
    Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_CLOSE 8654C530
    Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_DEVICE_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_POWER 8654C530
    Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_SYSTEM_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBPDO-3 IRP_MJ_PNP 8654C530
    Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CREATE 864ED1D8
    Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_CLOSE 864ED1D8
    Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_DEVICE_CONTROL 864ED1D8
    Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 864ED1D8
    Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_POWER 864ED1D8
    Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_SYSTEM_CONTROL 864ED1D8
    Device \Driver\usbehci \Device\USBPDO-4 IRP_MJ_PNP 864ED1D8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CREATE 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_READ 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_WRITE 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_FLUSH_BUFFERS 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_DEVICE_CONTROL 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SHUTDOWN 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_CLEANUP 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_POWER 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_SYSTEM_CONTROL 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume1 IRP_MJ_PNP 867D21D8
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CREATE 8648C278
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_CLOSE 8648C278
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_READ 8648C278
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_WRITE 8648C278
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_FLUSH_BUFFERS 8648C278
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_DEVICE_CONTROL 8648C278
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8648C278
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SHUTDOWN 8648C278
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_POWER 8648C278
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_SYSTEM_CONTROL 8648C278
    Device \Driver\Cdrom \Device\CdRom0 IRP_MJ_PNP 8648C278
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CREATE 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_READ 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_WRITE 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_FLUSH_BUFFERS 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_DEVICE_CONTROL 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_INTERNAL_DEVICE_CONTROL 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SHUTDOWN 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_CLEANUP 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_POWER 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_SYSTEM_CONTROL 867D21D8
    Device \Driver\Ftdisk \Device\HarddiskVolume2 IRP_MJ_PNP 867D21D8
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CREATE 8648C278
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_CLOSE 8648C278
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_READ 8648C278
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_WRITE 8648C278
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_FLUSH_BUFFERS 8648C278
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_DEVICE_CONTROL 8648C278
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8648C278
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SHUTDOWN 8648C278
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_POWER 8648C278
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_SYSTEM_CONTROL 8648C278
    Device \Driver\Cdrom \Device\CdRom1 IRP_MJ_PNP 8648C278
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CREATE 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_CLOSE 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_DEVICE_CONTROL 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AF3D60] sfsync02.sys
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_POWER 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_SYSTEM_CONTROL 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort0 IRP_MJ_PNP 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CREATE 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_CLOSE 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_DEVICE_CONTROL 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AF3D60] sfsync02.sys
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_POWER 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_SYSTEM_CONTROL 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP2T0L0-5 IRP_MJ_PNP 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CREATE 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_CLOSE 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_DEVICE_CONTROL 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AF3D60] sfsync02.sys
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_POWER 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_SYSTEM_CONTROL 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort1 IRP_MJ_PNP 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CREATE 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_CLOSE 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_DEVICE_CONTROL 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AF3D60] sfsync02.sys
    Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_POWER 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_SYSTEM_CONTROL 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort2 IRP_MJ_PNP 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CREATE 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_CLOSE 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_DEVICE_CONTROL 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AF3D60] sfsync02.sys
    Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_POWER 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_SYSTEM_CONTROL 8675F1D8
    Device \Driver\atapi \Device\Ide\IdePort3 IRP_MJ_PNP 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_CREATE 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_CLOSE 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_DEVICE_CONTROL 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AF3D60] sfsync02.sys
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_POWER 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_SYSTEM_CONTROL 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-1b IRP_MJ_PNP 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_CREATE 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_CLOSE 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_DEVICE_CONTROL 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AF3D60] sfsync02.sys
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_POWER 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_SYSTEM_CONTROL 8675F1D8
    Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-13 IRP_MJ_PNP 8675F1D8
    Device \Driver\NetBT \Device\NetBT_Tcpip_{81A73AB9-FEC2-4279-9F75-
    BC4305F23B0C} IRP_MJ_CREATE 864AD340
    Device \Driver\NetBT \Device\NetBT_Tcpip_{81A73AB9-FEC2-4279-9F75-
    BC4305F23B0C} IRP_MJ_CLOSE 864AD340
    Device \Driver\NetBT \Device\NetBT_Tcpip_{81A73AB9-FEC2-4279-9F75-
    BC4305F23B0C} IRP_MJ_DEVICE_CONTROL 864AD340
    Device \Driver\NetBT \Device\NetBT_Tcpip_{81A73AB9-FEC2-4279-9F75-
    BC4305F23B0C} IRP_MJ_INTERNAL_DEVICE_CONTROL 864AD340
    Device \Driver\NetBT \Device\NetBT_Tcpip_{81A73AB9-FEC2-4279-9F75-
    BC4305F23B0C} IRP_MJ_CLEANUP 864AD340
    Device \Driver\NetBT \Device\NetBT_Tcpip_{81A73AB9-FEC2-4279-9F75-
    BC4305F23B0C} IRP_MJ_PNP 864AD340
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CREATE 8648C278
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_CLOSE 8648C278
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_READ 8648C278
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_WRITE 8648C278
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_FLUSH_BUFFERS 8648C278
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_DEVICE_CONTROL 8648C278
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8648C278
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SHUTDOWN 8648C278
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_POWER 8648C278
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_SYSTEM_CONTROL 8648C278
    Device \Driver\Cdrom \Device\CdRom2 IRP_MJ_PNP 8648C278
    Device \Driver\USBSTOR \Device\00000081 IRP_MJ_CREATE
    Device \Driver\USBSTOR \Device\00000081 IRP_MJ_CLOSE
    Device \Driver\USBSTOR \Device\00000081 IRP_MJ_READ
    Device \Driver\USBSTOR \Device\00000081 IRP_MJ_WRITE
    Device \Driver\USBSTOR \Device\00000081 IRP_MJ_DEVICE_CONTROL
    Device \Driver\USBSTOR \Device\00000081 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AF3D60] sfsync02.sys
    Device \Driver\USBSTOR \Device\00000081 IRP_MJ_POWER
    Device \Driver\USBSTOR \Device\00000081 IRP_MJ_SYSTEM_CONTROL
    Device \Driver\USBSTOR \Device\00000081 IRP_MJ_PNP
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CREATE 864AD340
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLOSE 864AD340
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_DEVICE_CONTROL 864AD340
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_INTERNAL_DEVICE_CONTROL 864AD340
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_CLEANUP 864AD340
    Device \Driver\NetBT \Device\NetBt_Wins_Export IRP_MJ_PNP 864AD340
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CREATE 864AD340
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLOSE 864AD340
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_DEVICE_CONTROL 864AD340
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_INTERNAL_DEVICE_CONTROL 864AD340
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_CLEANUP 864AD340
    Device \Driver\NetBT \Device\NetbiosSmb IRP_MJ_PNP 864AD340
    Device \Driver\USBSTOR \Device\00000086 IRP_MJ_CREATE
    Device \Driver\USBSTOR \Device\00000086 IRP_MJ_CLOSE
    Device \Driver\USBSTOR \Device\00000086 IRP_MJ_READ
    Device \Driver\USBSTOR \Device\00000086 IRP_MJ_WRITE
    Device \Driver\USBSTOR \Device\00000086 IRP_MJ_DEVICE_CONTROL
    Device \Driver\USBSTOR \Device\00000086 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AF3D60] sfsync02.sys
    Device \Driver\USBSTOR \Device\00000086 IRP_MJ_POWER
    Device \Driver\USBSTOR \Device\00000086 IRP_MJ_SYSTEM_CONTROL
    Device \Driver\USBSTOR \Device\00000086 IRP_MJ_PNP
    Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CREATE 8654C530
    Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_CLOSE 8654C530
    Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_DEVICE_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_INTERNAL_DEVICE_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_POWER 8654C530
    Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_SYSTEM_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBFDO-0 IRP_MJ_PNP 8654C530
    Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CREATE 8654C530
    Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_CLOSE 8654C530
    Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_DEVICE_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_INTERNAL_DEVICE_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_POWER 8654C530
    Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_SYSTEM_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBFDO-1 IRP_MJ_PNP 8654C530
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_NAMED_PIPE 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLOSE 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_READ 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_WRITE 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_INFORMATION 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_INFORMATION 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_EA 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_EA 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FLUSH_BUFFERS 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_VOLUME_INFORMATION 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_VOLUME_INFORMATION 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DIRECTORY_CONTROL 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_FILE_SYSTEM_CONTROL 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CONTROL 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_INTERNAL_DEVICE_CONTROL 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SHUTDOWN 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_LOCK_CONTROL 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CLEANUP 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_CREATE_MAILSLOT 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_SECURITY 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_SECURITY 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_POWER 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SYSTEM_CONTROL 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_DEVICE_CHANGE 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_QUERY_QUOTA 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_SET_QUOTA 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanDatagramReceiver IRP_MJ_PNP 862CA980
    Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CREATE 8654C530
    Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_CLOSE 8654C530
    Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_DEVICE_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_INTERNAL_DEVICE_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_POWER 8654C530
    Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_SYSTEM_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBFDO-2 IRP_MJ_PNP 8654C530
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_NAMED_PIPE 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLOSE 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_READ 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_WRITE 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_INFORMATION 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_INFORMATION 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_EA 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_EA 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FLUSH_BUFFERS 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_VOLUME_INFORMATION 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_VOLUME_INFORMATION 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DIRECTORY_CONTROL 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_FILE_SYSTEM_CONTROL 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CONTROL 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_INTERNAL_DEVICE_CONTROL 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SHUTDOWN 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_LOCK_CONTROL 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CLEANUP 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_CREATE_MAILSLOT 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_SECURITY 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_SECURITY 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_POWER 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SYSTEM_CONTROL 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_DEVICE_CHANGE 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_QUERY_QUOTA 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_SET_QUOTA 862CA980
    Device \FileSystem\MRxSmb \Device\LanmanRedirector IRP_MJ_PNP 862CA980
    Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CREATE 8654C530
    Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_CLOSE 8654C530
    Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_DEVICE_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_INTERNAL_DEVICE_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_POWER 8654C530
    Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_SYSTEM_CONTROL 8654C530
    Device \Driver\usbuhci \Device\USBFDO-3 IRP_MJ_PNP 8654C530
    Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CREATE 864ED1D8
    Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_CLOSE 864ED1D8
    Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_DEVICE_CONTROL 864ED1D8
    Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_INTERNAL_DEVICE_CONTROL 864ED1D8
    Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_POWER 864ED1D8
    Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_SYSTEM_CONTROL 864ED1D8
    Device \Driver\usbehci \Device\USBFDO-4 IRP_MJ_PNP 864ED1D8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CREATE 867D21D8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_READ 867D21D8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_WRITE 867D21D8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_FLUSH_BUFFERS 867D21D8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_DEVICE_CONTROL 867D21D8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_INTERNAL_DEVICE_CONTROL 867D21D8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SHUTDOWN 867D21D8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_CLEANUP 867D21D8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_POWER 867D21D8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_SYSTEM_CONTROL 867D21D8
    Device \Driver\Ftdisk \Device\FtControl IRP_MJ_PNP 867D21D8
    Device \Driver\a0h7s1d5 \Device\Scsi\a0h7s1d51 IRP_MJ_CREATE 863E8388
    Device \Driver\a0h7s1d5 \Device\Scsi\a0h7s1d51 IRP_MJ_CLOSE 863E8388
    Device \Driver\a0h7s1d5 \Device\Scsi\a0h7s1d51 IRP_MJ_DEVICE_CONTROL 863E8388
    Device \Driver\a0h7s1d5 \Device\Scsi\a0h7s1d51 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AF3D60] sfsync02.sys
    Device \Driver\a0h7s1d5 \Device\Scsi\a0h7s1d51 IRP_MJ_POWER 863E8388
    Device \Driver\a0h7s1d5 \Device\Scsi\a0h7s1d51 IRP_MJ_SYSTEM_CONTROL 863E8388
    Device \Driver\a0h7s1d5 \Device\Scsi\a0h7s1d51 IRP_MJ_PNP 863E8388
    Device \Driver\a0h7s1d5 \Device\Scsi\a0h7s1d51Port4Path0Target0Lun0 IRP_MJ_CREATE 863E8388
    Device \Driver\a0h7s1d5 \Device\Scsi\a0h7s1d51Port4Path0Target0Lun0 IRP_MJ_CLOSE 863E8388
    Device \Driver\a0h7s1d5 \Device\Scsi\a0h7s1d51Port4Path0Target0Lun0 IRP_MJ_DEVICE_CONTROL 863E8388
    Device \Driver\a0h7s1d5 \Device\Scsi\a0h7s1d51Port4Path0Target0Lun0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F7AF3D60] sfsync02.sys
    Device \Driver\a0h7s1d5 \Device\Scsi\a0h7s1d51Port4Path0Target0Lun0 IRP_MJ_POWER 863E8388
    Device \Driver\a0h7s1d5 \Device\Scsi\a0h7s1d51Port4Path0Target0Lun0 IRP_MJ_SYSTEM_CONTROL 863E8388
    Device \Driver\a0h7s1d5 \Device\Scsi\a0h7s1d51Port4Path0Target0Lun0 IRP_MJ_PNP 863E8388
    Device \FileSystem\Fastfat \Fat IRP_MJ_CREATE
    Device \FileSystem\Fastfat \Fat IRP_MJ_CLOSE
    Device \FileSystem\Fastfat \Fat IRP_MJ_READ
    Device \FileSystem\Fastfat \Fat IRP_MJ_WRITE
    Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_INFORMATION
    Device \FileSystem\Fastfat \Fat IRP_MJ_SET_INFORMATION
    Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_EA
    Device \FileSystem\Fastfat \Fat IRP_MJ_SET_EA
    Device \FileSystem\Fastfat \Fat IRP_MJ_FLUSH_BUFFERS
    Device \FileSystem\Fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION
    Device \FileSystem\Fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION
    Device \FileSystem\Fastfat \Fat IRP_MJ_DIRECTORY_CONTROL
    Device \FileSystem\Fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL
    Device \FileSystem\Fastfat \Fat IRP_MJ_DEVICE_CONTROL
    Device \FileSystem\Fastfat \Fat IRP_MJ_SHUTDOWN
    Device \FileSystem\Fastfat \Fat IRP_MJ_LOCK_CONTROL
    Device \FileSystem\Fastfat \Fat IRP_MJ_CLEANUP
    Device \FileSystem\Fastfat \Fat IRP_MJ_PNP
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_CREATE 862F0980
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLOSE 862F0980
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_READ 862F0980
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_INFORMATION 862F0980
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_SET_INFORMATION 862F0980
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_QUERY_VOLUME_INFORMATION 862F0980
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_DIRECTORY_CONTROL 862F0980
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_FILE_SYSTEM_CONTROL 862F0980
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_DEVICE_CONTROL 862F0980
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_SHUTDOWN 862F0980
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_LOCK_CONTROL 862F0980
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_CLEANUP 862F0980
    Device \FileSystem\Cdfs \Cdfs IRP_MJ_PNP 862F0980

    ---- Registry - GMER 1.0.12 ----

    Reg \Registry\MACHINE\SOFTWARE\Microsoft\Windows\
    CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 4D81B8F7A7BC148B260F2AADF4EE751A1ACED45172311B84421E
    10956B742CF6C3919D399B34BF1AE89D2C80ADE487900BD4A84F
    137CC997522CDABB2582A725425CDCC39FB2B6A595C7D2885FA
    CEABBE7F683A0F8BACB1EB8A1B26F1DA4FEF52FCC569BCC8B1F
    5C40EF1388E0E36ADB13329068D7F3318A42B595558168A5ADE
    5727D8570F57272F11E7507BA8924B360270C8E188F5D4FB1411
    6D6B942E510B300D98C0B8DFE1DA47E954F2E830B0B999AC7C0D
    3DB0967BCC2FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127
    BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BEC
    C74C8EDD5E5BE2F6E667A9C6AECB7A5D1407A6171C11EC38DE3
    D9DB7CE019D40AA5C2DCF1A3036966FBBD25191C3200D6F8FE17
    7CC959146EC2B29DD6481F4EF974FEEFEF034DD88BF2C4BBA622
    886F3162242F8A2B7902233A6B6598AC226C5F62A28EC25DEDC
    1DB58E4608459BEDC333BB51226A51411EF0B0C741F50948CC4
    531EB7A2CEA1DB2D1820CFC8C43878D3533ACB7F490399D9F76
    72FD14ACF1D62A8D63D0B27A5FAC87477BA3C12955E6FB8008C
    1C60861852F4ADA3987E813BBC18C4BD91590B3F341C005C52
    0BA3267DFC3A88D172F743F02253EDFA35D6D561C9BF3C5671
    60374DB7AAD75164AC62B2ABCE9ACD3DD06B970A0EA24738C
    16843DD0C006EED6061DA8208F05470B16D3975339751E55F8E
    Reg \Registry\USER\S-1-5-21-343818398-1960408961-682003330-
    1004\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x17 0x20 0x86 0x69 ...
    Reg \Registry\USER\S-1-5-21-343818398-1960408961-682003330-
    1004\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x09 0x22 0x3D 0xA6 ...

    ---- Files - GMER 1.0.12 ----

    ADS C:\Program Files\ATI Technologies\ATI.ACE\skins\CATALYST_Quicksilver\CATALYST_
    Quicksilver.uis_Scrollbar:Smaller.WB4
    ADS C:\WINDOWS\system32:lzx32.sys

    ---- EOF - GMER 1.0.12 ----


    Dois-je m'alarmer ?
    Tom's guide dans le monde
    • Allemagne
    • Italie
    • Irlande
    • Royaume Uni
    • Etats Unis
    Suivre Tom's Guide
    Inscrivez-vous à la Newsletter
    • ajouter à twitter
    • ajouter à facebook
    • ajouter un flux RSS